MERGE: release production 03-12-2026#507
Merged
pedroanastacio merged 403 commits intomainfrom Mar 12, 2026
Merged
Conversation
…ridge-assets Cr/fix/limitation options bridge assets
…for legacy predicate handling
fix(predicate-service): correct logic in checkOlderPredicateVersions for legacy predicate handling
…-version CHORE: update bakosafe sdk version
…istUserTransactionsRequest type
…transaction pagination
…sed-on-versions FIX: adjusts vault creation based on versions
…tructure and add tests for allocation retrieval
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ndpoints FEAT: add health checks endpoints
Bumps [ts-node-dev](https://github.com/whitecolor/ts-node-dev) from 1.1.6 to 2.0.0. - [Release notes](https://github.com/whitecolor/ts-node-dev/releases) - [Changelog](https://github.com/wclr/ts-node-dev/blob/master/CHANGELOG.md) - [Commits](wclr/ts-node-dev@v1.1.6...v2.0.0) --- updated-dependencies: - dependency-name: ts-node-dev dependency-version: 2.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) and [@types/jsonwebtoken](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jsonwebtoken). These dependencies needed to be updated together. Updates `jsonwebtoken` from 9.0.1 to 9.0.3 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v9.0.1...v9.0.3) Updates `@types/jsonwebtoken` from 9.0.2 to 9.0.10 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jsonwebtoken) --- updated-dependencies: - dependency-name: jsonwebtoken dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: "@types/jsonwebtoken" dependency-version: 9.0.10 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ging/ts-node-dev-2.0.0 chore(deps-dev): bump ts-node-dev from 1.1.6 to 2.0.0
Bumps [tsx](https://github.com/privatenumber/tsx) from 4.19.3 to 4.21.0. - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.19.3...v4.21.0) --- updated-dependencies: - dependency-name: tsx dependency-version: 4.21.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ging/multi-b6a4cd569b chore(deps): bump jsonwebtoken and @types/jsonwebtoken
…ging/tsx-4.21.0 chore(deps-dev): bump tsx from 4.19.3 to 4.21.0
Pino 10.x dropped Node.js 18 support, requiring Node.js >= 20. Update all production Dockerfiles to Node.js 22 to unblock the pino upgrade in PR #480. - packages/api/Dockerfile: node:18-bookworm → node:22-bookworm, node:18-alpine → node:22-alpine - packages/socket-server/Dockerfile: arm64v8/node:18.18.2-alpine → arm64v8/node:22-alpine - packages/worker/Dockerfile: node:18-bookworm → node:22-bookworm, node:18-alpine → node:22-alpine Closes #482
Add a docker-build matrix job that builds Dockerfiles for api, socket-server, and worker packages. Uses QEMU + buildx for cross-platform builds (socket-server targets ARM64). Also expand push path triggers to include socket-server and worker.
chore: upgrade Node.js from 18 to 22 in production Dockerfiles
Replace arm64v8/node:22-alpine with node:22-alpine (multi-arch). Both resolve to the same ARM64 image digest on ECS, but the multi-arch tag also works on x86_64 CI runners without QEMU.
Align socket-server Dockerfile with api and worker patterns: - Stage 1 (bookworm): install deps + build - Stage 2 (alpine): production deps + built output only Results in a smaller production image by excluding build tooling.
…-image fix: use multi-arch node:22-alpine for socket-server
Replace 3 separate staging workflows (api, socket-server, worker) with a single deploy-staging.yml using dorny/paths-filter for conditional deploys. Remove staging branch from aws-deploy-api.yml.
…-upgrade ci: unify staging deploys into single workflow with change detection
MERGE: fix conflicts with main
Bumps [@opentelemetry/exporter-trace-otlp-proto](https://github.com/open-telemetry/opentelemetry-js) from 0.201.1 to 0.212.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js@experimental/v0.201.1...experimental/v0.212.0) --- updated-dependencies: - dependency-name: "@opentelemetry/exporter-trace-otlp-proto" dependency-version: 0.212.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ging/opentelemetry/exporter-trace-otlp-proto-0.212.0 chore(deps): bump @opentelemetry/exporter-trace-otlp-proto from 0.201.1 to 0.212.0
guimroque
reviewed
Mar 12, 2026
Member
guimroque
left a comment
guimroque
left a comment
There was a problem hiding this comment.
🚀 Production Promotion Checklist
This PR is being merged to main. Please verify the items below:
🔒 Security
- No secrets/credentials exposed in code
- No staging/development URLs hardcoded
- No debug flags enabled
✅ Quality
- Build passed on staging
- Tests passed on staging
- Code was reviewed on staging
🔄 Integrity
✅ Branch main is synchronized
📦 Changes Included
43 PR(s) being promoted:
| PR | Author | Issues |
|---|---|---|
| #415 Cr/fix/limitation options bridge assets | @CaioCesarRocha | - |
| #416 fix(predicate-service): correct logic in checkOlderPredicateVersions for legacy predicate handling | @ArthurCorbellini | - |
| #414 CHORE: update bakosafe sdk version | @pedroanastacio | - |
| #419 FIX: adjusts vault creation based on versions | @pedroanastacio | - |
| #420 balance allocation | @Vitosoaresp | - |
| #418 User transactions | @Vitosoaresp | - |
| #421 FIX: create compatible predicate versions only to evm users | @pedroanastacio | - |
| #422 FIX: vaults without predicate version | @ArthurCorbellini | - |
| #423 FEAT: delete transaction if not signed with evm or social connectors | @pedroanastacio | - |
| #424 FIX: prevent lost events by ensuring emit waits for connection and adds timeout fallback | @pedroanastacio | - |
| #425 FEAT: returns balance per vault | @pedroanastacio | - |
| #426 FIX: count of pending transactions also considers transactions from vaults of which the user is a member | @pedroanastacio | - |
| #427 FIX: calculate allocation of active predicates | @pedroanastacio | - |
| #428 FIX: invalidates cache of all predicates involved in a transaction | @pedroanastacio | - |
| #430 FIX: emit socket events via api | @pedroanastacio | - |
| #431 CHORE: updates bakosafe sdk version | @pedroanastacio | - |
| #432 FIX: add error handling when sending successful transaction emails | @pedroanastacio | - |
| #434 FIX: adds error handler and retry to connection state request | @pedroanastacio | - |
| #437 fix: update transaction and balance cache when balance changes are detected | @pedroanastacio | - |
| #439 FIX: validate duplicate vaults | @GabrielTozatti | - |
| #441 fix: test errors | @pedroanastacio | - |
| #440 FEAT: configure logger | @pedroanastacio | - |
| #438 CHORE: rename default predicate to Personal Account | @GabrielTozatti | - |
| #445 fix: send tx to chain stg | @pedroanastacio | - |
| #446 FEAT: add error status test to predicate find by address endpoint | @pedroanastacio | - |
| #449 chore(dapp): add logs to dapp connect | @pedroanastacio | - |
| #450 FIX: add timeout to disconnect socket after emit event | @pedroanastacio | - |
| #448 Staging docs review | @guimroque | - |
| #451 fix(deploy): fix worker deploy and patch axios vulnerability | @guimroque | #209, #5 |
| #452 CHORE: remove socket dev command | @pedroanastacio | - |
| #453 TEST: add logs to debug connect | @pedroanastacio | - |
| #454 FIX: avoid socket disconnect before emit event | @pedroanastacio | - |
| #455 CHORE: execute postbuild command when building prod | @pedroanastacio | - |
| #456 FIX: send create predicate email | @pedroanastacio | - |
| #457 FEAT: add health checks endpoints | @pedroanastacio | - |
| #473 chore(deps-dev): bump ts-node-dev from 1.1.6 to 2.0.0 | @dependabot[bot] | #275 |
| #478 chore(deps): bump jsonwebtoken and @types/jsonwebtoken | @dependabot[bot] | #921, #878, #1007, #935, #933, #932 |
| #479 chore(deps-dev): bump tsx from 4.19.3 to 4.21.0 | @dependabot[bot] | #748, #741 |
| #483 chore: upgrade Node.js from 18 to 22 in production Dockerfiles | @guimroque | closes #482, #480 |
| #484 fix: use multi-arch node:22-alpine for socket-server | @guimroque | #482 |
| #485 ci: unify staging deploys into single workflow with change detection | @guimroque | - |
| #486 MERGE: fix conflicts with main | @pedroanastacio | - |
| #496 chore(deps): bump @opentelemetry/exporter-trace-otlp-proto from 0.201.1 to 0.212.0 | @dependabot[bot] | #6325, #6400, #6305, #6304, #6344, #6399, #6243, #6330, #6348, #6353, #6287, #6317, #6322, #6310, #6210, #5765, #6271, #6402, #6405, #6397, #6398, #6366, #6388, #6364 |
Issues resolved by this promotion:
- #209 (via PR #451)
- #5 (via PR #451)
- #275 (via PR #473)
- #921 (via PR #478)
- #878 (via PR #478)
- #1007 (via PR #478)
- #935 (via PR #478)
- #933 (via PR #478)
- #932 (via PR #478)
- #748 (via PR #479)
- #741 (via PR #479)
- #482 (via PR #483, PR #484)
- #480 (via PR #483)
- #6325 (via PR #496)
- #6400 (via PR #496)
- #6305 (via PR #496)
- #6304 (via PR #496)
- #6344 (via PR #496)
- #6399 (via PR #496)
- #6243 (via PR #496)
- #6330 (via PR #496)
- #6348 (via PR #496)
- #6353 (via PR #496)
- #6287 (via PR #496)
- #6317 (via PR #496)
- #6322 (via PR #496)
- #6310 (via PR #496)
- #6210 (via PR #496)
- #5765 (via PR #496)
- #6271 (via PR #496)
- #6402 (via PR #496)
- #6405 (via PR #496)
- #6397 (via PR #496)
- #6398 (via PR #496)
- #6366 (via PR #496)
- #6388 (via PR #496)
- #6364 (via PR #496)
⚠️ Issues Found
🟡 Warnings (manual review)
- Test domain:
.testem.github/workflows/ci.yml:248 - Test domain:
.testem.github/workflows/ci.yml:249 - Sandbox URL:
sandbox.empackages/api/.env.test:60 - Sandbox URL:
sandbox.empackages/api/.env.test:63 - Local domain:
.localempackages/api/Dockerfile:16 - Local domain:
.localempackages/api/Dockerfile:37 - Console statement:
console.log(empackages/api/src/database/migrations/1764104869733-add-performance-indexes.ts:24 - Console statement:
console.log(empackages/api/src/database/migrations/1764104869733-add-performance-indexes.ts:36 - Console statement:
console.log(empackages/api/src/database/migrations/1764177686000-add-pending-transactions-indexes.ts:34 - Console statement:
console.log(empackages/api/src/database/migrations/1764177686000-add-pending-transactions-indexes.ts:44 - Console statement:
console.log(empackages/api/src/database/migrations/1764200000000-add-additional-performance-indexes.ts:45 - Console statement:
console.log(empackages/api/src/database/migrations/1764200000000-add-additional-performance-indexes.ts:57 - Console statement:
console.log(empackages/api/src/modules/predicate/services.ts:539 - Console statement:
console.log(empackages/api/src/modules/predicate/services.ts:540
guimroque
approved these changes
Mar 12, 2026
Member
guimroque
left a comment
guimroque
left a comment
There was a problem hiding this comment.
✅ Validation passed. PR approved for merge to main.
…rabilities FIX: fix high vulnerabilities
P2/merge/security audit stg
pedroanastacio
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description