fix: update packages

[Moiz47]

Summary

package update

Summary by CodeRabbit

• Chores
  • Updated several underlying verification and W3C-related dependencies to newer minor releases.
  • Aligns with upstream improvements and maintenance to improve compatibility and reliability of verification processes.
  • No UI changes; workflows remain the same. If you observe unexpected verification behavior, please report it.

[coderabbitai]

Walkthrough

Bumps several package.json dependency versions for TrustVC and TradeTrust-related packages: @tradetrust-tt/tt-verify, @trustvc/w3c, @trustvc/w3c-context, @trustvc/w3c-credential-status, @trustvc/w3c-issuer, and @trustvc/w3c-vc. No source files or exported/public declarations changed.

Changes

Cohort / File(s)	Summary
Dependency updates package.json	Updated dependencies: @tradetrust-tt/tt-verify ^9.5.1 → ^9.6.0; @trustvc/w3c ^1.3.0-alpha.10 → ^1.3.0-alpha.11; @trustvc/w3c-context ^1.3.0-alpha.8 → ^1.3.0-alpha.10; @trustvc/w3c-credential-status ^1.3.0-alpha.8 → ^1.3.0-alpha.10; @trustvc/w3c-issuer ^1.3.0-alpha.6 → ^1.3.0-alpha.8; @trustvc/w3c-vc ^1.3.0-alpha.9 → ^1.3.0-alpha.11.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix: upgrade package #108 — Also upgrades TrustVC W3C packages (same package family/version bumps).
• fix: upgrade packages #88 — Related dependency bump for @tradetrust-tt/tt-verify.
• fix: w3c version upgrade #107 — Also updates @trustvc/w3c-vc version.

Suggested labels

released

Suggested reviewers

• RishabhS7

Pre-merge checks (1 passed, 1 warning, 1 inconclusive)

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description only includes a one-line summary and omits both the required “Changes” section outlining each dependency bump and the “Issues” section linking any related work, so it does not adhere to the repository’s PR template.	Update the description to include a “Changes” section listing each package and version update and an “Issues” section that references any related ticket or story, following the structure defined in the project’s PR description template.
Title Check	❓ Inconclusive	The current title “fix: update packages” does reference the dependency updates in the pull request but is overly generic and does not specify which packages or versions were changed, making it difficult for reviewers to grasp the scope at a glance.	Please revise the title to follow a more descriptive convention, for example “chore: bump @tradetrust-tt/tt-verify and W3C packages to v9.6.0 and alpha.11,” so that the primary change is clear without inspecting the diff.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

I hop through package.json with glee,
Nudging numbers—one, two, three.
Small bumps, neat carrots in a row,
Build bell rings, off we go! 🐰✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/update-package-version

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

package.json (2)

124-129: Consider stabilizing pre-release ranges.

Using caret with pre-release tags can float to newer alphas unexpectedly. If you want tighter control, use ~ or pin exact.

Example:

-    "@trustvc/w3c": "^1.3.0-alpha.11",
-    "@trustvc/w3c-context": "^1.3.0-alpha.10",
-    "@trustvc/w3c-credential-status": "^1.3.0-alpha.10",
-    "@trustvc/w3c-issuer": "^1.3.0-alpha.8",
-    "@trustvc/w3c-vc": "^1.3.0-alpha.11",
+    "@trustvc/w3c": "~1.3.0-alpha.11",
+    "@trustvc/w3c-context": "~1.3.0-alpha.10",
+    "@trustvc/w3c-credential-status": "~1.3.0-alpha.10",
+    "@trustvc/w3c-issuer": "~1.3.0-alpha.8",
+    "@trustvc/w3c-vc": "~1.3.0-alpha.11",

Or pin exact and rely on Renovate/Dependabot.

---

124-129: Optional: keep the w3c suite on a single train.

If these packages have peer/close coupling, aligning to the same alpha tag reduces mismatch risk. Only if upstream maintains them in lockstep.

Would you like me to check upstream release notes and propose a synchronized set?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 102eda3 and 6b6d178.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Linters / Code Lint (20.x)
• GitHub Check: Linters / Commit Lint
• GitHub Check: Tests / Test Build (18.x)
• GitHub Check: Tests / Test Build (20.x)
• GitHub Check: Linters / Code Lint (18.x)
• GitHub Check: Tests / Run Tests (18.x)
• GitHub Check: Tests / Run Tests (20.x)
• GitHub Check: ESLint Review

🔇 Additional comments (2)

package.json (2)

124-129: LGTM on scoped version bumps.

Bumps are limited to TrustVC/TradeTrust packages; no code changes. Good incremental update.

---

124-129: Verify cross-package compatibility and lockfile.

These w3c packages often carry peer/implicit coupling. Please validate and commit the updated lockfile.

Run:

#!/bin/bash
set -euo pipefail

# Ensure clean install and lockfile update
npm ci --ignore-scripts || true
npm install

# Show resolved versions
npm ls @tradetrust-tt/tt-verify @trustvc/w3c @trustvc/w3c-context @trustvc/w3c-credential-status @trustvc/w3c-issuer @trustvc/w3c-vc || true

# Inspect peer deps published by each package (looks for strict pinning)
for p in @trustvc/w3c @trustvc/w3c-context @trustvc/w3c-credential-status @trustvc/w3c-issuer @trustvc/w3c-vc; do
  echo "----- $p peerDependencies -----"
  npm view "$p@latest" peerDependencies --json || true
done

# Basic safety checks
npm audit --omit=dev || true

# Quick sanity on types/build/tests
npm run type-check
npm run build
npm test

[tradetrustimda]

🎉 This PR is included in version 2.0.7 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀