diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..6036e354a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.x.x   | :white_check_mark: |
+| 2.x.x   | :x:                |
+| < 2.0.0 | :x:                |
+
+## Reporting a Vulnerability
+
+We take all security vulnerabilities seriously. To report a security vulnerability, please send an email with the details to [security@sequence.xyz](mailto:security@sequence.xyz).
+
+You can expect a response from our team within 48 hours to acknowledge receipt of your report. If the vulnerability is accepted, we will work with you to coordinate a release and public disclosure. We appreciate your efforts to responsibly disclose your findings.
diff --git a/packages/wallet/dapp-client/package.json b/packages/wallet/dapp-client/package.json
index c48f42aea..b10524e42 100644
--- a/packages/wallet/dapp-client/package.json
+++ b/packages/wallet/dapp-client/package.json
@@ -25,7 +25,7 @@
     "@vitest/coverage-v8": "^3.2.4",
     "dotenv": "^16.5.0",
     "fake-indexeddb": "^6.0.1",
-    "happy-dom": "^17.2.2",
+    "happy-dom": "^20.0.2",
     "typescript": "^5.8.3",
     "vitest": "^3.2.1"
   },
diff --git a/packages/wallet/wdk/package.json b/packages/wallet/wdk/package.json
index 5b786b0fe..05e0a9171 100644
--- a/packages/wallet/wdk/package.json
+++ b/packages/wallet/wdk/package.json
@@ -27,7 +27,7 @@
     "@vitest/coverage-v8": "^3.2.4",
     "dotenv": "^16.5.0",
     "fake-indexeddb": "^6.0.1",
-    "happy-dom": "^17.2.2",
+    "happy-dom": "^20.0.2",
     "typescript": "^5.8.3",
     "vitest": "^3.2.1"
   },
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 494683100..450d5be82 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -136,7 +136,7 @@ importers:
         version: 5.8.3
       vitest:
         specifier: ^3.2.1
-        version: 3.2.4(@types/node@22.16.5)(happy-dom@17.6.3)
+        version: 3.2.4(@types/node@22.16.5)(happy-dom@20.0.2)
 
   packages/services/identity-instrument:
     dependencies:
@@ -161,7 +161,7 @@ importers:
         version: 5.8.3
       vitest:
         specifier: ^3.2.1
-        version: 3.2.4(@types/node@22.16.5)(happy-dom@17.6.3)
+        version: 3.2.4(@types/node@22.16.5)(happy-dom@20.0.2)
 
   packages/services/indexer:
     devDependencies:
@@ -252,7 +252,7 @@ importers:
         version: 22.16.5
       '@vitest/coverage-v8':
         specifier: ^3.2.4
-        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@17.6.3))
+        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@20.0.2))
       dotenv:
         specifier: ^16.5.0
         version: 16.6.1
@@ -264,7 +264,7 @@ importers:
         version: 5.8.3
       vitest:
         specifier: ^3.2.1
-        version: 3.2.4(@types/node@22.16.5)(happy-dom@17.6.3)
+        version: 3.2.4(@types/node@22.16.5)(happy-dom@20.0.2)
 
   packages/wallet/dapp-client:
     dependencies:
@@ -289,7 +289,7 @@ importers:
         version: 22.16.5
       '@vitest/coverage-v8':
         specifier: ^3.2.4
-        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@17.6.3))
+        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@20.0.2))
       dotenv:
         specifier: ^16.5.0
         version: 16.6.1
@@ -297,14 +297,14 @@ importers:
         specifier: ^6.0.1
         version: 6.0.1
       happy-dom:
-        specifier: ^17.2.2
-        version: 17.6.3
+        specifier: ^20.0.2
+        version: 20.0.2
       typescript:
         specifier: ^5.8.3
         version: 5.8.3
       vitest:
         specifier: ^3.2.1
-        version: 3.2.4(@types/node@22.16.5)(happy-dom@17.6.3)
+        version: 3.2.4(@types/node@22.16.5)(happy-dom@20.0.2)
 
   packages/wallet/primitives:
     dependencies:
@@ -317,13 +317,13 @@ importers:
         version: link:../../../repo/typescript-config
       '@vitest/coverage-v8':
         specifier: ^3.2.4
-        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@17.6.3))
+        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@20.0.2))
       typescript:
         specifier: ^5.8.3
         version: 5.8.3
       vitest:
         specifier: ^3.2.1
-        version: 3.2.4(@types/node@22.16.5)(happy-dom@17.6.3)
+        version: 3.2.4(@types/node@22.16.5)(happy-dom@20.0.2)
 
   packages/wallet/primitives-cli:
     dependencies:
@@ -400,7 +400,7 @@ importers:
         version: 22.16.5
       '@vitest/coverage-v8':
         specifier: ^3.2.4
-        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@17.6.3))
+        version: 3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@20.0.2))
       dotenv:
         specifier: ^16.5.0
         version: 16.6.1
@@ -408,14 +408,14 @@ importers:
         specifier: ^6.0.1
         version: 6.0.1
       happy-dom:
-        specifier: ^17.2.2
-        version: 17.6.3
+        specifier: ^20.0.2
+        version: 20.0.2
       typescript:
         specifier: ^5.8.3
         version: 5.8.3
       vitest:
         specifier: ^3.2.1
-        version: 3.2.4(@types/node@22.16.5)(happy-dom@17.6.3)
+        version: 3.2.4(@types/node@22.16.5)(happy-dom@20.0.2)
 
   repo/eslint-config:
     devDependencies:
@@ -1213,6 +1213,9 @@ packages:
   '@types/node@12.20.55':
     resolution: {integrity: sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ==}
 
+  '@types/node@20.19.21':
+    resolution: {integrity: sha512-CsGG2P3I5y48RPMfprQGfy4JPRZ6csfC3ltBZSRItG3ngggmNY/qs2uZKp4p9VbrpqNNSMzUZNFZKzgOGnd/VA==}
+
   '@types/node@20.19.9':
     resolution: {integrity: sha512-cuVNgarYWZqxRJDQHEB58GEONhOK79QVR/qYx4S7kcUObQvUwvFnYxJuuHUKm2aieN9X3yZB4LZsuYNU1Qphsw==}
 
@@ -1240,6 +1243,9 @@ packages:
   '@types/tinycolor2@1.4.6':
     resolution: {integrity: sha512-iEN8J0BoMnsWBqjVbWH/c0G0Hh7O21lpR2/+PrvAVgWdzL7eexIFm4JN/Wn10PTcmNdtS6U67r499mlWMXOxNw==}
 
+  '@types/whatwg-mimetype@3.0.2':
+    resolution: {integrity: sha512-c2AKvDT8ToxLIOUlN51gTiHXflsfIFisS4pO7pDPoKouJCESkhZnEy623gwP9laCy5lnLDAw1vAzu2vM2YLOrA==}
+
   '@types/yargs-parser@21.0.3':
     resolution: {integrity: sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==}
 
@@ -2086,8 +2092,8 @@ packages:
     engines: {node: '>=0.4.7'}
     hasBin: true
 
-  happy-dom@17.6.3:
-    resolution: {integrity: sha512-UVIHeVhxmxedbWPCfgS55Jg2rDfwf2BCKeylcPSqazLz5w3Kri7Q4xdBJubsr/+VUzFLh0VjIvh13RaDA2/Xug==}
+  happy-dom@20.0.2:
+    resolution: {integrity: sha512-pYOyu624+6HDbY+qkjILpQGnpvZOusItCk+rvF5/V+6NkcgTKnbOldpIy22tBnxoaLtlM9nXgoqAcW29/B7CIw==}
     engines: {node: '>=20.0.0'}
 
   has-bigints@1.1.0:
@@ -3535,10 +3541,6 @@ packages:
   wcwidth@1.0.1:
     resolution: {integrity: sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==}
 
-  webidl-conversions@7.0.0:
-    resolution: {integrity: sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==}
-    engines: {node: '>=12'}
-
   whatwg-mimetype@3.0.0:
     resolution: {integrity: sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==}
     engines: {node: '>=12'}
@@ -4275,7 +4277,7 @@ snapshots:
   '@types/glob@7.2.0':
     dependencies:
       '@types/minimatch': 6.0.0
-      '@types/node': 20.19.9
+      '@types/node': 22.16.5
 
   '@types/inquirer@6.5.0':
     dependencies:
@@ -4290,6 +4292,10 @@ snapshots:
 
   '@types/node@12.20.55': {}
 
+  '@types/node@20.19.21':
+    dependencies:
+      undici-types: 6.21.0
+
   '@types/node@20.19.9':
     dependencies:
       undici-types: 6.21.0
@@ -4320,10 +4326,12 @@ snapshots:
 
   '@types/through@0.0.33':
     dependencies:
-      '@types/node': 20.19.9
+      '@types/node': 22.16.5
 
   '@types/tinycolor2@1.4.6': {}
 
+  '@types/whatwg-mimetype@3.0.2': {}
+
   '@types/yargs-parser@21.0.3': {}
 
   '@types/yargs@17.0.33':
@@ -4423,7 +4431,7 @@ snapshots:
       '@typescript-eslint/types': 8.38.0
       eslint-visitor-keys: 4.2.1
 
-  '@vitest/coverage-v8@3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@17.6.3))':
+  '@vitest/coverage-v8@3.2.4(vitest@3.2.4(@types/node@22.16.5)(happy-dom@20.0.2))':
     dependencies:
       '@ampproject/remapping': 2.3.0
       '@bcoe/v8-coverage': 1.0.2
@@ -4438,7 +4446,7 @@ snapshots:
       std-env: 3.9.0
       test-exclude: 7.0.1
       tinyrainbow: 2.0.0
-      vitest: 3.2.4(@types/node@22.16.5)(happy-dom@17.6.3)
+      vitest: 3.2.4(@types/node@22.16.5)(happy-dom@20.0.2)
     transitivePeerDependencies:
       - supports-color
 
@@ -5440,9 +5448,10 @@ snapshots:
     optionalDependencies:
       uglify-js: 3.19.3
 
-  happy-dom@17.6.3:
+  happy-dom@20.0.2:
     dependencies:
-      webidl-conversions: 7.0.0
+      '@types/node': 20.19.21
+      '@types/whatwg-mimetype': 3.0.2
       whatwg-mimetype: 3.0.0
 
   has-bigints@1.1.0: {}
@@ -6967,7 +6976,7 @@ snapshots:
       '@types/node': 22.16.5
       fsevents: 2.3.3
 
-  vitest@3.2.4(@types/node@22.16.5)(happy-dom@17.6.3):
+  vitest@3.2.4(@types/node@22.16.5)(happy-dom@20.0.2):
     dependencies:
       '@types/chai': 5.2.2
       '@vitest/expect': 3.2.4
@@ -6994,7 +7003,7 @@ snapshots:
       why-is-node-running: 2.3.0
     optionalDependencies:
       '@types/node': 22.16.5
-      happy-dom: 17.6.3
+      happy-dom: 20.0.2
     transitivePeerDependencies:
       - jiti
       - less
@@ -7013,8 +7022,6 @@ snapshots:
     dependencies:
       defaults: 1.0.4
 
-  webidl-conversions@7.0.0: {}
-
   whatwg-mimetype@3.0.0: {}
 
   which-boxed-primitive@1.1.1: