Skip to content

CCM-11961: Dependabot Upgrades #1001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ScottFullerton-NHSE merged 26 commits into from
Sep 22, 2025
Merged

CCM-11961: Dependabot Upgrades #1001

ScottFullerton-NHSE merged 26 commits into from
Sep 22, 2025

Conversation

@ScottFullerton-NHSE
Copy link
Contributor

@ScottFullerton-NHSE ScottFullerton-NHSE commented Sep 16, 2025
edited
Loading

Summary

Security Alerts:

Most of the remaining security alerts require a Python Upgrade which is in progress, but has been put on the backlog for sometime now.

Dependency Upgrades:

Reviews Required

  • Dev
  • Test
  • Tech Author
  • Product Owner

Checklist

  • Brief description of work completed, and any technical decisions made as part of the PR
  • PR link added as a comment to the relevant JIRA ticket
  • PR link shared on Slack and/or Teams
  • 2 reviews received
  • Tester approval

dependabot bot and others added 13 commits January 20, 2025 05:59
@dependabot
Bump sphinx-markdown-builder from 0.6.7 to 0.6.8
f7164a8 
Bumps [sphinx-markdown-builder](https://github.com/liran-funaro/sphinx-markdown-builder) from 0.6.7 to 0.6.8.
- [Commits](liran-funaro/sphinx-markdown-builder@0.6.7...0.6.8)

---
updated-dependencies:
- dependency-name: sphinx-markdown-builder
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump pytest-asyncio from 0.20.3 to 0.24.0
349aa78 
Bumps [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) from 0.20.3 to 0.24.0.
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v0.20.3...v0.24.0)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump notifications-python-client from 9.1.0 to 10.0.1
a2e28d5 
Bumps [notifications-python-client](https://github.com/alphagov/notifications-python-client) from 9.1.0 to 10.0.1.
- [Changelog](https://github.com/alphagov/notifications-python-client/blob/main/CHANGELOG.md)
- [Commits](alphagov/notifications-python-client@9.1.0...10.0.1)

---
updated-dependencies:
- dependency-name: notifications-python-client
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump semver from 3.0.2 to 3.0.4
5a8be76 
Bumps [semver](https://github.com/python-semver/python-semver) from 3.0.2 to 3.0.4.
- [Release notes](https://github.com/python-semver/python-semver/releases)
- [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst)
- [Commits](python-semver/python-semver@3.0.2...3.0.4)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump pytest from 8.3.4 to 8.3.5
e6976ac 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.4 to 8.3.5.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.3.4...8.3.5)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump the npm_and_yarn group with 4 updates
f799136 
Bumps the npm_and_yarn group with 4 updates: [form-data](https://github.com/form-data/form-data), [@redocly/cli](https://github.com/Redocly/redocly-cli), [jose](https://github.com/panva/jose) and [newman](https://github.com/postmanlabs/newman).


Updates `form-data` from 4.0.0 to 4.0.4
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.0...v4.0.4)

Updates `@redocly/cli` from 1.34.4 to 1.34.5
- [Release notes](https://github.com/Redocly/redocly-cli/releases)
- [Changelog](https://github.com/Redocly/redocly-cli/blob/@redocly/cli@1.34.5/docs/changelog.md)
- [Commits](https://github.com/Redocly/redocly-cli/compare/@redocly/cli@1.34.4...@redocly/cli@1.34.5)

Updates `jose` from 4.14.4 to 5.6.3
- [Release notes](https://github.com/panva/jose/releases)
- [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md)
- [Commits](panva/jose@v4.14.4...v5.6.3)

Updates `newman` from 6.1.3 to 6.2.0
- [Changelog](https://github.com/postmanlabs/newman/blob/develop/CHANGELOG.yaml)
- [Commits](postmanlabs/newman@v6.1.3...v6.2.0)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@redocly/cli"
  dependency-version: 1.34.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: jose
  dependency-version: 5.6.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: newman
  dependency-version: 6.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump nodemon from 3.1.9 to 3.1.10 in /sandbox
f24e237 
Bumps [nodemon](https://github.com/remy/nodemon) from 3.1.9 to 3.1.10.
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](remy/nodemon@v3.1.9...v3.1.10)

---
updated-dependencies:
- dependency-name: nodemon
  dependency-version: 3.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump express from 5.0.1 to 5.1.0 in /sandbox
c6a6c43 
Bumps [express](https://github.com/expressjs/express) from 5.0.1 to 5.1.0.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v5.0.1...v5.1.0)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump eslint-plugin-unicorn from 45.0.2 to 56.0.1
cd11f5d 
Bumps [eslint-plugin-unicorn](https://github.com/sindresorhus/eslint-plugin-unicorn) from 45.0.2 to 56.0.1.
- [Release notes](https://github.com/sindresorhus/eslint-plugin-unicorn/releases)
- [Commits](sindresorhus/eslint-plugin-unicorn@v45.0.2...v56.0.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-unicorn
  dependency-version: 56.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump eslint-plugin-workspaces from 0.7.0 to 0.11.0
b42ba26 
Bumps [eslint-plugin-workspaces](https://github.com/joshuajaco/eslint-plugin-workspaces) from 0.7.0 to 0.11.0.
- [Release notes](https://github.com/joshuajaco/eslint-plugin-workspaces/releases)
- [Changelog](https://github.com/joshuajaco/eslint-plugin-workspaces/blob/main/CHANGELOG.md)
- [Commits](joshuajaco/eslint-plugin-workspaces@v0.7.0...v0.11.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-workspaces
  dependency-version: 0.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump mocha from 10.7.3 to 11.7.2 in /sandbox
6bdbdcb 
Bumps [mocha](https://github.com/mochajs/mocha) from 10.7.3 to 11.7.2.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](mochajs/mocha@v10.7.3...v11.7.2)

---
updated-dependencies:
- dependency-name: mocha
  dependency-version: 11.7.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump eslint-plugin-sonarjs from 0.16.0 to 3.0.5
e34ac96 
Bumps [eslint-plugin-sonarjs](https://github.com/SonarSource/SonarJS) from 0.16.0 to 3.0.5.
- [Release notes](https://github.com/SonarSource/SonarJS/releases)
- [Commits](https://github.com/SonarSource/SonarJS/commits)

---
updated-dependencies:
- dependency-name: eslint-plugin-sonarjs
  dependency-version: 3.0.5
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@ScottFullerton-NHSE
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/npm_and_…
e1b523a 
…yarn-7e13879316' into feature/CCM-11961-dependabot-upgrades
@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@ScottFullerton-NHSE ScottFullerton-NHSE added the dependencies Pull requests that update a dependency file label Sep 16, 2025
@ScottFullerton-NHSE
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/sandbox/…
63716f3 
…nodemon-3.1.10' into feature/CCM-11961-dependabot-upgrades
@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@ScottFullerton-NHSE
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/eslint-p…
f1161e2 
…lugin-sonarjs-3.0.5' into feature/CCM-11961-dependabot-upgrades
@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@ScottFullerton-NHSE
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/sandbox/…
483e7ca 
…mocha-11.7.2' into feature/CCM-11961-dependabot-upgrades
@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@github-actions
Copy link

github-actions bot commented Sep 16, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-11961

@ScottFullerton-NHSE ScottFullerton-NHSE changed the title Draft: CCM-11961: Dependabot Upgrades CCM-11961: Dependabot Upgrades Sep 17, 2025
gareth-allan
gareth-allan approved these changes Sep 17, 2025
View reviewed changes
package-lock.json
Copy link
Contributor

@gareth-allan gareth-allan Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we have a package-lock.json and a pnpm-lock.yaml in this repo? I thought if we were using PNPM we'd get the PNPM lock file instead of package-lock.json?

Obviously you've not changed this, so it's not something that needs to block this PR, but it seems odd.

@ScottFullerton-NHSE ScottFullerton-NHSE merged commit 9acacbe into release Sep 22, 2025
6 checks passed
@ScottFullerton-NHSE ScottFullerton-NHSE deleted the feature/CCM-11961-dependabot-upgrades branch September 22, 2025 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simonlabarere simonlabarere simonlabarere approved these changes

@gareth-allan gareth-allan gareth-allan approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ScottFullerton-NHSE @simonlabarere @gareth-allan