Skip to content

CCM-13539: Address dependendabot issues #1032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
simonlabarere merged 4 commits into from
Jan 6, 2026
Merged

CCM-13539: Address dependendabot issues #1032

simonlabarere merged 4 commits into from
Jan 6, 2026

Conversation

@simonlabarere
Copy link
Contributor

@simonlabarere simonlabarere commented Jan 5, 2026
edited
Loading

Summary

Should fix the issues raised by dependabot: https://github.com/NHSDigital/communications-manager-api/security/dependabot
Mainly the vulnerabilities in:

  • urllib3
  • qs
  • node-forge
  • authlib
  • glob
  • filelock
  • body-parser
  • js-yaml
  • cryptography

This should make the following PRs obsolete:

Reviews Required

  • Dev
  • Test
  • Tech Author
  • Product Owner

Checklist

  • Brief description of work completed, and any technical decisions made as part of the PR
  • PR link added as a comment to the relevant JIRA ticket
  • PR link shared on Slack and/or Teams
  • 2 reviews received
  • Tester approval

@github-actions
Copy link

github-actions bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

This was referenced Jan 5, 2026
Closed
Closed
simonlabarere
simonlabarere commented Jan 5, 2026
View reviewed changes
This was referenced Jan 5, 2026
Closed
Closed
@simonlabarere simonlabarere added the dependencies Pull requests that update a dependency file label Jan 5, 2026
@lapenna-bjss lapenna-bjss self-assigned this Jan 5, 2026
lapenna-bjss
lapenna-bjss previously approved these changes Jan 5, 2026
View reviewed changes
gareth-allan
gareth-allan reviewed Jan 5, 2026
View reviewed changes
gareth-allan
gareth-allan reviewed Jan 5, 2026
View reviewed changes
@github-actions
Copy link

github-actions bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

@github-actions
Copy link

github-actions bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

@github-actions
Copy link

github-actions bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

@simonlabarere simonlabarere merged commit c864c22 into release Jan 6, 2026
6 checks passed
@simonlabarere simonlabarere deleted the feature/CCM-13539_dependabot_updates branch January 6, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ian-Hodges Ian-Hodges Ian-Hodges left review comments

@gareth-allan gareth-allan gareth-allan approved these changes

@lapenna-bjss lapenna-bjss lapenna-bjss left review comments

Assignees

@gareth-allan gareth-allan

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@simonlabarere @Ian-Hodges @gareth-allan @lapenna-bjss