Skip to content

CCM-13539: Address dependendabot issues#1032

Merged
simonlabarere merged 4 commits into
releasefrom
feature/CCM-13539_dependabot_updates
Jan 6, 2026
Merged

CCM-13539: Address dependendabot issues#1032
simonlabarere merged 4 commits into
releasefrom
feature/CCM-13539_dependabot_updates

Conversation

@simonlabarere
Copy link
Copy Markdown
Contributor

@simonlabarere simonlabarere commented Jan 5, 2026
edited
Loading

Summary

Should fix the issues raised by dependabot: https://github.com/NHSDigital/communications-manager-api/security/dependabot
Mainly the vulnerabilities in:

  • urllib3
  • qs
  • node-forge
  • authlib
  • glob
  • filelock
  • body-parser
  • js-yaml
  • cryptography

This should make the following PRs obsolete:

Reviews Required

  • Dev
  • Test
  • Tech Author
  • Product Owner

Checklist

  • Brief description of work completed, and any technical decisions made as part of the PR
  • PR link added as a comment to the relevant JIRA ticket
  • PR link shared on Slack and/or Teams
  • 2 reviews received
  • Tester approval

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

This was referenced Jan 5, 2026
Closed
Closed
simonlabarere
simonlabarere commented Jan 5, 2026
View reviewed changes
Comment thread package.json Outdated
This was referenced Jan 5, 2026
Closed
Closed
@simonlabarere simonlabarere added the dependencies Pull requests that update a dependency file label Jan 5, 2026
@lapenna-bjss lapenna-bjss self-assigned this Jan 5, 2026
lapenna-bjss
lapenna-bjss previously approved these changes Jan 5, 2026
View reviewed changes
gareth-allan
gareth-allan reviewed Jan 5, 2026
View reviewed changes
Comment thread .tool-versions Outdated
gareth-allan
gareth-allan reviewed Jan 5, 2026
View reviewed changes
Comment thread package.json Outdated
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 5, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-13539

@simonlabarere simonlabarere merged commit c864c22 into release Jan 6, 2026
6 checks passed
@simonlabarere simonlabarere deleted the feature/CCM-13539_dependabot_updates branch January 6, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ian-Hodges Ian-Hodges Ian-Hodges left review comments

@gareth-allan gareth-allan gareth-allan approved these changes

@lapenna-bjss lapenna-bjss lapenna-bjss left review comments

Assignees

@gareth-allan gareth-allan

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@simonlabarere @Ian-Hodges @gareth-allan @lapenna-bjss