csg-org · landonshumway-ia · May 6, 2026 · May 6, 2026 · May 6, 2026 · May 6, 2026
diff --git a/backend/compact-connect/docs/devops/STAFF_USER_MFA_RECOVERY.md b/backend/compact-connect/docs/devops/STAFF_USER_MFA_RECOVERY.md
@@ -41,9 +41,8 @@ Before beginning this procedure, ensure you have:
 
 ### Step 2: Archive the DynamoDB Record
 
-In the DynamoDB console, if you change the partition key (pk) value of a existing DynamoDB item, it automatically deletes the old record with the old pk and creates a new one with the new pk, effectively archiving the user record. Perform the following steps:
+In the DynamoDB console, perform the following steps:
 
-1. **Create the Archived Record**
    - In the DynamoDB table, find the existing staff user record and select it to open the 'Edit item' view.
    - **Add a new field**: `archivedDate` = current date (yyyy-mm-dd format)
    - **Add a new field**: `archivedReason` = "MFA recovery - user lost access to MFA device"

diff --git a/backend/compact-connect/lambdas/nodejs/package.json b/backend/compact-connect/lambdas/nodejs/package.json
@@ -4,7 +4,7 @@
   "type": "commonjs",
   "description": "NodeJS lambdas for CompactConnect",
   "resolutions": {
-    "fast-xml-parser": "5.7.0",
+    "fast-xml-parser": "5.7.3",
     "postcss": "8.5.10"
   },
   "scripts": {
@@ -45,9 +45,9 @@
   },
   "dependencies": {
     "@aws-lambda-powertools/logger": "^2.32.0",
-    "@aws-sdk/client-dynamodb": "^3.1029.0",
-    "@aws-sdk/client-s3": "^3.1029.0",
-    "@aws-sdk/client-sesv2": "^3.1029.0",
+    "@aws-sdk/client-dynamodb": "^3.1045.0",
+    "@aws-sdk/client-s3": "^3.1045.0",
+    "@aws-sdk/client-sesv2": "^3.1045.0",
     "@aws-sdk/util-dynamodb": "^3.996.2",
     "@csg-org/email-builder": "^0.0.13",
     "nodemailer": "^8.0.5",

diff --git a/backend/compact-connect/lambdas/nodejs/yarn.lock b/backend/compact-connect/lambdas/nodejs/yarn.lock
diff --git a/backend/compact-connect/lambdas/python/cognito-backup/requirements-dev.txt b/backend/compact-connect/lambdas/python/cognito-backup/requirements-dev.txt
@@ -77,7 +77,7 @@ six==1.17.0
     # via python-dateutil
 typing-extensions==4.15.0
     # via aws-lambda-powertools
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   requests

diff --git a/backend/compact-connect/lambdas/python/common/requirements-dev.txt b/backend/compact-connect/lambdas/python/common/requirements-dev.txt
@@ -177,7 +177,7 @@ typing-inspection==0.4.2
     # via
     #   pydantic
     #   pydantic-settings
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/common/requirements.txt b/backend/compact-connect/lambdas/python/common/requirements.txt
@@ -47,7 +47,7 @@ six==1.17.0
     # via python-dateutil
 typing-extensions==4.15.0
     # via aws-lambda-powertools
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   requests
diff --git a/backend/compact-connect/lambdas/python/compact-configuration/requirements-dev.txt b/backend/compact-connect/lambdas/python/compact-configuration/requirements-dev.txt
@@ -58,7 +58,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/custom-resources/requirements-dev.txt b/backend/compact-connect/lambdas/python/custom-resources/requirements-dev.txt
@@ -58,7 +58,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/data-events/requirements-dev.txt b/backend/compact-connect/lambdas/python/data-events/requirements-dev.txt
@@ -58,7 +58,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/disaster-recovery/requirements-dev.txt b/backend/compact-connect/lambdas/python/disaster-recovery/requirements-dev.txt
@@ -58,7 +58,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/feature-flag/requirements-dev.txt b/backend/compact-connect/lambdas/python/feature-flag/requirements-dev.txt
@@ -56,7 +56,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/feature-flag/requirements.txt b/backend/compact-connect/lambdas/python/feature-flag/requirements.txt
@@ -16,5 +16,5 @@ statsig-python-core==0.19.1
     # via -r requirements.in
 typing-extensions==4.15.0
     # via statsig-python-core
-urllib3==2.6.3
+urllib3==2.7.0
     # via requests
diff --git a/backend/compact-connect/lambdas/python/provider-data-v1/requirements-dev.txt b/backend/compact-connect/lambdas/python/provider-data-v1/requirements-dev.txt
@@ -60,7 +60,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/purchases/requirements-dev.in b/backend/compact-connect/lambdas/python/purchases/requirements-dev.in
@@ -14,4 +14,4 @@ boto3>=1.34.33, <2
 cryptography>=46, <47
 marshmallow>=4.3.0, <5.0.0
 requests>=2.31.0, <3.0.0
-urllib3>=2.6.3, <3
+urllib3>=2.7.0, <3
diff --git a/backend/compact-connect/lambdas/python/purchases/requirements-dev.txt b/backend/compact-connect/lambdas/python/purchases/requirements-dev.txt
@@ -161,7 +161,7 @@ tomli-w==1.2.0
     # via pip-audit
 typing-extensions==4.15.0
     # via aws-lambda-powertools
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   -r purchases/requirements-dev.in
     #   botocore

diff --git a/backend/compact-connect/lambdas/python/purchases/requirements.in b/backend/compact-connect/lambdas/python/purchases/requirements.in
@@ -1,4 +1,4 @@
 # common requirements are managed in the common-python requirements.in file
 authorizenet>=1.1.6, <2
 # explicitly setting this transitive dependency to pick vulnerability patch
-urllib3>=2.6.3, <3
+urllib3>=2.7.0, <3
diff --git a/backend/compact-connect/lambdas/python/purchases/requirements.txt b/backend/compact-connect/lambdas/python/purchases/requirements.txt
@@ -18,7 +18,7 @@ pyxb-x==1.2.6.3
     # via authorizenet
 requests==2.33.1
     # via authorizenet
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   -r requirements.in
     #   requests
diff --git a/backend/compact-connect/lambdas/python/search/requirements-dev.txt b/backend/compact-connect/lambdas/python/search/requirements-dev.txt
@@ -56,7 +56,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/search/requirements.txt b/backend/compact-connect/lambdas/python/search/requirements.txt
@@ -30,7 +30,7 @@ six==1.17.0
     # via python-dateutil
 typing-extensions==4.15.0
     # via grpcio
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   opensearch-py
     #   requests
diff --git a/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements-dev.txt b/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements-dev.txt
@@ -58,7 +58,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/lambdas/python/staff-users/requirements-dev.txt b/backend/compact-connect/lambdas/python/staff-users/requirements-dev.txt
@@ -64,7 +64,7 @@ s3transfer==0.16.0
     # via boto3
 six==1.17.0
     # via python-dateutil
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   botocore
     #   docker

diff --git a/backend/compact-connect/requirements-dev.txt b/backend/compact-connect/requirements-dev.txt
@@ -97,7 +97,7 @@ tomli==2.4.1
     # via pip-audit
 tomli-w==1.2.0
     # via pip-audit
-urllib3==2.6.3
+urllib3==2.7.0
     # via requests
 wheel==0.46.3
     # via pip-tools

diff --git a/backend/compact-connect/tests/smoke/compact_configuration_smoke_tests.py b/backend/compact-connect/tests/smoke/compact_configuration_smoke_tests.py
@@ -103,7 +103,7 @@ def test_active_member_jurisdictions():
         print(f'Successfully verified active member jurisdictions for compact {compact}')
 
 
-def test_compact_configuration():
+def test_compact_configuration(compact: str = None):
     """
     Test that a compact admin can update and retrieve compact configuration.
 
@@ -112,8 +112,9 @@ def test_compact_configuration():
     """
     print('Testing compact configuration...')
 
+    if compact is None:
+        compact = COMPACTS[0]  # Use the first compact for testing
     # Create a test compact admin user
-    compact = COMPACTS[0]  # Use the first compact for testing
     test_email = f'test-compact-admin-{compact}@ccSmokeTestFakeEmail.com'
     permissions = {'actions': {'admin'}, 'jurisdictions': {}}
 
@@ -222,7 +223,9 @@ def test_compact_configuration():
             delete_test_staff_user(test_email, user_sub, compact)
 
 
-def test_jurisdiction_configuration(jurisdiction: str = 'ne', recreate_compact_config: bool = False):
+def test_jurisdiction_configuration(
+    compact: str = None, jurisdiction: str = 'ne', recreate_compact_config: bool = False
+):
     """
     Test that a state admin can update and retrieve jurisdiction configuration.
 
@@ -232,7 +235,8 @@ def test_jurisdiction_configuration(jurisdiction: str = 'ne', recreate_compact_c
     print('Testing jurisdiction configuration...')
 
     # Create a test state admin user with compact admin permissions for simplicity
-    compact = COMPACTS[0]  # Use the first compact for testing
+    if compact is None:
+        compact = COMPACTS[0]  # Use the first compact for testing
     test_email = f'test-state-admin-{jurisdiction}@ccSmokeTestFakeEmail.com'
     permissions = {'actions': {'admin'}, 'jurisdictions': {jurisdiction: {'admin'}}}
 

diff --git a/backend/compact-connect/tests/smoke/purchasing_privileges_smoke_tests.py b/backend/compact-connect/tests/smoke/purchasing_privileges_smoke_tests.py
@@ -35,10 +35,12 @@ def _generate_post_body(attestations_from_system, license_type):
 
 def test_purchase_privilege_options():
     """Test the GET /v1/purchases/privileges/options endpoint."""
+    original_provider_data = call_provider_users_me_endpoint()
+    compact = original_provider_data.get('compact')
     # First, ensure we have known configuration by calling the configuration tests
     # These will set up the configurations and return them for verification
-    compact_config = test_compact_configuration()
-    jurisdiction_config = test_jurisdiction_configuration()
+    compact_config = test_compact_configuration(compact=compact)
+    jurisdiction_config = test_jurisdiction_configuration(compact=compact)
 
     # Now test the purchase privilege options endpoint
     headers = get_provider_user_auth_headers_cached()