Skip to content

CCM-17044: Dependency Updates#1061

Merged
lapenna-bjss merged 11 commits into
releasefrom
feature/CCM-17044_dependency_updates
Apr 30, 2026
Merged

CCM-17044: Dependency Updates#1061
lapenna-bjss merged 11 commits into
releasefrom
feature/CCM-17044_dependency_updates

Conversation

@gareth-allan
Copy link
Copy Markdown
Contributor

@gareth-allan gareth-allan commented Apr 20, 2026
edited by lapenna-bjss
Loading

Summary

This PR updates several dependencies in order to resolve reported vulnerabilities.

Security fixes

  • Added overrides to some of mocha's dependencies in sandbox/package.json
  • handlebars → ^4.7.9
  • flatted → ^3.4.2
  • postcss → ^8.5.12
  • lodash → ^4.18.1
  • underscore → ^1.13.8
  • cryptography → 47.0.0
  • pyjwt → 2.12.1
  • certifi → 2026.4.22

Notable upgrades

  • eslint-plugin-sonarjs 3.0.5 → 4.0.3 (also resolved the minimatch ReDoS vulnerability)
  • eslint-plugin-security 1.5.0 → 4.0.0
  • newman 6.2.1 → 6.2.2
  • chai 5.1.1 → 6.2.0 (sandbox)
  • requests 2.32.5 → 2.33.1
  • playwright 1.57.0 → 1.59.0
  • urllib3 2.6.2 → 2.6.3

Skipped upgrades
eslint-plugin-unicorn 56 → 62 (requires ESLint 9)

Reviews Required

  • Dev
  • Test
  • Tech Author
  • Product Owner

Checklist

  • Brief description of work completed, and any technical decisions made as part of the PR
  • PR link added as a comment to the relevant JIRA ticket: CCM-17044
  • PR link shared on Slack and/or Teams
  • 2 reviews received
  • Tester approval

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 20, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@gareth-allan gareth-allan force-pushed the feature/CCM-17044_dependency_updates branch from 5126577 to 178b9b1 Compare April 20, 2026 15:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 20, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 20, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-17044

@lapenna-bjss lapenna-bjss marked this pull request as ready for review April 29, 2026 15:00
@tdroza-nhs tdroza-nhs self-assigned this Apr 30, 2026
@lapenna-bjss lapenna-bjss merged commit 3a31eff into release Apr 30, 2026
6 checks passed
@lapenna-bjss lapenna-bjss deleted the feature/CCM-17044_dependency_updates branch April 30, 2026 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdroza-nhs tdroza-nhs tdroza-nhs approved these changes

@simonlabarere simonlabarere simonlabarere approved these changes

Assignees

@tdroza-nhs tdroza-nhs

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gareth-allan @tdroza-nhs @simonlabarere @lapenna-bjss