diff --git a/.github/actions/check-uv-lock/action.yaml b/.github/actions/check-uv-lock/action.yaml index ace07c2c..3937f899 100644 --- a/.github/actions/check-uv-lock/action.yaml +++ b/.github/actions/check-uv-lock/action.yaml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 with: version: "0.9.4" - name: Check uv version diff --git a/.github/actions/ruff-checks/action.yaml b/.github/actions/ruff-checks/action.yaml index 072929ea..89c7b49e 100644 --- a/.github/actions/ruff-checks/action.yaml +++ b/.github/actions/ruff-checks/action.yaml @@ -5,7 +5,9 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + with: + version-file: "pyproject.toml" - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/ruff-format/action.yaml b/.github/actions/ruff-format/action.yaml index 374cd9e2..02a9d0b0 100644 --- a/.github/actions/ruff-format/action.yaml +++ b/.github/actions/ruff-format/action.yaml @@ -5,7 +5,9 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + with: + version-file: "pyproject.toml" - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/run-unit-tests/action.yaml b/.github/actions/run-unit-tests/action.yaml index 7e3b995b..85c9e322 100644 --- a/.github/actions/run-unit-tests/action.yaml +++ b/.github/actions/run-unit-tests/action.yaml @@ -10,7 +10,9 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + with: + version-file: "pyproject.toml" - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/setup-python-dependencies/action.yaml b/.github/actions/setup-python-dependencies/action.yaml index c69e475d..f5348301 100644 --- a/.github/actions/setup-python-dependencies/action.yaml +++ b/.github/actions/setup-python-dependencies/action.yaml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Install uv based on the version defined in pyproject.toml - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 with: version-file: "pyproject.toml" - name: Install Python dependencies diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 31d39732..c46637fb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -10,6 +10,9 @@ on: schedule: - cron: "20 14 * * 1" +env: + CODEQL_ACTION_FILE_COVERAGE_ON_PRS: "true" + permissions: contents: read security-events: write @@ -29,8 +32,8 @@ jobs: fetch-depth: 0 persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml index 664a542e..680b7354 100644 --- a/.github/workflows/reusable-deploy.yml +++ b/.github/workflows/reusable-deploy.yml @@ -90,7 +90,7 @@ jobs: PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: "Build ${{inputs.type_of_deployment}} container" run: make ${{inputs.type_of_deployment}}-build - name: Check Docker Containers diff --git a/app/Dockerfile b/app/Dockerfile index f0e3fda3..961aeaf3 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.14.3-alpine +FROM python:3.15.0a8-alpine COPY --from=ghcr.io/astral-sh/uv:0.10.0 /uv /uvx /bin/ diff --git a/package-lock.json b/package-lock.json index 3b742de2..15d81102 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,12 +10,12 @@ "license": "MIT", "devDependencies": { "@apideck/portman": "~=1.34.0", - "@openapitools/openapi-generator-cli": "~=2.30.2", + "@openapitools/openapi-generator-cli": "~=2.32.0", "apigeetool": "~=0.16.4", "license-checker": "~=25.0.1", "minimist": "~=1.2.2", "newman": "~=6.2.1", - "prettier": "~=3.8.1" + "prettier": "~=3.8.3" } }, "node_modules/@apideck/better-ajv-errors": { @@ -292,13 +292,13 @@ } }, "node_modules/@nestjs/common": { - "version": "11.1.16", - "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.16.tgz", - "integrity": "sha512-JSIeW+USuMJkkcNbiOdcPkVCeI3TSnXstIVEPpp3HiaKnPRuSbUUKm9TY9o/XpIcPHWUOQItAtC5BiAwFdVITQ==", + "version": "11.1.17", + "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.17.tgz", + "integrity": "sha512-hLODw5Abp8OQgA+mUO4tHou4krKgDtUcM9j5Ihxncst9XeyxYBTt2bwZm4e4EQr5E352S4Fyy6V3iFx9ggxKAg==", "dev": true, "license": "MIT", "dependencies": { - "file-type": "21.3.0", + "file-type": "21.3.2", "iterare": "1.2.1", "load-esm": "1.0.3", "tslib": "2.8.1", @@ -324,9 +324,9 @@ } }, "node_modules/@nestjs/core": { - "version": "11.1.16", - "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-11.1.16.tgz", - "integrity": "sha512-tXWXyCiqWthelJjrE0KLFjf0O98VEt+WPVx5CrqCf+059kIxJ8y1Vw7Cy7N4fwQafWNrmFL2AfN87DDMbVAY0w==", + "version": "11.1.18", + "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-11.1.18.tgz", + "integrity": "sha512-wR3DtGyk/LUAiPtbXDuWJJwVkWElKBY0sqnTzf9d4uM3+X18FRZhK7WFc47czsIGOdWuRsMeLYV+1Z9dO4zDEQ==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -334,7 +334,7 @@ "@nuxt/opencollective": "0.4.1", "fast-safe-stringify": "2.1.1", "iterare": "1.2.1", - "path-to-regexp": "8.3.0", + "path-to-regexp": "8.4.2", "tslib": "2.8.1", "uid": "2.0.2" }, @@ -409,19 +409,19 @@ "license": "MIT" }, "node_modules/@openapitools/openapi-generator-cli": { - "version": "2.30.2", - "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.30.2.tgz", - "integrity": "sha512-rGgLrY88f7/eTBc2wmehhcqQq7/1wEkNQUhvk1NF0nh/bCGGGRfzN6O4U2VHsREtshUT+IUaRoJwq4UeDrRXZQ==", + "version": "2.32.0", + "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.32.0.tgz", + "integrity": "sha512-9HZ3fp3cankdUC89UNsnW+HZFmRUadjjtqOvIIo6/D+bAVs+VJRqyhDy4rT4/cxqcLhXw40njs/vJLj21r60JA==", "dev": true, "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { "@inquirer/select": "1.3.3", "@nestjs/axios": "4.0.1", - "@nestjs/common": "11.1.16", - "@nestjs/core": "11.1.16", + "@nestjs/common": "11.1.17", + "@nestjs/core": "11.1.18", "@nuxtjs/opencollective": "0.3.2", - "axios": "^1.13.6", + "axios": "^1.15.0", "chalk": "4.1.2", "commander": "8.3.0", "compare-versions": "6.1.1", @@ -891,15 +891,78 @@ "license": "MIT" }, "node_modules/axios": { - "version": "1.13.6", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.6.tgz", - "integrity": "sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==", + "version": "1.16.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.16.1.tgz", + "integrity": "sha512-caYkukvroVPO8KrzuJEb50Hm07KwfBZPEC3VeFHTsqWHvKTsy54hjJz9BS/cdaypROE2rH6xvm9mHX4fgWkr3A==", "dev": true, "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "form-data": "^4.0.5", - "proxy-from-env": "^1.1.0" + "https-proxy-agent": "^5.0.1", + "proxy-from-env": "^2.1.0" + } + }, + "node_modules/axios/node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/axios/node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/axios/node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "dev": true, + "license": "MIT", + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/axios/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/axios/node_modules/proxy-from-env": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" } }, "node_modules/balanced-match": { @@ -931,9 +994,9 @@ "license": "MIT" }, "node_modules/basic-ftp": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz", - "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==", + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.2.tgz", + "integrity": "sha512-1tDrzKsdCg70WGvbFss/ulVAxupNauGnOlgpyjKzeQxzyllBLS0CGLV7tjIXTK3ZQA9/FBEm9qyFFN1bciA6pw==", "dev": true, "license": "MIT", "engines": { @@ -1923,9 +1986,9 @@ "license": "MIT" }, "node_modules/fast-uri": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.6.tgz", - "integrity": "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "dev": true, "funding": [ { @@ -1956,9 +2019,9 @@ } }, "node_modules/file-type": { - "version": "21.3.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.0.tgz", - "integrity": "sha512-8kPJMIGz1Yt/aPEwOsrR97ZyZaD1Iqm8PClb1nYFclUCkBi0Ma5IsYNQzvSFS9ib51lWyIw5mIT9rWzI/xjpzA==", + "version": "21.3.2", + "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.2.tgz", + "integrity": "sha512-DLkUvGwep3poOV2wpzbHCOnSKGk1LzyXTv+aHFgN2VFl96wnp8YA9YjO2qPzg5PuL8q/SW9Pdi6WTkYOIh995w==", "dev": true, "license": "MIT", "dependencies": { @@ -1992,9 +2055,9 @@ "license": "ISC" }, "node_modules/follow-redirects": { - "version": "1.15.11", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", - "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", "dev": true, "funding": [ { @@ -2606,15 +2669,11 @@ "license": "ISC" }, "node_modules/ip-address": { - "version": "9.0.5", - "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", - "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz", + "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==", "dev": true, "license": "MIT", - "dependencies": { - "jsbn": "1.1.0", - "sprintf-js": "^1.1.3" - }, "engines": { "node": ">= 12" } @@ -2736,13 +2795,6 @@ "js-yaml": "bin/js-yaml.js" } }, - "node_modules/jsbn": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", - "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==", - "dev": true, - "license": "MIT" - }, "node_modules/json-crawl": { "version": "0.4.2", "resolved": "https://registry.npmjs.org/json-crawl/-/json-crawl-0.4.2.tgz", @@ -4120,9 +4172,9 @@ } }, "node_modules/path-to-regexp": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz", - "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==", + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz", + "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==", "dev": true, "license": "MIT", "funding": { @@ -4633,9 +4685,9 @@ } }, "node_modules/prettier": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz", - "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==", + "version": "3.8.3", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz", + "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==", "dev": true, "license": "MIT", "bin": { @@ -5446,13 +5498,13 @@ } }, "node_modules/socks": { - "version": "2.8.6", - "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.6.tgz", - "integrity": "sha512-pe4Y2yzru68lXCb38aAqRf5gvN8YdjP1lok5o0J7BOHljkyCGKVz7H3vpVIXKD27rj2giOJ7DwVyk/GWrPHDWA==", + "version": "2.8.9", + "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.9.tgz", + "integrity": "sha512-LJhUYUvItdQ0LkJTmPeaEObWXAqFyfmP85x0tch/ez9cahmhlBBLbIqDFnvBnUJGagb0JbIQrkBs1wJ+yRYpEw==", "dev": true, "license": "MIT", "dependencies": { - "ip-address": "^9.0.5", + "ip-address": "^10.1.1", "smart-buffer": "^4.2.0" }, "engines": { @@ -5577,13 +5629,6 @@ "spdx-ranges": "^2.0.0" } }, - "node_modules/sprintf-js": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", - "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==", - "dev": true, - "license": "BSD-3-Clause" - }, "node_modules/sshpk": { "version": "1.18.0", "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.18.0.tgz", @@ -5705,9 +5750,9 @@ } }, "node_modules/strtok3": { - "version": "10.3.4", - "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.4.tgz", - "integrity": "sha512-KIy5nylvC5le1OdaaoCJ07L+8iQzJHGH6pWDuzS+d07Cu7n1MZ2x26P8ZKIWfbK02+XIL8Mp4RkWeqdUCrDMfg==", + "version": "10.3.5", + "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.5.tgz", + "integrity": "sha512-ki4hZQfh5rX0QDLLkOCj+h+CVNkqmp/CMf8v8kZpkNVK6jGQooMytqzLZYUVYIZcFZ6yDB70EfD8POcFXiF5oA==", "dev": true, "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index bec36722..bf7d0d5e 100644 --- a/package.json +++ b/package.json @@ -11,11 +11,11 @@ "homepage": "https://github.com/NHSDigital/im1-pfs-auth-api", "devDependencies": { "@apideck/portman": "~=1.34.0", - "@openapitools/openapi-generator-cli": "~=2.30.2", + "@openapitools/openapi-generator-cli": "~=2.32.0", "apigeetool": "~=0.16.4", "license-checker": "~=25.0.1", "minimist": "~=1.2.2", "newman": "~=6.2.1", - "prettier": "~=3.8.1" + "prettier": "~=3.8.3" } } diff --git a/postman/postman_collection.json b/postman/postman_collection.json index 74a0ce2f..8f91e445 100644 --- a/postman/postman_collection.json +++ b/postman/postman_collection.json @@ -1,10 +1,10 @@ { "_": { - "postman_id": "70ba2b8a-5ba5-43a3-8163-93fc86b0faf6" + "postman_id": "82590680-5764-40a0-b643-84b8bc8f1a7b" }, "item": [ { - "id": "89e70426-dc25-42ad-ae62-3417f07f202d", + "id": "a7aa5f2e-b7e8-4520-8bed-f710c7921b28", "name": "sessions", "description": { "content": "", @@ -12,17 +12,17 @@ }, "item": [ { - "id": "f9d648b9-2b04-4d82-960e-4300b43b0e4c", - "name": "Begins a session", + "id": "fe5b345c-568a-4662-9f76-4cf4bee5c65c", + "name": "Create a session", "request": { - "name": "Begins a session", + "name": "Create a session", "description": { - "content": "## Overview\n\nA user can authenticate and establish a session with GPIT supplier systems.\n\nThis endpoint:\n - Verifies the user access token\n - Extracts the NHS number for the user, NHS number and ODS code of the patient\n - Determines which supplier system to forward requests onto\n - Transforms response\n\n## Access modes\n\nThis endpoint supports the following access modes:\n- Patient access\n\n## Sandbox test scenarios\n\nSee the postman collection for example requests.\n\n| Scenario | Request | Response |\n| ---------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |\n| Successful request | Valid request with forward to value of https://example.com and ods code value of A29929 | HTTP Status 201 Success response |\n\n### Sandbox constraints\n - Headers that are not required for the scenario are not validated and are disregarded.\n\nOr perhaps you'd like to try out the sandbox using our 'Try it out' feature.\n", + "content": "## Overview\n\nA user can authenticate and establish a session with GPIT supplier systems.\n\nThis endpoint:\n - Verifies the user access token\n - Determines which supplier system to forward requests onto\n - Transforms response\n\n## Access modes\n\nThis endpoint supports the following access modes:\n- Patient access\n\n## Sandbox test scenarios\n\nSee the postman collection for example requests.\n\n| Scenario | Request | Response |\n| ---------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |\n| Successful request | Valid request with forward to value of https://example.com and ods code value of A29929 | HTTP Status 201 Success response |\n\n### Sandbox constraints\n - Headers that are not required for the scenario are not validated and are disregarded.\n\nOr perhaps you'd like to try out the sandbox using our 'Try it out' feature.\n", "type": "text/plain" }, "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -43,11 +43,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -55,25 +55,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -82,7 +82,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -118,12 +118,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "c8735fef-ab9b-480b-8294-0aaec70746b6", + "id": "a2445e93-6833-476b-9283-31407774c2ab", "name": "The session was created successfully", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -144,11 +144,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -156,25 +156,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -183,7 +183,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -210,19 +210,19 @@ "value": "application/json" } ], - "body": "{\n \"sessionId\": \"in laboru\",\n \"userPatientLinkToken\": \"fugiat anim\",\n \"suid\": \"commodo reprehenderit\",\n \"onlineUserId\": \"deserunt Lorem magna\",\n \"patientId\": \"Excepteur aute reprehenderit in laborum\"\n}", + "body": "{\n \"sessionId\": \"irure\",\n \"endUserSessionId\": \"irure anim veniam voluptate\",\n \"supplier\": \"EMIS\",\n \"odsCode\": \"enim magna qui nul\",\n \"user\": {\n \"dateOfBirth\": \"esse magna commodo incididunt\",\n \"firstName\": \"mollit sint occaecat dolo\",\n \"patientIdentifiers\": [\n {\n \"value\": \"consectetur reprehenderit eiusmod\",\n \"type\": \"id consectetur nulla\"\n },\n {\n \"value\": \"sit nulla quis\",\n \"type\": \"qui dolor consectetur Exce\"\n }\n ],\n \"permissions\": {\n \"appointmentsEnabled\": false,\n \"demographicsUpdateEnabled\": true,\n \"epsEnabled\": true,\n \"medicalRecordEnabled\": false,\n \"onlineTriageEnabled\": false,\n \"practicePatientCommunicationEnabled\": false,\n \"prescribingEnabled\": false,\n \"recordSharingEnabled\": false,\n \"recordViewAuditEnabled\": true,\n \"medicalRecord\": {\n \"recordAccessScheme\": \"DetailedCodedCareRecord\",\n \"allergiesEnabled\": false,\n \"consultationsEnabled\": false,\n \"immunisationsEnabled\": false,\n \"documentsEnabled\": false,\n \"medicationEnabled\": true,\n \"problemsEnabled\": true,\n \"testResultsEnabled\": true\n }\n },\n \"surname\": \"magna et aliquip laborum\",\n \"title\": \"in Ut qui quis\",\n \"userPatientLinkToken\": \"deserunt do\"\n },\n \"patients\": [\n {\n \"dateOfBirth\": \"aliqua Duis eiusmod\",\n \"firstName\": \"aliquip sit\",\n \"patientIdentifiers\": [\n {\n \"value\": \"dolore ut\",\n \"type\": \"cupidatat ullamco\"\n },\n {\n \"value\": \"do qui voluptate tempor\",\n \"type\": \"est\"\n }\n ],\n \"permissions\": {\n \"appointmentsEnabled\": true,\n \"demographicsUpdateEnabled\": true,\n \"epsEnabled\": false,\n \"medicalRecordEnabled\": true,\n \"onlineTriageEnabled\": true,\n \"practicePatientCommunicationEnabled\": false,\n \"prescribingEnabled\": true,\n \"recordSharingEnabled\": false,\n \"recordViewAuditEnabled\": false,\n \"medicalRecord\": {\n \"recordAccessScheme\": \"DetailedCodedCareRecord\",\n \"allergiesEnabled\": false,\n \"consultationsEnabled\": true,\n \"immunisationsEnabled\": true,\n \"documentsEnabled\": false,\n \"medicationEnabled\": true,\n \"problemsEnabled\": true,\n \"testResultsEnabled\": true\n }\n },\n \"surname\": \"enim adipisicing voluptate est\",\n \"title\": \"tempor qui Duis anim\",\n \"userPatientLinkToken\": \"anim cupidatat velit ad\"\n },\n {\n \"dateOfBirth\": \"laborum fugiat ullamco\",\n \"firstName\": \"ut fugiat ea magna\",\n \"patientIdentifiers\": [\n {\n \"value\": \"magn\",\n \"type\": \"ullamco deserunt\"\n },\n {\n \"value\": \"occa\",\n \"type\": \"in dolore\"\n }\n ],\n \"permissions\": {\n \"appointmentsEnabled\": false,\n \"demographicsUpdateEnabled\": false,\n \"epsEnabled\": true,\n \"medicalRecordEnabled\": true,\n \"onlineTriageEnabled\": false,\n \"practicePatientCommunicationEnabled\": true,\n \"prescribingEnabled\": false,\n \"recordSharingEnabled\": true,\n \"recordViewAuditEnabled\": true,\n \"medicalRecord\": {\n \"recordAccessScheme\": \"CoreSummaryCareRecord\",\n \"allergiesEnabled\": true,\n \"consultationsEnabled\": true,\n \"immunisationsEnabled\": true,\n \"documentsEnabled\": false,\n \"medicationEnabled\": false,\n \"problemsEnabled\": true,\n \"testResultsEnabled\": false\n }\n },\n \"surname\": \"veniam sed Duis\",\n \"title\": \"sint cillum\",\n \"userPatientLinkToken\": \"dolore fugia\"\n }\n ]\n}", "cookie": [] }, { "_": { "postman_previewlanguage": "json" }, - "id": "ffba3bb4-3d3c-4c7a-927a-6b269de42549", + "id": "04b527b7-fe3d-447d-88e9-e2c672695aa5", "name": "missingValueError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -243,11 +243,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -255,25 +255,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -282,7 +282,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -316,12 +316,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "e511f239-d22d-4936-8684-09f8b1c96f9e", + "id": "80f96935-a5d7-4ac5-82a6-96ba574e7d01", "name": "invalidValueError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -342,11 +342,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -354,25 +354,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -381,7 +381,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -415,12 +415,111 @@ "_": { "postman_previewlanguage": "json" }, - "id": "0a429ad4-82ab-47df-aa42-88b4dec0274f", + "id": "48f1fa62-9db0-4aaf-b881-f8bb5a4f2449", + "name": "notFoundError", + "originalRequest": { + "url": { + "path": [ + "authenticate" + ], + "host": [ + "{{baseUrl}}" + ], + "query": [], + "variable": [] + }, + "header": [ + { + "disabled": false, + "description": { + "content": "(Required) An [OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis).", + "type": "text/plain" + }, + "key": "Authorization", + "value": "Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM" + }, + { + "disabled": false, + "description": { + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", + "type": "text/plain" + }, + "key": "NHSE-Application-ID", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Request-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "disabled": false, + "description": { + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", + "type": "text/plain" + }, + "key": "NHSE-Forward-To", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) The ODS code of the GP practice to start a session with.", + "type": "text/plain" + }, + "key": "NHSE-ODS-Code", + "value": "A29929" + }, + { + "disabled": true, + "description": { + "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Correlation-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "key": "Accept", + "value": "application/json" + }, + { + "description": { + "content": "Added as a part of security scheme: oauth2", + "type": "text/plain" + }, + "key": "Authorization", + "value": "" + } + ], + "method": "POST", + "body": {} + }, + "status": "Bad Request", + "code": 400, + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/NotFoundError\"\n}", + "cookie": [] + }, + { + "_": { + "postman_previewlanguage": "json" + }, + "id": "b0b1c0fc-56e6-4341-88fb-ce1c43ffd8c7", "name": "accessDeniedError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -441,11 +540,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -453,25 +552,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -480,7 +579,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -507,19 +606,19 @@ "value": "application/json" } ], - "body": "{\n \"externalValue\": \"./examples/errors.yaml#/AccessDeniedError\"\n}", + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/AccessDeniedErrorError\"\n}", "cookie": [] }, { "_": { "postman_previewlanguage": "json" }, - "id": "faedfcd9-a404-440f-a6f9-9e0181bee0e6", + "id": "a397c448-1337-46b2-a74f-4a5a2c3276b4", "name": "forbiddenError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -540,11 +639,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -552,25 +651,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -579,7 +678,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -613,12 +712,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "05b40f8a-bea2-4f3b-8087-bf64c5c56771", + "id": "f59d88a7-962c-40e2-9877-a4621516b4f9", "name": "timeoutError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -639,11 +738,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -651,25 +750,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -678,7 +777,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -712,12 +811,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "db71ab20-cf87-46d8-b493-6c7834daad27", + "id": "4c527457-8013-43ea-8c06-e7d5ea2f92ef", "name": "throttledError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -738,11 +837,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -750,25 +849,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -777,7 +876,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -811,12 +910,111 @@ "_": { "postman_previewlanguage": "json" }, - "id": "28945647-79bf-4b1d-86a0-5399420ed35c", - "name": "Errors will be returned for the first error encountered in the request. An error occurred as follows:\n\n| HTTP status | Error code | Description |\n| ----------- | ----------------------- | ------------------------------------------------- |\n| 500 | `SERVER_ERROR` | An unexpected internal server error has occurred. |\n", + "id": "5d9e2081-b839-4bc5-8065-dddff43f9172", + "name": "serverError", + "originalRequest": { + "url": { + "path": [ + "authenticate" + ], + "host": [ + "{{baseUrl}}" + ], + "query": [], + "variable": [] + }, + "header": [ + { + "disabled": false, + "description": { + "content": "(Required) An [OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis).", + "type": "text/plain" + }, + "key": "Authorization", + "value": "Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM" + }, + { + "disabled": false, + "description": { + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", + "type": "text/plain" + }, + "key": "NHSE-Application-ID", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Request-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "disabled": false, + "description": { + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", + "type": "text/plain" + }, + "key": "NHSE-Forward-To", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) The ODS code of the GP practice to start a session with.", + "type": "text/plain" + }, + "key": "NHSE-ODS-Code", + "value": "A29929" + }, + { + "disabled": true, + "description": { + "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Correlation-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "key": "Accept", + "value": "application/json" + }, + { + "description": { + "content": "Added as a part of security scheme: oauth2", + "type": "text/plain" + }, + "key": "Authorization", + "value": "" + } + ], + "method": "POST", + "body": {} + }, + "status": "Internal Server Error", + "code": 500, + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/InternalServerError\"\n}", + "cookie": [] + }, + { + "_": { + "postman_previewlanguage": "json" + }, + "id": "a361c42f-3038-4116-8974-678259a11acf", + "name": "downstreamError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -837,11 +1035,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -849,25 +1047,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -876,7 +1074,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -903,7 +1101,7 @@ "value": "application/json" } ], - "body": "{\n \"externalValue\": \"./examples/errors.yaml#/ServerError\"\n}", + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/DownstreamError\"\n}", "cookie": [] } ], @@ -925,11 +1123,11 @@ } ], "info": { - "_postman_id": "70ba2b8a-5ba5-43a3-8163-93fc86b0faf6", + "_postman_id": "82590680-5764-40a0-b643-84b8bc8f1a7b", "name": "IM1 PFS Auth API", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "description": { - "content": "## Overview\n![IM1 PFS Auth API High-level Diagram](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/specification/assets/overview.drawio.svg)\n\nAn intermediary service to allow a proxy to act on behalf of their patient, regardless of GP practice they are registered to. Use this API to authenticate a user using an NHS login issued \"proxy token\" and initiate a session with the appropriate supplier system based on ODS code where an online account will be matched. A successful match would return newly established IM1 session details.\n\nYou can:\n\n- Authenticate a user and initiate a session with the approporiate supplier\n\n## Who can use this API\nThis API can only be used where there is a legal basis to do so. Make sure you have this and a valid use case before\nyou go too far with your development by [contacting us](https://digital.nhs.uk/developer/help-and-support)\n\nYou must do this before you can go live (see 'Onboarding' below).\n\n## API status and roadmap\nThis API is [in development](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses), meaning:\n- we will be making breaking changes\n\n## Technology\nThis API is [RESTful](https://digital.nhs.uk/developer/guides-and-documentation/our-api-technologies#basic-rest).\n\n## Network access\nThis API is available on the internet.\n\nFor more details see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis).\n\n## Security and authorisation\n\nThis API supports [user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis) access type with the following access modes:\n\n| Access mode | Access type |\n|-------------------------------|------------------------|\n| Patient access | User-restricted |\n\nFor more information on access modes and how to use them, see the developer [security and authorisation guide](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation).\n\n### User-restricted access\n\nUser-restricted access meaning an end user must be present, authenticated and authorised.\n\n#### Patient access mode\nIf the end user is a patient then you must use this access mode.\n\n[Review all patient access modes](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#patient-access-mode)\n\nValidated Relationships Service API checks the patient is P9 verified and has a high [vector of trust](https://nhsconnect.github.io/nhslogin/vectors-of-trust/) (VOT).\n\nAllowed vectors of trust are:\n- `P9.Cp.Cd`\n- `P9.Cp.Ck`\n- `P9.Cm`\n\n## Headers\nThis API is case-insensitive when processing request headers, meaning it will accept headers regardless of the letter casing used. (e.g. X-Request-Id, x-request-id are treated the same). When sending headers back in the response, we preserve the exact casing as received in the original request.\n\n## Errors\nWe use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:\n\n* 200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action\n* 400 to 499 if it failed because of a client error by your application\n* 500 to 599 if it failed because of an error on our server\n\nErrors specific to each API are shown in the Endpoints section, under Response. See our [reference guide](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#http-status-codes) for more on errors.\n\n## Open source\nYou might find the following [open source](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#open-source) resources useful:\n\n| Resource | Description | Links |\n| ---------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| IM1 PFS Auth API | Source code for the API proxy, sandbox and specification. | [GitHub repo](https://github.com/NHSDigital/im1-pfs-auth) |\n\n## Environments and testing\n| Environment | Base URL |\n| ----------------- | -------------------------------------------------- |\n| Sandbox | `https://sandbox.api.service.nhs.uk/im1-pfs-auth/` |\n| Integration test | `https://int.api.service.nhs.uk/im1-pfs-auth/` |\n\n### Sandbox testing\nOur [sandbox environment](https://digital.nhs.uk/developer/guides-and-documentation/testing#sandbox-testing)\n\n* is for early developer testing\n* only covers a limited set of scenarios\n* is open access, so does not allow you to test authorisation\n\n[![Import Postman Collection](https://img.shields.io/badge/Import-Postman%20Collection-orange?logo=postman)](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/postman/postman_collection.json)\n\nImport the postman collection to run requests against sandbox.\n\n## Onboarding\nYou must get your software onboarded before it can go live.\n\nFor more details, contact us at [england.vrs-team@nhs.net](mailto:england.vrs-team@nhs.net).\n\n## Contact us\nFor help and support connecting to our APIs and to join our developer community, see [Help and support building healthcare software](https://digital.nhs.uk/developer/help-and-support).\n", + "content": "## Overview\n\nIM1 PFS Auth provides a means of authenticating a user and establishing an IM1 session to access Patient-Facing Services (PFS).\nThe API authenticates a user via an NHS login token and routes requests to the specified supplier system and ODS code.\nIf the user's account is successfully matched, the API returns the new IM1 session details.\n\n![IM1 PFS Auth API High-level Diagram](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/specification/assets/overview.drawio.svg)\n\nYou can use this API to:\n\n- authenticate a user and initiate a session with the appropriate supplier system for:\n - a specific patient\n - all patients that the logged-in user has an online account for\n\n## Who can use this API\nYou can only use this API if you have a valid legal basis.\nBefore investing significant time in development, confirm that your use case is appropriate by [contacting us](https://digital.nhs.uk/developer/help-and-support).\n\nYou must do this before you can go live.\n\n## API status and roadmap\nThis API is [in development](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses).\n\n## Technology\nThis API is [RESTful](https://digital.nhs.uk/developer/guides-and-documentation/our-api-technologies#basic-rest).\n\n## Network access\nThis API is available on the internet.\n\nFor more details see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis).\n\n## Security and authorisation\n\nThis API supports [user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis) access type with the following access modes:\n\n| Access mode | Access type |\n|-------------------------------|------------------------|\n| Patient access | User-restricted |\n\nFor more information on access modes and how to use them, see the developer [security and authorisation guide](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation).\n\n### User-restricted access\n\nThis API has user-restricted access, meaning an end user must be present, authenticated and authorised.\n\n#### Patient access mode\nIf the end user is a patient then you must use this access mode.\n\n[Review all patient access modes](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#patient-access-mode)\n\n\n## Headers\nThis API is case-insensitive when processing request headers, meaning it will accept headers regardless of the letter casing used. For example, NHSE-Request-Id, nhse-request-id are treated the same.\n\n## Errors\nWe use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:\n\n* 200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action\n* 400 to 499 if it failed because of a client error by your application\n* 500 to 599 if it failed because of an error on our server\n\nEach endpoint lists its own specific errors in the Responses section. See our [reference guide](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#http-status-codes) for more on errors.\n\n## Open source\nYou might find the following [open source](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#open-source) resources useful:\n\n| Resource | Description | Links |\n| ---------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| IM1 PFS Auth API | Source code for the API proxy, sandbox and specification. | [GitHub repo](https://github.com/NHSDigital/im1-pfs-auth) |\n\n## Environments and testing\n| Environment | Base URL |\n| ----------------- | -------------------------------------------------- |\n| Sandbox | `https://sandbox.api.service.nhs.uk/im1-pfs-auth/` |\n| Integration test | `https://int.api.service.nhs.uk/im1-pfs-auth/` |\n\n### Sandbox testing\nOur [sandbox environment](https://digital.nhs.uk/developer/guides-and-documentation/testing#sandbox-testing)\n\n* is for early developer testing\n* only covers a limited set of scenarios\n* is open access, so does not allow you to test authorisation\n\n[![Import Postman Collection](https://img.shields.io/badge/Import-Postman%20Collection-orange?logo=postman)](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/postman/postman_collection.json)\n\nImport the postman collection to run requests against sandbox.\n\n## Contact us\nFor help and support connecting to our APIs and to join our developer community, see [Help and support building healthcare software](https://digital.nhs.uk/developer/help-and-support).\n", "type": "text/plain" } } diff --git a/pyproject.toml b/pyproject.toml index ee599fcd..aa5f1704 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,19 +9,19 @@ requires-python = "~=3.13.0" app = [ "flask~=3.1.2", "pydantic==2.9.2", - "gunicorn~=23.0.0", - "requests~=2.32.5", + "gunicorn~=25.3.0", + "requests~=2.33.0", "pyjwt~=2.8.0", "cryptography~=42.0.0", "xmltodict>=1.0.2", ] -sandbox = ["flask~=3.1.2", "gunicorn~=23.0.0"] +sandbox = ["flask~=3.1.2", "gunicorn~=25.3.0"] dev = [ "coverage==7.13.4", "pytest-cov==7.0.0", "pytest-nhsd-apim==5.0.14", "pytest==8.2.0", - "requests==2.32.5", + "requests==2.33.0", "ruff==0.15.5", ] # Note: proxygen-cli (latest: 3.0.2) cannot be added as a dependency due to incompatibilities: @@ -33,7 +33,7 @@ dev = [ required-version = ">=0.9,<0.11" package = false default-groups = "all" -override-dependencies = ["typing-extensions==4.12.2", "requests==2.32.5"] +override-dependencies = ["typing-extensions==4.12.2", "requests==2.33.0"] [tool.coverage.run] branch = true diff --git a/sandbox/Dockerfile b/sandbox/Dockerfile index 55c77c21..3ee963c8 100644 --- a/sandbox/Dockerfile +++ b/sandbox/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.14.3-alpine +FROM python:3.15.0a8-alpine COPY --from=ghcr.io/astral-sh/uv:0.10.0 /uv /uvx /bin/ diff --git a/uv.lock b/uv.lock index b39dabdc..0bd01a92 100644 --- a/uv.lock +++ b/uv.lock @@ -4,7 +4,7 @@ requires-python = "==3.13.*" [manifest] overrides = [ - { name = "requests", specifier = "==2.32.5" }, + { name = "requests", specifier = "==2.33.0" }, { name = "typing-extensions", specifier = "==4.12.2" }, ] @@ -211,14 +211,14 @@ wheels = [ [[package]] name = "gunicorn" -version = "23.0.0" +version = "25.3.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "packaging" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/34/72/9614c465dc206155d93eff0ca20d42e1e35afc533971379482de953521a4/gunicorn-23.0.0.tar.gz", hash = "sha256:f014447a0101dc57e294f6c18ca6b40227a4c90e9bdb586042628030cba004ec", size = 375031, upload-time = "2024-08-10T20:25:27.378Z" } +sdist = { url = "https://files.pythonhosted.org/packages/c4/f4/e78fa054248fab913e2eab0332c6c2cb07421fca1ce56d8fe43b6aef57a4/gunicorn-25.3.0.tar.gz", hash = "sha256:f74e1b2f9f76f6cd1ca01198968bd2dd65830edc24b6e8e4d78de8320e2fe889", size = 634883, upload-time = "2026-03-27T00:00:26.092Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/cb/7d/6dac2a6e1eba33ee43f318edbed4ff29151a49b5d37f080aad1e6469bca4/gunicorn-23.0.0-py3-none-any.whl", hash = "sha256:ec400d38950de4dfd418cff8328b2c8faed0edb0d517d3394e457c317908ca4d", size = 85029, upload-time = "2024-08-10T20:25:24.996Z" }, + { url = "https://files.pythonhosted.org/packages/43/c8/8aaf447698c4d59aa853fd318eed300b5c9e44459f242ab8ead6c9c09792/gunicorn-25.3.0-py3-none-any.whl", hash = "sha256:cacea387dab08cd6776501621c295a904fe8e3b7aae9a1a3cbb26f4e7ed54660", size = 208403, upload-time = "2026-03-27T00:00:27.386Z" }, ] [[package]] @@ -264,10 +264,10 @@ sandbox = [ app = [ { name = "cryptography", specifier = "~=42.0.0" }, { name = "flask", specifier = "~=3.1.2" }, - { name = "gunicorn", specifier = "~=23.0.0" }, + { name = "gunicorn", specifier = "~=25.3.0" }, { name = "pydantic", specifier = "==2.9.2" }, { name = "pyjwt", specifier = "~=2.8.0" }, - { name = "requests", specifier = "~=2.32.5" }, + { name = "requests", specifier = "~=2.33.0" }, { name = "xmltodict", specifier = ">=1.0.2" }, ] dev = [ @@ -275,12 +275,12 @@ dev = [ { name = "pytest", specifier = "==8.2.0" }, { name = "pytest-cov", specifier = "==7.0.0" }, { name = "pytest-nhsd-apim", specifier = "==5.0.14" }, - { name = "requests", specifier = "==2.32.5" }, + { name = "requests", specifier = "==2.33.0" }, { name = "ruff", specifier = "==0.15.5" }, ] sandbox = [ { name = "flask", specifier = "~=3.1.2" }, - { name = "gunicorn", specifier = "~=23.0.0" }, + { name = "gunicorn", specifier = "~=25.3.0" }, ] [[package]] @@ -540,16 +540,16 @@ wheels = [ [[package]] name = "python-dotenv" -version = "1.2.1" +version = "1.2.2" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/f0/26/19cadc79a718c5edbec86fd4919a6b6d3f681039a2f6d66d14be94e75fb9/python_dotenv-1.2.1.tar.gz", hash = "sha256:42667e897e16ab0d66954af0e60a9caa94f0fd4ecf3aaf6d2d260eec1aa36ad6", size = 44221, upload-time = "2025-10-26T15:12:10.434Z" } +sdist = { url = "https://files.pythonhosted.org/packages/82/ed/0301aeeac3e5353ef3d94b6ec08bbcabd04a72018415dcb29e588514bba8/python_dotenv-1.2.2.tar.gz", hash = "sha256:2c371a91fbd7ba082c2c1dc1f8bf89ca22564a087c2c287cd9b662adde799cf3", size = 50135, upload-time = "2026-03-01T16:00:26.196Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/14/1b/a298b06749107c305e1fe0f814c6c74aea7b2f1e10989cb30f544a1b3253/python_dotenv-1.2.1-py3-none-any.whl", hash = "sha256:b81ee9561e9ca4004139c6cbba3a238c32b03e4894671e181b671e8cb8425d61", size = 21230, upload-time = "2025-10-26T15:12:09.109Z" }, + { url = "https://files.pythonhosted.org/packages/0b/d7/1959b9648791274998a9c3526f6d0ec8fd2233e4d4acce81bbae76b44b2a/python_dotenv-1.2.2-py3-none-any.whl", hash = "sha256:1d8214789a24de455a8b8bd8ae6fe3c6b69a5e3d64aa8a8e5d68e694bbcb285a", size = 22101, upload-time = "2026-03-01T16:00:25.09Z" }, ] [[package]] name = "requests" -version = "2.32.5" +version = "2.33.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "certifi" }, @@ -557,9 +557,9 @@ dependencies = [ { name = "idna" }, { name = "urllib3" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" } +sdist = { url = "https://files.pythonhosted.org/packages/34/64/8860370b167a9721e8956ae116825caff829224fbca0ca6e7bf8ddef8430/requests-2.33.0.tar.gz", hash = "sha256:c7ebc5e8b0f21837386ad0e1c8fe8b829fa5f544d8df3b2253bff14ef29d7652", size = 134232, upload-time = "2026-03-25T15:10:41.586Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" }, + { url = "https://files.pythonhosted.org/packages/56/5d/c814546c2333ceea4ba42262d8c4d55763003e767fa169adc693bd524478/requests-2.33.0-py3-none-any.whl", hash = "sha256:3324635456fa185245e24865e810cecec7b4caf933d7eb133dcde67d48cee69b", size = 65017, upload-time = "2026-03-25T15:10:40.382Z" }, ] [[package]]