From d3e2eea6da8474033e167b96239edc3de602f2be Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Tue, 19 May 2026 13:40:29 +0100 Subject: [PATCH 1/7] NPA-6797: pushing to test gunicorn upgrade --- .github/actions/check-uv-lock/action.yaml | 2 +- .github/actions/ruff-checks/action.yaml | 2 +- .github/actions/ruff-format/action.yaml | 2 +- .github/actions/run-unit-tests/action.yaml | 2 +- .../setup-python-dependencies/action.yaml | 2 +- .github/workflows/codeql-analysis.yml | 4 ++-- pyproject.toml | 10 ++++----- uv.lock | 22 +++++++++---------- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/actions/check-uv-lock/action.yaml b/.github/actions/check-uv-lock/action.yaml index ace07c2..3937f89 100644 --- a/.github/actions/check-uv-lock/action.yaml +++ b/.github/actions/check-uv-lock/action.yaml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 with: version: "0.9.4" - name: Check uv version diff --git a/.github/actions/ruff-checks/action.yaml b/.github/actions/ruff-checks/action.yaml index 072929e..de4ec0c 100644 --- a/.github/actions/ruff-checks/action.yaml +++ b/.github/actions/ruff-checks/action.yaml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/ruff-format/action.yaml b/.github/actions/ruff-format/action.yaml index 374cd9e..597cb86 100644 --- a/.github/actions/ruff-format/action.yaml +++ b/.github/actions/ruff-format/action.yaml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/run-unit-tests/action.yaml b/.github/actions/run-unit-tests/action.yaml index 7e3b995..e37ec4f 100644 --- a/.github/actions/run-unit-tests/action.yaml +++ b/.github/actions/run-unit-tests/action.yaml @@ -10,7 +10,7 @@ runs: using: "composite" steps: - name: Install the latest version of uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/setup-python-dependencies/action.yaml b/.github/actions/setup-python-dependencies/action.yaml index c69e475..f534830 100644 --- a/.github/actions/setup-python-dependencies/action.yaml +++ b/.github/actions/setup-python-dependencies/action.yaml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Install uv based on the version defined in pyproject.toml - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 with: version-file: "pyproject.toml" - name: Install Python dependencies diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 31d3973..c2c72f9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -29,8 +29,8 @@ jobs: fetch-depth: 0 persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 diff --git a/pyproject.toml b/pyproject.toml index ee599fc..aa5f170 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,19 +9,19 @@ requires-python = "~=3.13.0" app = [ "flask~=3.1.2", "pydantic==2.9.2", - "gunicorn~=23.0.0", - "requests~=2.32.5", + "gunicorn~=25.3.0", + "requests~=2.33.0", "pyjwt~=2.8.0", "cryptography~=42.0.0", "xmltodict>=1.0.2", ] -sandbox = ["flask~=3.1.2", "gunicorn~=23.0.0"] +sandbox = ["flask~=3.1.2", "gunicorn~=25.3.0"] dev = [ "coverage==7.13.4", "pytest-cov==7.0.0", "pytest-nhsd-apim==5.0.14", "pytest==8.2.0", - "requests==2.32.5", + "requests==2.33.0", "ruff==0.15.5", ] # Note: proxygen-cli (latest: 3.0.2) cannot be added as a dependency due to incompatibilities: @@ -33,7 +33,7 @@ dev = [ required-version = ">=0.9,<0.11" package = false default-groups = "all" -override-dependencies = ["typing-extensions==4.12.2", "requests==2.32.5"] +override-dependencies = ["typing-extensions==4.12.2", "requests==2.33.0"] [tool.coverage.run] branch = true diff --git a/uv.lock b/uv.lock index b39dabd..2c1ee59 100644 --- a/uv.lock +++ b/uv.lock @@ -4,7 +4,7 @@ requires-python = "==3.13.*" [manifest] overrides = [ - { name = "requests", specifier = "==2.32.5" }, + { name = "requests", specifier = "==2.33.0" }, { name = "typing-extensions", specifier = "==4.12.2" }, ] @@ -211,14 +211,14 @@ wheels = [ [[package]] name = "gunicorn" -version = "23.0.0" +version = "25.3.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "packaging" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/34/72/9614c465dc206155d93eff0ca20d42e1e35afc533971379482de953521a4/gunicorn-23.0.0.tar.gz", hash = "sha256:f014447a0101dc57e294f6c18ca6b40227a4c90e9bdb586042628030cba004ec", size = 375031, upload-time = "2024-08-10T20:25:27.378Z" } +sdist = { url = "https://files.pythonhosted.org/packages/c4/f4/e78fa054248fab913e2eab0332c6c2cb07421fca1ce56d8fe43b6aef57a4/gunicorn-25.3.0.tar.gz", hash = "sha256:f74e1b2f9f76f6cd1ca01198968bd2dd65830edc24b6e8e4d78de8320e2fe889", size = 634883, upload-time = "2026-03-27T00:00:26.092Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/cb/7d/6dac2a6e1eba33ee43f318edbed4ff29151a49b5d37f080aad1e6469bca4/gunicorn-23.0.0-py3-none-any.whl", hash = "sha256:ec400d38950de4dfd418cff8328b2c8faed0edb0d517d3394e457c317908ca4d", size = 85029, upload-time = "2024-08-10T20:25:24.996Z" }, + { url = "https://files.pythonhosted.org/packages/43/c8/8aaf447698c4d59aa853fd318eed300b5c9e44459f242ab8ead6c9c09792/gunicorn-25.3.0-py3-none-any.whl", hash = "sha256:cacea387dab08cd6776501621c295a904fe8e3b7aae9a1a3cbb26f4e7ed54660", size = 208403, upload-time = "2026-03-27T00:00:27.386Z" }, ] [[package]] @@ -264,10 +264,10 @@ sandbox = [ app = [ { name = "cryptography", specifier = "~=42.0.0" }, { name = "flask", specifier = "~=3.1.2" }, - { name = "gunicorn", specifier = "~=23.0.0" }, + { name = "gunicorn", specifier = "~=25.3.0" }, { name = "pydantic", specifier = "==2.9.2" }, { name = "pyjwt", specifier = "~=2.8.0" }, - { name = "requests", specifier = "~=2.32.5" }, + { name = "requests", specifier = "~=2.33.0" }, { name = "xmltodict", specifier = ">=1.0.2" }, ] dev = [ @@ -275,12 +275,12 @@ dev = [ { name = "pytest", specifier = "==8.2.0" }, { name = "pytest-cov", specifier = "==7.0.0" }, { name = "pytest-nhsd-apim", specifier = "==5.0.14" }, - { name = "requests", specifier = "==2.32.5" }, + { name = "requests", specifier = "==2.33.0" }, { name = "ruff", specifier = "==0.15.5" }, ] sandbox = [ { name = "flask", specifier = "~=3.1.2" }, - { name = "gunicorn", specifier = "~=23.0.0" }, + { name = "gunicorn", specifier = "~=25.3.0" }, ] [[package]] @@ -549,7 +549,7 @@ wheels = [ [[package]] name = "requests" -version = "2.32.5" +version = "2.33.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "certifi" }, @@ -557,9 +557,9 @@ dependencies = [ { name = "idna" }, { name = "urllib3" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" } +sdist = { url = "https://files.pythonhosted.org/packages/34/64/8860370b167a9721e8956ae116825caff829224fbca0ca6e7bf8ddef8430/requests-2.33.0.tar.gz", hash = "sha256:c7ebc5e8b0f21837386ad0e1c8fe8b829fa5f544d8df3b2253bff14ef29d7652", size = 134232, upload-time = "2026-03-25T15:10:41.586Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" }, + { url = "https://files.pythonhosted.org/packages/56/5d/c814546c2333ceea4ba42262d8c4d55763003e767fa169adc693bd524478/requests-2.33.0-py3-none-any.whl", hash = "sha256:3324635456fa185245e24865e810cecec7b4caf933d7eb133dcde67d48cee69b", size = 65017, upload-time = "2026-03-25T15:10:40.382Z" }, ] [[package]] From 69a94e8bf3337105263013195b71e99dd36db8aa Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Tue, 19 May 2026 13:49:25 +0100 Subject: [PATCH 2/7] NPA-6797: allow PR code anaylsis --- .github/workflows/codeql-analysis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c2c72f9..c46637f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -10,6 +10,9 @@ on: schedule: - cron: "20 14 * * 1" +env: + CODEQL_ACTION_FILE_COVERAGE_ON_PRS: "true" + permissions: contents: read security-events: write From 86a9dec8bcb42a878726af5ededb96b9feaf1a2e Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Tue, 19 May 2026 14:52:43 +0100 Subject: [PATCH 3/7] NPA-6797: pushing to test new docker image build --- app/Dockerfile | 2 +- package-lock.json | 12 +- postman/postman_collection.json | 436 +++++++++++++++++++++++--------- sandbox/Dockerfile | 2 +- uv.lock | 6 +- 5 files changed, 328 insertions(+), 130 deletions(-) diff --git a/app/Dockerfile b/app/Dockerfile index f0e3fda..961aeaf 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.14.3-alpine +FROM python:3.15.0a8-alpine COPY --from=ghcr.io/astral-sh/uv:0.10.0 /uv /uvx /bin/ diff --git a/package-lock.json b/package-lock.json index 3b742de..6d9292d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -931,9 +931,9 @@ "license": "MIT" }, "node_modules/basic-ftp": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz", - "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==", + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.2.tgz", + "integrity": "sha512-1tDrzKsdCg70WGvbFss/ulVAxupNauGnOlgpyjKzeQxzyllBLS0CGLV7tjIXTK3ZQA9/FBEm9qyFFN1bciA6pw==", "dev": true, "license": "MIT", "engines": { @@ -1992,9 +1992,9 @@ "license": "ISC" }, "node_modules/follow-redirects": { - "version": "1.15.11", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", - "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", "dev": true, "funding": [ { diff --git a/postman/postman_collection.json b/postman/postman_collection.json index 74a0ce2..8f91e44 100644 --- a/postman/postman_collection.json +++ b/postman/postman_collection.json @@ -1,10 +1,10 @@ { "_": { - "postman_id": "70ba2b8a-5ba5-43a3-8163-93fc86b0faf6" + "postman_id": "82590680-5764-40a0-b643-84b8bc8f1a7b" }, "item": [ { - "id": "89e70426-dc25-42ad-ae62-3417f07f202d", + "id": "a7aa5f2e-b7e8-4520-8bed-f710c7921b28", "name": "sessions", "description": { "content": "", @@ -12,17 +12,17 @@ }, "item": [ { - "id": "f9d648b9-2b04-4d82-960e-4300b43b0e4c", - "name": "Begins a session", + "id": "fe5b345c-568a-4662-9f76-4cf4bee5c65c", + "name": "Create a session", "request": { - "name": "Begins a session", + "name": "Create a session", "description": { - "content": "## Overview\n\nA user can authenticate and establish a session with GPIT supplier systems.\n\nThis endpoint:\n - Verifies the user access token\n - Extracts the NHS number for the user, NHS number and ODS code of the patient\n - Determines which supplier system to forward requests onto\n - Transforms response\n\n## Access modes\n\nThis endpoint supports the following access modes:\n- Patient access\n\n## Sandbox test scenarios\n\nSee the postman collection for example requests.\n\n| Scenario | Request | Response |\n| ---------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |\n| Successful request | Valid request with forward to value of https://example.com and ods code value of A29929 | HTTP Status 201 Success response |\n\n### Sandbox constraints\n - Headers that are not required for the scenario are not validated and are disregarded.\n\nOr perhaps you'd like to try out the sandbox using our 'Try it out' feature.\n", + "content": "## Overview\n\nA user can authenticate and establish a session with GPIT supplier systems.\n\nThis endpoint:\n - Verifies the user access token\n - Determines which supplier system to forward requests onto\n - Transforms response\n\n## Access modes\n\nThis endpoint supports the following access modes:\n- Patient access\n\n## Sandbox test scenarios\n\nSee the postman collection for example requests.\n\n| Scenario | Request | Response |\n| ---------------------- | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |\n| Successful request | Valid request with forward to value of https://example.com and ods code value of A29929 | HTTP Status 201 Success response |\n\n### Sandbox constraints\n - Headers that are not required for the scenario are not validated and are disregarded.\n\nOr perhaps you'd like to try out the sandbox using our 'Try it out' feature.\n", "type": "text/plain" }, "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -43,11 +43,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -55,25 +55,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -82,7 +82,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -118,12 +118,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "c8735fef-ab9b-480b-8294-0aaec70746b6", + "id": "a2445e93-6833-476b-9283-31407774c2ab", "name": "The session was created successfully", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -144,11 +144,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -156,25 +156,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -183,7 +183,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -210,19 +210,19 @@ "value": "application/json" } ], - "body": "{\n \"sessionId\": \"in laboru\",\n \"userPatientLinkToken\": \"fugiat anim\",\n \"suid\": \"commodo reprehenderit\",\n \"onlineUserId\": \"deserunt Lorem magna\",\n \"patientId\": \"Excepteur aute reprehenderit in laborum\"\n}", + "body": "{\n \"sessionId\": \"irure\",\n \"endUserSessionId\": \"irure anim veniam voluptate\",\n \"supplier\": \"EMIS\",\n \"odsCode\": \"enim magna qui nul\",\n \"user\": {\n \"dateOfBirth\": \"esse magna commodo incididunt\",\n \"firstName\": \"mollit sint occaecat dolo\",\n \"patientIdentifiers\": [\n {\n \"value\": \"consectetur reprehenderit eiusmod\",\n \"type\": \"id consectetur nulla\"\n },\n {\n \"value\": \"sit nulla quis\",\n \"type\": \"qui dolor consectetur Exce\"\n }\n ],\n \"permissions\": {\n \"appointmentsEnabled\": false,\n \"demographicsUpdateEnabled\": true,\n \"epsEnabled\": true,\n \"medicalRecordEnabled\": false,\n \"onlineTriageEnabled\": false,\n \"practicePatientCommunicationEnabled\": false,\n \"prescribingEnabled\": false,\n \"recordSharingEnabled\": false,\n \"recordViewAuditEnabled\": true,\n \"medicalRecord\": {\n \"recordAccessScheme\": \"DetailedCodedCareRecord\",\n \"allergiesEnabled\": false,\n \"consultationsEnabled\": false,\n \"immunisationsEnabled\": false,\n \"documentsEnabled\": false,\n \"medicationEnabled\": true,\n \"problemsEnabled\": true,\n \"testResultsEnabled\": true\n }\n },\n \"surname\": \"magna et aliquip laborum\",\n \"title\": \"in Ut qui quis\",\n \"userPatientLinkToken\": \"deserunt do\"\n },\n \"patients\": [\n {\n \"dateOfBirth\": \"aliqua Duis eiusmod\",\n \"firstName\": \"aliquip sit\",\n \"patientIdentifiers\": [\n {\n \"value\": \"dolore ut\",\n \"type\": \"cupidatat ullamco\"\n },\n {\n \"value\": \"do qui voluptate tempor\",\n \"type\": \"est\"\n }\n ],\n \"permissions\": {\n \"appointmentsEnabled\": true,\n \"demographicsUpdateEnabled\": true,\n \"epsEnabled\": false,\n \"medicalRecordEnabled\": true,\n \"onlineTriageEnabled\": true,\n \"practicePatientCommunicationEnabled\": false,\n \"prescribingEnabled\": true,\n \"recordSharingEnabled\": false,\n \"recordViewAuditEnabled\": false,\n \"medicalRecord\": {\n \"recordAccessScheme\": \"DetailedCodedCareRecord\",\n \"allergiesEnabled\": false,\n \"consultationsEnabled\": true,\n \"immunisationsEnabled\": true,\n \"documentsEnabled\": false,\n \"medicationEnabled\": true,\n \"problemsEnabled\": true,\n \"testResultsEnabled\": true\n }\n },\n \"surname\": \"enim adipisicing voluptate est\",\n \"title\": \"tempor qui Duis anim\",\n \"userPatientLinkToken\": \"anim cupidatat velit ad\"\n },\n {\n \"dateOfBirth\": \"laborum fugiat ullamco\",\n \"firstName\": \"ut fugiat ea magna\",\n \"patientIdentifiers\": [\n {\n \"value\": \"magn\",\n \"type\": \"ullamco deserunt\"\n },\n {\n \"value\": \"occa\",\n \"type\": \"in dolore\"\n }\n ],\n \"permissions\": {\n \"appointmentsEnabled\": false,\n \"demographicsUpdateEnabled\": false,\n \"epsEnabled\": true,\n \"medicalRecordEnabled\": true,\n \"onlineTriageEnabled\": false,\n \"practicePatientCommunicationEnabled\": true,\n \"prescribingEnabled\": false,\n \"recordSharingEnabled\": true,\n \"recordViewAuditEnabled\": true,\n \"medicalRecord\": {\n \"recordAccessScheme\": \"CoreSummaryCareRecord\",\n \"allergiesEnabled\": true,\n \"consultationsEnabled\": true,\n \"immunisationsEnabled\": true,\n \"documentsEnabled\": false,\n \"medicationEnabled\": false,\n \"problemsEnabled\": true,\n \"testResultsEnabled\": false\n }\n },\n \"surname\": \"veniam sed Duis\",\n \"title\": \"sint cillum\",\n \"userPatientLinkToken\": \"dolore fugia\"\n }\n ]\n}", "cookie": [] }, { "_": { "postman_previewlanguage": "json" }, - "id": "ffba3bb4-3d3c-4c7a-927a-6b269de42549", + "id": "04b527b7-fe3d-447d-88e9-e2c672695aa5", "name": "missingValueError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -243,11 +243,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -255,25 +255,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -282,7 +282,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -316,12 +316,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "e511f239-d22d-4936-8684-09f8b1c96f9e", + "id": "80f96935-a5d7-4ac5-82a6-96ba574e7d01", "name": "invalidValueError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -342,11 +342,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -354,25 +354,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -381,7 +381,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -415,12 +415,111 @@ "_": { "postman_previewlanguage": "json" }, - "id": "0a429ad4-82ab-47df-aa42-88b4dec0274f", + "id": "48f1fa62-9db0-4aaf-b881-f8bb5a4f2449", + "name": "notFoundError", + "originalRequest": { + "url": { + "path": [ + "authenticate" + ], + "host": [ + "{{baseUrl}}" + ], + "query": [], + "variable": [] + }, + "header": [ + { + "disabled": false, + "description": { + "content": "(Required) An [OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis).", + "type": "text/plain" + }, + "key": "Authorization", + "value": "Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM" + }, + { + "disabled": false, + "description": { + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", + "type": "text/plain" + }, + "key": "NHSE-Application-ID", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Request-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "disabled": false, + "description": { + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", + "type": "text/plain" + }, + "key": "NHSE-Forward-To", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) The ODS code of the GP practice to start a session with.", + "type": "text/plain" + }, + "key": "NHSE-ODS-Code", + "value": "A29929" + }, + { + "disabled": true, + "description": { + "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Correlation-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "key": "Accept", + "value": "application/json" + }, + { + "description": { + "content": "Added as a part of security scheme: oauth2", + "type": "text/plain" + }, + "key": "Authorization", + "value": "" + } + ], + "method": "POST", + "body": {} + }, + "status": "Bad Request", + "code": 400, + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/NotFoundError\"\n}", + "cookie": [] + }, + { + "_": { + "postman_previewlanguage": "json" + }, + "id": "b0b1c0fc-56e6-4341-88fb-ce1c43ffd8c7", "name": "accessDeniedError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -441,11 +540,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -453,25 +552,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -480,7 +579,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -507,19 +606,19 @@ "value": "application/json" } ], - "body": "{\n \"externalValue\": \"./examples/errors.yaml#/AccessDeniedError\"\n}", + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/AccessDeniedErrorError\"\n}", "cookie": [] }, { "_": { "postman_previewlanguage": "json" }, - "id": "faedfcd9-a404-440f-a6f9-9e0181bee0e6", + "id": "a397c448-1337-46b2-a74f-4a5a2c3276b4", "name": "forbiddenError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -540,11 +639,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -552,25 +651,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -579,7 +678,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -613,12 +712,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "05b40f8a-bea2-4f3b-8087-bf64c5c56771", + "id": "f59d88a7-962c-40e2-9877-a4621516b4f9", "name": "timeoutError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -639,11 +738,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -651,25 +750,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -678,7 +777,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -712,12 +811,12 @@ "_": { "postman_previewlanguage": "json" }, - "id": "db71ab20-cf87-46d8-b493-6c7834daad27", + "id": "4c527457-8013-43ea-8c06-e7d5ea2f92ef", "name": "throttledError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -738,11 +837,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -750,25 +849,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -777,7 +876,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -811,12 +910,111 @@ "_": { "postman_previewlanguage": "json" }, - "id": "28945647-79bf-4b1d-86a0-5399420ed35c", - "name": "Errors will be returned for the first error encountered in the request. An error occurred as follows:\n\n| HTTP status | Error code | Description |\n| ----------- | ----------------------- | ------------------------------------------------- |\n| 500 | `SERVER_ERROR` | An unexpected internal server error has occurred. |\n", + "id": "5d9e2081-b839-4bc5-8065-dddff43f9172", + "name": "serverError", + "originalRequest": { + "url": { + "path": [ + "authenticate" + ], + "host": [ + "{{baseUrl}}" + ], + "query": [], + "variable": [] + }, + "header": [ + { + "disabled": false, + "description": { + "content": "(Required) An [OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis).", + "type": "text/plain" + }, + "key": "Authorization", + "value": "Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM" + }, + { + "disabled": false, + "description": { + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", + "type": "text/plain" + }, + "key": "NHSE-Application-ID", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Request-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "disabled": false, + "description": { + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", + "type": "text/plain" + }, + "key": "NHSE-Forward-To", + "value": "ea" + }, + { + "disabled": false, + "description": { + "content": "(Required) The ODS code of the GP practice to start a session with.", + "type": "text/plain" + }, + "key": "NHSE-ODS-Code", + "value": "A29929" + }, + { + "disabled": true, + "description": { + "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", + "type": "text/plain" + }, + "key": "NHSE-Correlation-ID", + "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" + }, + { + "key": "Accept", + "value": "application/json" + }, + { + "description": { + "content": "Added as a part of security scheme: oauth2", + "type": "text/plain" + }, + "key": "Authorization", + "value": "" + } + ], + "method": "POST", + "body": {} + }, + "status": "Internal Server Error", + "code": 500, + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/InternalServerError\"\n}", + "cookie": [] + }, + { + "_": { + "postman_previewlanguage": "json" + }, + "id": "a361c42f-3038-4116-8974-678259a11acf", + "name": "downstreamError", "originalRequest": { "url": { "path": [ - "authentication" + "authenticate" ], "host": [ "{{baseUrl}}" @@ -837,11 +1035,11 @@ { "disabled": false, "description": { - "content": "(Required) The identity of the subsidiary.", + "content": "(Required) The identifier of the calling application e.g. EMIS: X-API-ApplicationId, and TPP: providerId.", "type": "text/plain" }, - "key": "X-Application-ID", - "value": "anim cillum" + "key": "NHSE-Application-ID", + "value": "ea" }, { "disabled": false, @@ -849,25 +1047,25 @@ "content": "(Required) An ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Request-ID", + "key": "NHSE-Request-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { "disabled": false, "description": { - "content": "(Required) The base URL to forward requests to.", + "content": "(Required) The GPIT Supplier base URL to forward requests to.\n\nTPP:\n| Environment | Allowed URLs |\n|-------------|---------------------------------|\n| Integration | https://systmonline2.tpp-uk.com |\n| Production | https://systmonline.tpp-uk.com |\n\nEMIS:\n| Environment | Allowed URLs |\n|-------------|-------------------------------------|\n| Integration | https://nhs70apptest.emishealth.com |\n| Production | https://api.pfs.emis-x.uk |\n", "type": "text/plain" }, - "key": "X-Forward-To", - "value": "https://example.com" + "key": "NHSE-Forward-To", + "value": "ea" }, { "disabled": false, "description": { - "content": "(Required) The ODS code of the user to start a session with.", + "content": "(Required) The ODS code of the GP practice to start a session with.", "type": "text/plain" }, - "key": "X-ODS-Code", + "key": "NHSE-ODS-Code", "value": "A29929" }, { @@ -876,7 +1074,7 @@ "content": "An optional ID which you can use to track transactions across multiple systems. Must be a universally unique identifier (UUID) (ideally version 4). Mirrored back in a response header.", "type": "text/plain" }, - "key": "X-Correlation-ID", + "key": "NHSE-Correlation-ID", "value": "11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA" }, { @@ -903,7 +1101,7 @@ "value": "application/json" } ], - "body": "{\n \"externalValue\": \"./examples/errors.yaml#/ServerError\"\n}", + "body": "{\n \"externalValue\": \"./examples/errors.yaml#/DownstreamError\"\n}", "cookie": [] } ], @@ -925,11 +1123,11 @@ } ], "info": { - "_postman_id": "70ba2b8a-5ba5-43a3-8163-93fc86b0faf6", + "_postman_id": "82590680-5764-40a0-b643-84b8bc8f1a7b", "name": "IM1 PFS Auth API", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "description": { - "content": "## Overview\n![IM1 PFS Auth API High-level Diagram](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/specification/assets/overview.drawio.svg)\n\nAn intermediary service to allow a proxy to act on behalf of their patient, regardless of GP practice they are registered to. Use this API to authenticate a user using an NHS login issued \"proxy token\" and initiate a session with the appropriate supplier system based on ODS code where an online account will be matched. A successful match would return newly established IM1 session details.\n\nYou can:\n\n- Authenticate a user and initiate a session with the approporiate supplier\n\n## Who can use this API\nThis API can only be used where there is a legal basis to do so. Make sure you have this and a valid use case before\nyou go too far with your development by [contacting us](https://digital.nhs.uk/developer/help-and-support)\n\nYou must do this before you can go live (see 'Onboarding' below).\n\n## API status and roadmap\nThis API is [in development](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses), meaning:\n- we will be making breaking changes\n\n## Technology\nThis API is [RESTful](https://digital.nhs.uk/developer/guides-and-documentation/our-api-technologies#basic-rest).\n\n## Network access\nThis API is available on the internet.\n\nFor more details see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis).\n\n## Security and authorisation\n\nThis API supports [user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis) access type with the following access modes:\n\n| Access mode | Access type |\n|-------------------------------|------------------------|\n| Patient access | User-restricted |\n\nFor more information on access modes and how to use them, see the developer [security and authorisation guide](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation).\n\n### User-restricted access\n\nUser-restricted access meaning an end user must be present, authenticated and authorised.\n\n#### Patient access mode\nIf the end user is a patient then you must use this access mode.\n\n[Review all patient access modes](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#patient-access-mode)\n\nValidated Relationships Service API checks the patient is P9 verified and has a high [vector of trust](https://nhsconnect.github.io/nhslogin/vectors-of-trust/) (VOT).\n\nAllowed vectors of trust are:\n- `P9.Cp.Cd`\n- `P9.Cp.Ck`\n- `P9.Cm`\n\n## Headers\nThis API is case-insensitive when processing request headers, meaning it will accept headers regardless of the letter casing used. (e.g. X-Request-Id, x-request-id are treated the same). When sending headers back in the response, we preserve the exact casing as received in the original request.\n\n## Errors\nWe use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:\n\n* 200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action\n* 400 to 499 if it failed because of a client error by your application\n* 500 to 599 if it failed because of an error on our server\n\nErrors specific to each API are shown in the Endpoints section, under Response. See our [reference guide](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#http-status-codes) for more on errors.\n\n## Open source\nYou might find the following [open source](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#open-source) resources useful:\n\n| Resource | Description | Links |\n| ---------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| IM1 PFS Auth API | Source code for the API proxy, sandbox and specification. | [GitHub repo](https://github.com/NHSDigital/im1-pfs-auth) |\n\n## Environments and testing\n| Environment | Base URL |\n| ----------------- | -------------------------------------------------- |\n| Sandbox | `https://sandbox.api.service.nhs.uk/im1-pfs-auth/` |\n| Integration test | `https://int.api.service.nhs.uk/im1-pfs-auth/` |\n\n### Sandbox testing\nOur [sandbox environment](https://digital.nhs.uk/developer/guides-and-documentation/testing#sandbox-testing)\n\n* is for early developer testing\n* only covers a limited set of scenarios\n* is open access, so does not allow you to test authorisation\n\n[![Import Postman Collection](https://img.shields.io/badge/Import-Postman%20Collection-orange?logo=postman)](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/postman/postman_collection.json)\n\nImport the postman collection to run requests against sandbox.\n\n## Onboarding\nYou must get your software onboarded before it can go live.\n\nFor more details, contact us at [england.vrs-team@nhs.net](mailto:england.vrs-team@nhs.net).\n\n## Contact us\nFor help and support connecting to our APIs and to join our developer community, see [Help and support building healthcare software](https://digital.nhs.uk/developer/help-and-support).\n", + "content": "## Overview\n\nIM1 PFS Auth provides a means of authenticating a user and establishing an IM1 session to access Patient-Facing Services (PFS).\nThe API authenticates a user via an NHS login token and routes requests to the specified supplier system and ODS code.\nIf the user's account is successfully matched, the API returns the new IM1 session details.\n\n![IM1 PFS Auth API High-level Diagram](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/specification/assets/overview.drawio.svg)\n\nYou can use this API to:\n\n- authenticate a user and initiate a session with the appropriate supplier system for:\n - a specific patient\n - all patients that the logged-in user has an online account for\n\n## Who can use this API\nYou can only use this API if you have a valid legal basis.\nBefore investing significant time in development, confirm that your use case is appropriate by [contacting us](https://digital.nhs.uk/developer/help-and-support).\n\nYou must do this before you can go live.\n\n## API status and roadmap\nThis API is [in development](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses).\n\n## Technology\nThis API is [RESTful](https://digital.nhs.uk/developer/guides-and-documentation/our-api-technologies#basic-rest).\n\n## Network access\nThis API is available on the internet.\n\nFor more details see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis).\n\n## Security and authorisation\n\nThis API supports [user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis) access type with the following access modes:\n\n| Access mode | Access type |\n|-------------------------------|------------------------|\n| Patient access | User-restricted |\n\nFor more information on access modes and how to use them, see the developer [security and authorisation guide](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation).\n\n### User-restricted access\n\nThis API has user-restricted access, meaning an end user must be present, authenticated and authorised.\n\n#### Patient access mode\nIf the end user is a patient then you must use this access mode.\n\n[Review all patient access modes](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#patient-access-mode)\n\n\n## Headers\nThis API is case-insensitive when processing request headers, meaning it will accept headers regardless of the letter casing used. For example, NHSE-Request-Id, nhse-request-id are treated the same.\n\n## Errors\nWe use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:\n\n* 200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action\n* 400 to 499 if it failed because of a client error by your application\n* 500 to 599 if it failed because of an error on our server\n\nEach endpoint lists its own specific errors in the Responses section. See our [reference guide](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#http-status-codes) for more on errors.\n\n## Open source\nYou might find the following [open source](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#open-source) resources useful:\n\n| Resource | Description | Links |\n| ---------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| IM1 PFS Auth API | Source code for the API proxy, sandbox and specification. | [GitHub repo](https://github.com/NHSDigital/im1-pfs-auth) |\n\n## Environments and testing\n| Environment | Base URL |\n| ----------------- | -------------------------------------------------- |\n| Sandbox | `https://sandbox.api.service.nhs.uk/im1-pfs-auth/` |\n| Integration test | `https://int.api.service.nhs.uk/im1-pfs-auth/` |\n\n### Sandbox testing\nOur [sandbox environment](https://digital.nhs.uk/developer/guides-and-documentation/testing#sandbox-testing)\n\n* is for early developer testing\n* only covers a limited set of scenarios\n* is open access, so does not allow you to test authorisation\n\n[![Import Postman Collection](https://img.shields.io/badge/Import-Postman%20Collection-orange?logo=postman)](https://raw.githubusercontent.com/NHSDigital/im1-pfs-auth/main/postman/postman_collection.json)\n\nImport the postman collection to run requests against sandbox.\n\n## Contact us\nFor help and support connecting to our APIs and to join our developer community, see [Help and support building healthcare software](https://digital.nhs.uk/developer/help-and-support).\n", "type": "text/plain" } } diff --git a/sandbox/Dockerfile b/sandbox/Dockerfile index 55c77c2..3ee963c 100644 --- a/sandbox/Dockerfile +++ b/sandbox/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.14.3-alpine +FROM python:3.15.0a8-alpine COPY --from=ghcr.io/astral-sh/uv:0.10.0 /uv /uvx /bin/ diff --git a/uv.lock b/uv.lock index 2c1ee59..0bd01a9 100644 --- a/uv.lock +++ b/uv.lock @@ -540,11 +540,11 @@ wheels = [ [[package]] name = "python-dotenv" -version = "1.2.1" +version = "1.2.2" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/f0/26/19cadc79a718c5edbec86fd4919a6b6d3f681039a2f6d66d14be94e75fb9/python_dotenv-1.2.1.tar.gz", hash = "sha256:42667e897e16ab0d66954af0e60a9caa94f0fd4ecf3aaf6d2d260eec1aa36ad6", size = 44221, upload-time = "2025-10-26T15:12:10.434Z" } +sdist = { url = "https://files.pythonhosted.org/packages/82/ed/0301aeeac3e5353ef3d94b6ec08bbcabd04a72018415dcb29e588514bba8/python_dotenv-1.2.2.tar.gz", hash = "sha256:2c371a91fbd7ba082c2c1dc1f8bf89ca22564a087c2c287cd9b662adde799cf3", size = 50135, upload-time = "2026-03-01T16:00:26.196Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/14/1b/a298b06749107c305e1fe0f814c6c74aea7b2f1e10989cb30f544a1b3253/python_dotenv-1.2.1-py3-none-any.whl", hash = "sha256:b81ee9561e9ca4004139c6cbba3a238c32b03e4894671e181b671e8cb8425d61", size = 21230, upload-time = "2025-10-26T15:12:09.109Z" }, + { url = "https://files.pythonhosted.org/packages/0b/d7/1959b9648791274998a9c3526f6d0ec8fd2233e4d4acce81bbae76b44b2a/python_dotenv-1.2.2-py3-none-any.whl", hash = "sha256:1d8214789a24de455a8b8bd8ae6fe3c6b69a5e3d64aa8a8e5d68e694bbcb285a", size = 22101, upload-time = "2026-03-01T16:00:25.09Z" }, ] [[package]] From 4b1a0de048fd4c3b9a9134a2f8a2b6109faccd43 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Tue, 19 May 2026 15:17:58 +0100 Subject: [PATCH 4/7] more dependabot upgrades --- package-lock.json | 135 +++++++++++++++++++++++++++++++++------------- package.json | 4 +- 2 files changed, 101 insertions(+), 38 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6d9292d..0792c59 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,12 +10,12 @@ "license": "MIT", "devDependencies": { "@apideck/portman": "~=1.34.0", - "@openapitools/openapi-generator-cli": "~=2.30.2", + "@openapitools/openapi-generator-cli": "~=2.32.0", "apigeetool": "~=0.16.4", "license-checker": "~=25.0.1", "minimist": "~=1.2.2", "newman": "~=6.2.1", - "prettier": "~=3.8.1" + "prettier": "~=3.8.3" } }, "node_modules/@apideck/better-ajv-errors": { @@ -292,13 +292,13 @@ } }, "node_modules/@nestjs/common": { - "version": "11.1.16", - "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.16.tgz", - "integrity": "sha512-JSIeW+USuMJkkcNbiOdcPkVCeI3TSnXstIVEPpp3HiaKnPRuSbUUKm9TY9o/XpIcPHWUOQItAtC5BiAwFdVITQ==", + "version": "11.1.17", + "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.17.tgz", + "integrity": "sha512-hLODw5Abp8OQgA+mUO4tHou4krKgDtUcM9j5Ihxncst9XeyxYBTt2bwZm4e4EQr5E352S4Fyy6V3iFx9ggxKAg==", "dev": true, "license": "MIT", "dependencies": { - "file-type": "21.3.0", + "file-type": "21.3.2", "iterare": "1.2.1", "load-esm": "1.0.3", "tslib": "2.8.1", @@ -324,9 +324,9 @@ } }, "node_modules/@nestjs/core": { - "version": "11.1.16", - "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-11.1.16.tgz", - "integrity": "sha512-tXWXyCiqWthelJjrE0KLFjf0O98VEt+WPVx5CrqCf+059kIxJ8y1Vw7Cy7N4fwQafWNrmFL2AfN87DDMbVAY0w==", + "version": "11.1.18", + "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-11.1.18.tgz", + "integrity": "sha512-wR3DtGyk/LUAiPtbXDuWJJwVkWElKBY0sqnTzf9d4uM3+X18FRZhK7WFc47czsIGOdWuRsMeLYV+1Z9dO4zDEQ==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -334,7 +334,7 @@ "@nuxt/opencollective": "0.4.1", "fast-safe-stringify": "2.1.1", "iterare": "1.2.1", - "path-to-regexp": "8.3.0", + "path-to-regexp": "8.4.2", "tslib": "2.8.1", "uid": "2.0.2" }, @@ -409,19 +409,19 @@ "license": "MIT" }, "node_modules/@openapitools/openapi-generator-cli": { - "version": "2.30.2", - "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.30.2.tgz", - "integrity": "sha512-rGgLrY88f7/eTBc2wmehhcqQq7/1wEkNQUhvk1NF0nh/bCGGGRfzN6O4U2VHsREtshUT+IUaRoJwq4UeDrRXZQ==", + "version": "2.32.0", + "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.32.0.tgz", + "integrity": "sha512-9HZ3fp3cankdUC89UNsnW+HZFmRUadjjtqOvIIo6/D+bAVs+VJRqyhDy4rT4/cxqcLhXw40njs/vJLj21r60JA==", "dev": true, "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { "@inquirer/select": "1.3.3", "@nestjs/axios": "4.0.1", - "@nestjs/common": "11.1.16", - "@nestjs/core": "11.1.16", + "@nestjs/common": "11.1.17", + "@nestjs/core": "11.1.18", "@nuxtjs/opencollective": "0.3.2", - "axios": "^1.13.6", + "axios": "^1.15.0", "chalk": "4.1.2", "commander": "8.3.0", "compare-versions": "6.1.1", @@ -891,15 +891,78 @@ "license": "MIT" }, "node_modules/axios": { - "version": "1.13.6", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.6.tgz", - "integrity": "sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==", + "version": "1.16.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.16.1.tgz", + "integrity": "sha512-caYkukvroVPO8KrzuJEb50Hm07KwfBZPEC3VeFHTsqWHvKTsy54hjJz9BS/cdaypROE2rH6xvm9mHX4fgWkr3A==", "dev": true, "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "form-data": "^4.0.5", - "proxy-from-env": "^1.1.0" + "https-proxy-agent": "^5.0.1", + "proxy-from-env": "^2.1.0" + } + }, + "node_modules/axios/node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/axios/node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/axios/node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "dev": true, + "license": "MIT", + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/axios/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/axios/node_modules/proxy-from-env": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" } }, "node_modules/balanced-match": { @@ -1923,9 +1986,9 @@ "license": "MIT" }, "node_modules/fast-uri": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.6.tgz", - "integrity": "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "dev": true, "funding": [ { @@ -1956,9 +2019,9 @@ } }, "node_modules/file-type": { - "version": "21.3.0", - "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.0.tgz", - "integrity": "sha512-8kPJMIGz1Yt/aPEwOsrR97ZyZaD1Iqm8PClb1nYFclUCkBi0Ma5IsYNQzvSFS9ib51lWyIw5mIT9rWzI/xjpzA==", + "version": "21.3.2", + "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.2.tgz", + "integrity": "sha512-DLkUvGwep3poOV2wpzbHCOnSKGk1LzyXTv+aHFgN2VFl96wnp8YA9YjO2qPzg5PuL8q/SW9Pdi6WTkYOIh995w==", "dev": true, "license": "MIT", "dependencies": { @@ -4120,9 +4183,9 @@ } }, "node_modules/path-to-regexp": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz", - "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==", + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz", + "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==", "dev": true, "license": "MIT", "funding": { @@ -4633,9 +4696,9 @@ } }, "node_modules/prettier": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz", - "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==", + "version": "3.8.3", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz", + "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==", "dev": true, "license": "MIT", "bin": { @@ -5705,9 +5768,9 @@ } }, "node_modules/strtok3": { - "version": "10.3.4", - "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.4.tgz", - "integrity": "sha512-KIy5nylvC5le1OdaaoCJ07L+8iQzJHGH6pWDuzS+d07Cu7n1MZ2x26P8ZKIWfbK02+XIL8Mp4RkWeqdUCrDMfg==", + "version": "10.3.5", + "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.5.tgz", + "integrity": "sha512-ki4hZQfh5rX0QDLLkOCj+h+CVNkqmp/CMf8v8kZpkNVK6jGQooMytqzLZYUVYIZcFZ6yDB70EfD8POcFXiF5oA==", "dev": true, "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index bec3672..bf7d0d5 100644 --- a/package.json +++ b/package.json @@ -11,11 +11,11 @@ "homepage": "https://github.com/NHSDigital/im1-pfs-auth-api", "devDependencies": { "@apideck/portman": "~=1.34.0", - "@openapitools/openapi-generator-cli": "~=2.30.2", + "@openapitools/openapi-generator-cli": "~=2.32.0", "apigeetool": "~=0.16.4", "license-checker": "~=25.0.1", "minimist": "~=1.2.2", "newman": "~=6.2.1", - "prettier": "~=3.8.1" + "prettier": "~=3.8.3" } } From 76794c20e7c563bb0290a3149fe122f2ead31fbd Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Tue, 19 May 2026 16:10:07 +0100 Subject: [PATCH 5/7] NPA-6797: final dependabot fix --- package-lock.json | 32 +++++++------------------------- 1 file changed, 7 insertions(+), 25 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0792c59..15d8110 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2669,15 +2669,11 @@ "license": "ISC" }, "node_modules/ip-address": { - "version": "9.0.5", - "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", - "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz", + "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==", "dev": true, "license": "MIT", - "dependencies": { - "jsbn": "1.1.0", - "sprintf-js": "^1.1.3" - }, "engines": { "node": ">= 12" } @@ -2799,13 +2795,6 @@ "js-yaml": "bin/js-yaml.js" } }, - "node_modules/jsbn": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", - "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==", - "dev": true, - "license": "MIT" - }, "node_modules/json-crawl": { "version": "0.4.2", "resolved": "https://registry.npmjs.org/json-crawl/-/json-crawl-0.4.2.tgz", @@ -5509,13 +5498,13 @@ } }, "node_modules/socks": { - "version": "2.8.6", - "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.6.tgz", - "integrity": "sha512-pe4Y2yzru68lXCb38aAqRf5gvN8YdjP1lok5o0J7BOHljkyCGKVz7H3vpVIXKD27rj2giOJ7DwVyk/GWrPHDWA==", + "version": "2.8.9", + "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.9.tgz", + "integrity": "sha512-LJhUYUvItdQ0LkJTmPeaEObWXAqFyfmP85x0tch/ez9cahmhlBBLbIqDFnvBnUJGagb0JbIQrkBs1wJ+yRYpEw==", "dev": true, "license": "MIT", "dependencies": { - "ip-address": "^9.0.5", + "ip-address": "^10.1.1", "smart-buffer": "^4.2.0" }, "engines": { @@ -5640,13 +5629,6 @@ "spdx-ranges": "^2.0.0" } }, - "node_modules/sprintf-js": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", - "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==", - "dev": true, - "license": "BSD-3-Clause" - }, "node_modules/sshpk": { "version": "1.18.0", "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.18.0.tgz", From e7515cc6d2dd2cf0b3a12a34a2fdda8cf957ec0e Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Wed, 20 May 2026 09:13:06 +0100 Subject: [PATCH 6/7] NPA-6797: upgrade buildx --- .github/workflows/reusable-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-deploy.yml b/.github/workflows/reusable-deploy.yml index 664a542..680b735 100644 --- a/.github/workflows/reusable-deploy.yml +++ b/.github/workflows/reusable-deploy.yml @@ -90,7 +90,7 @@ jobs: PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }} PROXYGEN_PRIVATE_KEY: ${{ secrets.PROXYGEN_PRIVATE_KEY }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: "Build ${{inputs.type_of_deployment}} container" run: make ${{inputs.type_of_deployment}}-build - name: Check Docker Containers From 21822d588c610b3880afeedbdb1f2ff8d780a3c2 Mon Sep 17 00:00:00 2001 From: Elliot Hallam <20362314+ehallam@users.noreply.github.com> Date: Wed, 20 May 2026 09:26:20 +0100 Subject: [PATCH 7/7] NPA-6797: copilot comments --- .github/actions/ruff-checks/action.yaml | 2 ++ .github/actions/ruff-format/action.yaml | 2 ++ .github/actions/run-unit-tests/action.yaml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/actions/ruff-checks/action.yaml b/.github/actions/ruff-checks/action.yaml index de4ec0c..89c7b49 100644 --- a/.github/actions/ruff-checks/action.yaml +++ b/.github/actions/ruff-checks/action.yaml @@ -6,6 +6,8 @@ runs: steps: - name: Install the latest version of uv uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + with: + version-file: "pyproject.toml" - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/ruff-format/action.yaml b/.github/actions/ruff-format/action.yaml index 597cb86..02a9d0b 100644 --- a/.github/actions/ruff-format/action.yaml +++ b/.github/actions/ruff-format/action.yaml @@ -6,6 +6,8 @@ runs: steps: - name: Install the latest version of uv uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + with: + version-file: "pyproject.toml" - name: Install dependencies run: uv sync --all-groups shell: bash diff --git a/.github/actions/run-unit-tests/action.yaml b/.github/actions/run-unit-tests/action.yaml index e37ec4f..85c9e32 100644 --- a/.github/actions/run-unit-tests/action.yaml +++ b/.github/actions/run-unit-tests/action.yaml @@ -11,6 +11,8 @@ runs: steps: - name: Install the latest version of uv uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + with: + version-file: "pyproject.toml" - name: Install dependencies run: uv sync --all-groups shell: bash