diff --git a/.trivyignore.yaml b/.trivyignore.yaml
new file mode 100644
index 000000000..2d56409e7
--- /dev/null
+++ b/.trivyignore.yaml
@@ -0,0 +1,6 @@
+vulnerabilities:
+  - id: CVE-2026-25128
+    paths:
+      - "package-lock.json"
+    statement: downstream dependency of fast-xml-parser
+    expired_at: 2026-06-01
diff --git a/package-lock.json b/package-lock.json
index 18ee49673..3764e4f71 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2757,9 +2757,9 @@
       }
     },
     "node_modules/@nhs/fhir-middy-error-handler": {
-      "version": "2.1.70",
-      "resolved": "https://registry.npmjs.org/@nhs/fhir-middy-error-handler/-/fhir-middy-error-handler-2.1.70.tgz",
-      "integrity": "sha512-eK0nuMsEwOBu2UxXj4jOcUDZt1LT+Sgona/E3hObwQWQQa2TFqJiEVj5prGTue8atLom8hQRtk61uZ7s1OucJA==",
+      "version": "2.1.71",
+      "resolved": "https://registry.npmjs.org/@nhs/fhir-middy-error-handler/-/fhir-middy-error-handler-2.1.71.tgz",
+      "integrity": "sha512-aSCFZsWNMjhJcfiRGYHiMBE8nddYHfCc16QFbWMhlM5LSljld+hf+hYuq7y2zhCat5eR7+MksBMtgl/JZnsP9A==",
       "license": "MIT",
       "dependencies": {
         "@aws-lambda-powertools/logger": "^2.30.2",
@@ -11786,7 +11786,7 @@
         "@aws-lambda-powertools/logger": "^2.30.2",
         "@middy/core": "^7.0.2",
         "@middy/input-output-logger": "^7.0.2",
-        "@nhs/fhir-middy-error-handler": "^2.1.70"
+        "@nhs/fhir-middy-error-handler": "^2.1.71"
       },
       "devDependencies": {
         "@pfp-common/testing": "^1.0.0"
@@ -11870,7 +11870,7 @@
         "@middy/core": "^7.0.2",
         "@middy/http-header-normalizer": "^7.0.2",
         "@middy/input-output-logger": "^7.0.2",
-        "@nhs/fhir-middy-error-handler": "^2.1.70",
+        "@nhs/fhir-middy-error-handler": "^2.1.71",
         "@nhsdigital/eps-spine-client": "^2.1.78",
         "@prescriptionsforpatients/distanceSelling": "^1.0.0",
         "@types/fhir": "^0.0.41"
@@ -11889,7 +11889,7 @@
         "@aws-lambda-powertools/logger": "^2.30.2",
         "@middy/core": "^7.0.2",
         "@middy/input-output-logger": "^7.0.2",
-        "@nhs/fhir-middy-error-handler": "^2.1.70"
+        "@nhs/fhir-middy-error-handler": "^2.1.71"
       },
       "devDependencies": {
         "@pfp-common/testing": "^1.0.0"
@@ -11931,7 +11931,7 @@
         "@aws-lambda-powertools/parameters": "^2.30.2",
         "@middy/core": "^7.0.2",
         "@middy/input-output-logger": "^7.0.2",
-        "@nhs/fhir-middy-error-handler": "^2.1.70",
+        "@nhs/fhir-middy-error-handler": "^2.1.71",
         "@nhsdigital/eps-spine-client": "^2.1.78"
       }
     }
diff --git a/packages/capabilityStatement/package.json b/packages/capabilityStatement/package.json
index 15091a364..c586160ec 100644
--- a/packages/capabilityStatement/package.json
+++ b/packages/capabilityStatement/package.json
@@ -18,7 +18,7 @@
     "@aws-lambda-powertools/logger": "^2.30.2",
     "@middy/core": "^7.0.2",
     "@middy/input-output-logger": "^7.0.2",
-    "@nhs/fhir-middy-error-handler": "^2.1.70"
+    "@nhs/fhir-middy-error-handler": "^2.1.71"
   },
   "devDependencies": {
     "@pfp-common/testing": "^1.0.0"
diff --git a/packages/getMyPrescriptions/package.json b/packages/getMyPrescriptions/package.json
index f976ceff1..0c7618b18 100644
--- a/packages/getMyPrescriptions/package.json
+++ b/packages/getMyPrescriptions/package.json
@@ -21,7 +21,7 @@
     "@middy/core": "^7.0.2",
     "@middy/http-header-normalizer": "^7.0.2",
     "@middy/input-output-logger": "^7.0.2",
-    "@nhs/fhir-middy-error-handler": "^2.1.70",
+    "@nhs/fhir-middy-error-handler": "^2.1.71",
     "@nhsdigital/eps-spine-client": "^2.1.78",
     "@prescriptionsforpatients/distanceSelling": "^1.0.0",
     "@types/fhir": "^0.0.41"
diff --git a/packages/nhsd-pfp-sandbox/package.json b/packages/nhsd-pfp-sandbox/package.json
index 2d6b939fe..9a324d2c6 100644
--- a/packages/nhsd-pfp-sandbox/package.json
+++ b/packages/nhsd-pfp-sandbox/package.json
@@ -17,7 +17,7 @@
     "@aws-lambda-powertools/logger": "^2.30.2",
     "@middy/core": "^7.0.2",
     "@middy/input-output-logger": "^7.0.2",
-    "@nhs/fhir-middy-error-handler": "^2.1.70"
+    "@nhs/fhir-middy-error-handler": "^2.1.71"
   },
   "devDependencies": {
     "@pfp-common/testing": "^1.0.0"
diff --git a/packages/statusLambda/package.json b/packages/statusLambda/package.json
index cec228668..9892c4f4a 100644
--- a/packages/statusLambda/package.json
+++ b/packages/statusLambda/package.json
@@ -18,7 +18,7 @@
     "@aws-lambda-powertools/parameters": "^2.30.2",
     "@middy/core": "^7.0.2",
     "@middy/input-output-logger": "^7.0.2",
-    "@nhs/fhir-middy-error-handler": "^2.1.70",
+    "@nhs/fhir-middy-error-handler": "^2.1.71",
     "@nhsdigital/eps-spine-client": "^2.1.78"
   }
 }
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 000000000..eb2433758
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1 @@
+ignorefile: ".trivyignore.yaml"