From 65e351e85f9c0c6ad6e463f6c86dedd5d46ea873 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 Jan 2026 11:00:25 +0000 Subject: [PATCH 1/2] Upgrade: [dependabot] - bump @nhs/fhir-middy-error-handler Bumps [@nhs/fhir-middy-error-handler](https://github.com/NHSDigital/nhs-fhir-middy-error-handler) from 2.1.70 to 2.1.71. - [Release notes](https://github.com/NHSDigital/nhs-fhir-middy-error-handler/releases) - [Changelog](https://github.com/NHSDigital/nhs-fhir-middy-error-handler/blob/main/RELEASE.md) - [Commits](https://github.com/NHSDigital/nhs-fhir-middy-error-handler/compare/v2.1.70...v2.1.71) --- updated-dependencies: - dependency-name: "@nhs/fhir-middy-error-handler" dependency-version: 2.1.71 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 14 +++++++------- packages/capabilityStatement/package.json | 2 +- packages/getMyPrescriptions/package.json | 2 +- packages/nhsd-pfp-sandbox/package.json | 2 +- packages/statusLambda/package.json | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 18ee49673..3764e4f71 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2757,9 +2757,9 @@ } }, "node_modules/@nhs/fhir-middy-error-handler": { - "version": "2.1.70", - "resolved": "https://registry.npmjs.org/@nhs/fhir-middy-error-handler/-/fhir-middy-error-handler-2.1.70.tgz", - "integrity": "sha512-eK0nuMsEwOBu2UxXj4jOcUDZt1LT+Sgona/E3hObwQWQQa2TFqJiEVj5prGTue8atLom8hQRtk61uZ7s1OucJA==", + "version": "2.1.71", + "resolved": "https://registry.npmjs.org/@nhs/fhir-middy-error-handler/-/fhir-middy-error-handler-2.1.71.tgz", + "integrity": "sha512-aSCFZsWNMjhJcfiRGYHiMBE8nddYHfCc16QFbWMhlM5LSljld+hf+hYuq7y2zhCat5eR7+MksBMtgl/JZnsP9A==", "license": "MIT", "dependencies": { "@aws-lambda-powertools/logger": "^2.30.2", @@ -11786,7 +11786,7 @@ "@aws-lambda-powertools/logger": "^2.30.2", "@middy/core": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70" + "@nhs/fhir-middy-error-handler": "^2.1.71" }, "devDependencies": { "@pfp-common/testing": "^1.0.0" @@ -11870,7 +11870,7 @@ "@middy/core": "^7.0.2", "@middy/http-header-normalizer": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70", + "@nhs/fhir-middy-error-handler": "^2.1.71", "@nhsdigital/eps-spine-client": "^2.1.78", "@prescriptionsforpatients/distanceSelling": "^1.0.0", "@types/fhir": "^0.0.41" @@ -11889,7 +11889,7 @@ "@aws-lambda-powertools/logger": "^2.30.2", "@middy/core": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70" + "@nhs/fhir-middy-error-handler": "^2.1.71" }, "devDependencies": { "@pfp-common/testing": "^1.0.0" @@ -11931,7 +11931,7 @@ "@aws-lambda-powertools/parameters": "^2.30.2", "@middy/core": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70", + "@nhs/fhir-middy-error-handler": "^2.1.71", "@nhsdigital/eps-spine-client": "^2.1.78" } } diff --git a/packages/capabilityStatement/package.json b/packages/capabilityStatement/package.json index 15091a364..c586160ec 100644 --- a/packages/capabilityStatement/package.json +++ b/packages/capabilityStatement/package.json @@ -18,7 +18,7 @@ "@aws-lambda-powertools/logger": "^2.30.2", "@middy/core": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70" + "@nhs/fhir-middy-error-handler": "^2.1.71" }, "devDependencies": { "@pfp-common/testing": "^1.0.0" diff --git a/packages/getMyPrescriptions/package.json b/packages/getMyPrescriptions/package.json index f976ceff1..0c7618b18 100644 --- a/packages/getMyPrescriptions/package.json +++ b/packages/getMyPrescriptions/package.json @@ -21,7 +21,7 @@ "@middy/core": "^7.0.2", "@middy/http-header-normalizer": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70", + "@nhs/fhir-middy-error-handler": "^2.1.71", "@nhsdigital/eps-spine-client": "^2.1.78", "@prescriptionsforpatients/distanceSelling": "^1.0.0", "@types/fhir": "^0.0.41" diff --git a/packages/nhsd-pfp-sandbox/package.json b/packages/nhsd-pfp-sandbox/package.json index 2d6b939fe..9a324d2c6 100644 --- a/packages/nhsd-pfp-sandbox/package.json +++ b/packages/nhsd-pfp-sandbox/package.json @@ -17,7 +17,7 @@ "@aws-lambda-powertools/logger": "^2.30.2", "@middy/core": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70" + "@nhs/fhir-middy-error-handler": "^2.1.71" }, "devDependencies": { "@pfp-common/testing": "^1.0.0" diff --git a/packages/statusLambda/package.json b/packages/statusLambda/package.json index cec228668..9892c4f4a 100644 --- a/packages/statusLambda/package.json +++ b/packages/statusLambda/package.json @@ -18,7 +18,7 @@ "@aws-lambda-powertools/parameters": "^2.30.2", "@middy/core": "^7.0.2", "@middy/input-output-logger": "^7.0.2", - "@nhs/fhir-middy-error-handler": "^2.1.70", + "@nhs/fhir-middy-error-handler": "^2.1.71", "@nhsdigital/eps-spine-client": "^2.1.78" } } From 9af06c2ba4edf66988c6252ada48fae3c9bf3473 Mon Sep 17 00:00:00 2001 From: Anthony Brown Date: Sat, 31 Jan 2026 11:19:00 +0000 Subject: [PATCH 2/2] add trivyignore --- .trivyignore.yaml | 6 ++++++ trivy.yaml | 1 + 2 files changed, 7 insertions(+) create mode 100644 .trivyignore.yaml create mode 100644 trivy.yaml diff --git a/.trivyignore.yaml b/.trivyignore.yaml new file mode 100644 index 000000000..2d56409e7 --- /dev/null +++ b/.trivyignore.yaml @@ -0,0 +1,6 @@ +vulnerabilities: + - id: CVE-2026-25128 + paths: + - "package-lock.json" + statement: downstream dependency of fast-xml-parser + expired_at: 2026-06-01 diff --git a/trivy.yaml b/trivy.yaml new file mode 100644 index 000000000..eb2433758 --- /dev/null +++ b/trivy.yaml @@ -0,0 +1 @@ +ignorefile: ".trivyignore.yaml"