Combined Dependabot PRs (#233)

github-actions[bot] · dependabot[bot] · timireland · web-flow · commit c934c3c04bdc · 2025-11-11T13:24:20.000Z
* Bump actions/download-artifact from 5 to 6 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v5...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump nhsuk-frontend from 8.3.0 to 10.1.0 Bumps [nhsuk-frontend](https://github.com/nhsuk/nhsuk-frontend) from 8.3.0 to 10.1.0. - [Release notes](https://github.com/nhsuk/nhsuk-frontend/releases) - [Changelog](https://github.com/nhsuk/nhsuk-frontend/blob/main/CHANGELOG.md) - [Commits](nhsuk/nhsuk-frontend@v8.3.0...v10.1.0) --- updated-dependencies: - dependency-name: nhsuk-frontend dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typescript from 5.9.2 to 5.9.3 Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.2 to 5.9.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml) - [Commits](microsoft/TypeScript@v5.9.2...v5.9.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 5.9.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @openapitools/openapi-generator-cli from 2.23.4 to 2.25.0 Bumps [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli) from 2.23.4 to 2.25.0. - [Release notes](https://github.com/OpenAPITools/openapi-generator-cli/releases) - [Changelog](https://github.com/OpenAPITools/openapi-generator-cli/blob/master/.releaserc) - [Commits](OpenAPITools/openapi-generator-cli@v2.23.4...v2.25.0) --- updated-dependencies: - dependency-name: "@openapitools/openapi-generator-cli" dependency-version: 2.25.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @redocly/cli from 1.34.5 to 2.8.0 Bumps [@redocly/cli](https://github.com/Redocly/redocly-cli) from 1.34.5 to 2.8.0. - [Release notes](https://github.com/Redocly/redocly-cli/releases) - [Commits](https://github.com/Redocly/redocly-cli/compare/@redocly/cli@1.34.5...@redocly/cli@2.8.0) --- updated-dependencies: - dependency-name: "@redocly/cli" dependency-version: 2.8.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github/codeql-action from 4.31.0 to 4.31.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.0 to 4.31.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4e94bd1...0499de3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update .gitleaksignore added gitleaks ignore * Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/yargs-18.0.0' into dependabotCombined * update lock * Bump nhsuk-frontend from 8.3.0 to 10.1.0 Bumps [nhsuk-frontend](https://github.com/nhsuk/nhsuk-frontend) from 8.3.0 to 10.1.0. - [Release notes](https://github.com/nhsuk/nhsuk-frontend/releases) - [Changelog](https://github.com/nhsuk/nhsuk-frontend/blob/main/CHANGELOG.md) - [Commits](nhsuk/nhsuk-frontend@v8.3.0...v10.1.0) --- updated-dependencies: - dependency-name: nhsuk-frontend dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @openapitools/openapi-generator-cli from 2.23.4 to 2.25.0 Bumps [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli) from 2.23.4 to 2.25.0. - [Release notes](https://github.com/OpenAPITools/openapi-generator-cli/releases) - [Changelog](https://github.com/OpenAPITools/openapi-generator-cli/blob/master/.releaserc) - [Commits](OpenAPITools/openapi-generator-cli@v2.23.4...v2.25.0) --- updated-dependencies: - dependency-name: "@openapitools/openapi-generator-cli" dependency-version: 2.25.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump yargs from 17.7.2 to 18.0.0 Bumps [yargs](https://github.com/yargs/yargs) from 17.7.2 to 18.0.0. - [Release notes](https://github.com/yargs/yargs/releases) - [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md) - [Commits](yargs/yargs@v17.7.2...v18.0.0) --- updated-dependencies: - dependency-name: yargs dependency-version: 18.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typescript from 5.9.2 to 5.9.3 Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.2 to 5.9.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml) - [Commits](microsoft/TypeScript@v5.9.2...v5.9.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 5.9.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @redocly/cli from 1.34.5 to 2.8.0 Bumps [@redocly/cli](https://github.com/Redocly/redocly-cli) from 1.34.5 to 2.8.0. - [Release notes](https://github.com/Redocly/redocly-cli/releases) - [Commits](https://github.com/Redocly/redocly-cli/compare/@redocly/cli@1.34.5...@redocly/cli@2.8.0) --- updated-dependencies: - dependency-name: "@redocly/cli" dependency-version: 2.8.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update package-lock.json * Downgrade openapi gen and redocly --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tim Ireland <tim.ireland@hscic.gov.uk> Co-authored-by: Mark Slowey <mark.slowey1@nhs.net> Co-authored-by: Mike Houston <michael.houston4@nhs.net>
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml
@@ -143,7 +143,7 @@ jobs:
         with:
           fetch-depth: 0 # Full history is needed to improving relevancy of reporting
       - name: "Download coverage report for SONAR"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: code-coverage-report
       - name: "Perform static analysis"
diff --git a/.github/workflows/stage-5-publish.yaml b/.github/workflows/stage-5-publish.yaml
@@ -46,56 +46,56 @@ jobs:
         uses: actions/checkout@v5
 
       - name: "Get the artefacts 1"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/jekyll-docs-${{ inputs.version }}
           name: jekyll-docs-${{ inputs.version }}
 
       - name: "Get the artefacts 2"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-html-docs-${{ inputs.version }}
           name: sdk-html-docs-${{ inputs.version }}
 
       - name: "Get the artefacts 3"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-swagger-docs-${{ inputs.version }}
           name: sdk-swagger-docs-${{ inputs.version }}
 
       - name: "Get the artefacts 4"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-html-${{ inputs.version }}
           name: sdk-html-${{ inputs.version }}
 
       - name: "Get the artefacts 5"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-ts-${{ inputs.version }}
           name: sdk-ts-${{ inputs.version }}
 
       - name: "Get the artefacts 6"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-python-${{ inputs.version }}
           name: sdk-python-${{ inputs.version }}
 
       - name: "Get the artefacts 7"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/sdk-csharp-${{ inputs.version }}
           name: sdk-csharp-${{ inputs.version }}
 
       - name: "Get the artefacts 8"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts/api-oas-specification-${{ inputs.version }}
           name: api-oas-specification-${{ inputs.version }}
 
       # Take out for now - might add again in the future
       # - name: "Get the artefacts 9"
-      #   uses: actions/download-artifact@v5
+      #   uses: actions/download-artifact@v6
       #   with:
       #     path: ./artifacts/server-csharp-${{ inputs.version }}
       #     name: server-csharp-${{ inputs.version }}
@@ -252,12 +252,12 @@ jobs:
   #       contents: read
   #     steps:
   #       - name: "Get the artefacts csharp docker"
-  #         uses: actions/download-artifact@v5
+  #         uses: actions/download-artifact@v6
   #         with:
   #           path: .
   #           name: server-csharp-docker-${{ inputs.version }}
   #       - name: "Get the artefacts csharp server"
-  #         uses: actions/download-artifact@v5
+  #         uses: actions/download-artifact@v6
   #         with:
   #           path: ./csharp-server
   #           name: server-csharp-${{ inputs.version }}
@@ -279,7 +279,7 @@ jobs:
       contents: read
     steps:
       - name: "Get the artefacts"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: .
           name: sdk-csharp-${{ inputs.version }}
@@ -335,7 +335,7 @@ jobs:
       contents: read
     steps:
       - name: "Get the artefacts"
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: .
           name: sdk-ts-${{ inputs.version }}
@@ -439,7 +439,7 @@ jobs:
   #     contents: read
   #   steps:
   #     - name: "Get the artefacts"
-  #       uses: actions/download-artifact@v5
+  #       uses: actions/download-artifact@v6
   #       with:
   #         path: .
   #         name: libs-letter-${{ inputs.version }}
diff --git a/docs/package.json b/docs/package.json
@@ -1,7 +1,7 @@
 {
   "author": "",
   "dependencies": {
-    "nhsuk-frontend": "^8.1.1"
+    "nhsuk-frontend": "^10.1.0"
   },
   "description": "",
   "devDependencies": {},
diff --git a/internal/datastore/package.json b/internal/datastore/package.json
@@ -19,7 +19,7 @@
     "testcontainers": "^11.4.0",
     "ts-jest": "^29.4.0",
     "ts-node": "^10.9.2",
-    "typescript": "^5.8.3",
+    "typescript": "^5.9.3",
     "zod-mermaid": "^1.0.9"
   },
   "license": "MIT",
diff --git a/internal/events/package.json b/internal/events/package.json
@@ -17,7 +17,7 @@
     "jest": "^29.7.0",
     "ts-jest": "^29.4.0",
     "ts-node": "^10.9.2",
-    "typescript": "^5.8.3"
+    "typescript": "^5.9.3"
   },
   "license": "MIT",
   "main": "dist/index.js",
diff --git a/internal/helpers/package.json b/internal/helpers/package.json
@@ -14,7 +14,7 @@
     "jest": "^30.1.3",
     "ts-jest": "^29.4.0",
     "ts-node": "^10.9.2",
-    "typescript": "^5.8.3"
+    "typescript": "^5.9.3"
   },
   "license": "MIT",
   "main": "src/index.ts",
diff --git a/lambdas/api-handler/package.json b/lambdas/api-handler/package.json
@@ -12,7 +12,7 @@
     "@types/jest": "^29.5.14",
     "jest": "^30.2.0",
     "jest-mock-extended": "^3.0.7",
-    "typescript": "^5.8.3",
+    "typescript": "^5.9.3",
     "zod": "^4.1.11"
   },
   "name": "nhs-notify-supplier-api-handler",
diff --git a/lambdas/authorizer/package.json b/lambdas/authorizer/package.json
@@ -8,7 +8,7 @@
     "@types/jest": "^30.0.0",
     "jest": "^30.2.0",
     "jest-mock-extended": "^4.0.0",
-    "typescript": "^5.8.3"
+    "typescript": "^5.9.3"
   },
   "name": "nhs-notify-supplier-authorizer",
   "private": true,
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/scripts/test-data/package.json b/scripts/test-data/package.json

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"author": "",`
`3`	`3`	`"dependencies": {`
`4`		`- "nhsuk-frontend": "^8.1.1"`
	`4`	`+ "nhsuk-frontend": "^10.1.0"`
`5`	`5`	`},`
`6`	`6`	`"description": "",`
`7`	`7`	`"devDependencies": {},`