From fc744a5edb887e21f192361b479e051d9c47e84e Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Mon, 9 Sep 2024 13:52:32 +0000 Subject: [PATCH 01/42] Add SBOM action and make target --- .github/workflows/quality_checks.yml | 9 +++++++++ .gitignore | 1 + Makefile | 6 ++++++ 3 files changed, 16 insertions(+) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index 28aca0ab..52dd0c08 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -45,6 +45,15 @@ jobs: echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc + - name: Generate and check SBOMs + uses: NHSDigital/eps-action-sbom@main + + - name: Upload SBOMs + uses: actions/upload-artifact@v3 + with: + name: SBOMS + path: '**/*sbom*.json' + - name: make install run: | make install diff --git a/.gitignore b/.gitignore index 5de2e51c..77f7c892 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ _site/ .jekyll-cache .jekyll-metadata vendor +*sbom*.json diff --git a/Makefile b/Makefile index 791880c0..6d4100c1 100644 --- a/Makefile +++ b/Makefile @@ -107,6 +107,12 @@ download-get-secrets-layer: mkdir -p packages/getSecretLayer/lib curl -LJ https://github.com/NHSDigital/electronic-prescription-service-get-secrets/releases/download/$$(curl -s "https://api.github.com/repos/NHSDigital/electronic-prescription-service-get-secrets/releases/latest" | jq -r .tag_name)/get-secrets-layer.zip -o packages/getSecretLayer/lib/get-secrets-layer.zip +sbom: + mkdir -p ~/git_actions + git -C ~/git_actions/eps-actions-sbom/ pull || git clone https://github.com/NHSDigital/eps-action-sbom.git ~/git_actions/eps-actions-sbom/ + docker build -t eps-sbom -f ~/git_actions/eps-actions-sbom/Dockerfile ~/git_actions/eps-actions-sbom/ + docker run -it --rm -v $${LOCAL_WORKSPACE_FOLDER:-.}:/github/workspace eps-sbom + lint-node: compile-node npm run lint --workspace packages/sandbox npm run lint --workspace packages/statusLambda From 938412a9749d2b4c89c4602cb10a3a0f0a8e4234 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 02:32:52 +0000 Subject: [PATCH 02/42] Upgrade: [dependabot] - bump boto3 from 1.35.14 to 1.35.15 (#471) Bumps [boto3](https://github.com/boto/boto3) from 1.35.14 to 1.35.15.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.14&new-version=1.35.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 16 ++++++++-------- pyproject.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/poetry.lock b/poetry.lock index 71fb37f3..fddcf9c9 100644 --- a/poetry.lock +++ b/poetry.lock @@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "boto3" -version = "1.35.14" +version = "1.35.15" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.35.14-py3-none-any.whl", hash = "sha256:c3e138e9041d59cd34cdc28a587dfdc899dba02ea26ebc3e10fb4bc88e5cf31b"}, - {file = "boto3-1.35.14.tar.gz", hash = "sha256:7bc78d7140c353b10a637927fe4bc4c4d95a464d1b8f515d5844def2ee52cbd5"}, + {file = "boto3-1.35.15-py3-none-any.whl", hash = "sha256:c8e3567a843bee89b826b71916748088386ccd48014f0f55f56288215a686048"}, + {file = "boto3-1.35.15.tar.gz", hash = "sha256:5e286daa84f945e4c57b133fc96bd2abbcf4066e5d4e63c591ce5e949913d6fd"}, ] [package.dependencies] -botocore = ">=1.35.14,<1.36.0" +botocore = ">=1.35.15,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.35.14" +version = "1.35.15" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.35.14-py3-none-any.whl", hash = "sha256:24823135232f88266b66ae8e1d0f3d40872c14cd976781f7fe52b8f0d79035a0"}, - {file = "botocore-1.35.14.tar.gz", hash = "sha256:8515a2fc7ca5bcf0b10016ba05ccf2d642b7cb77d8773026ff2fa5aa3bf38d2e"}, + {file = "botocore-1.35.15-py3-none-any.whl", hash = "sha256:a01a7668941c9276ca7697fb0b09a47ab1f13e585c5ca6551270528f4e086de8"}, + {file = "botocore-1.35.15.tar.gz", hash = "sha256:bbfe4f6cd417d1d097900db062f1017e5185775acdeccd0eff1ec0f499633242"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "e6b0e485c402118effb2ff42217104dc92ca078aae9fd46c2587082de176c251" +content-hash = "ba7d476d4bb256815358528ace44b89f0da061887025372dd909dd134dfbe10b" diff --git a/pyproject.toml b/pyproject.toml index 8eda473f..e98448ac 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ jsonpath-rw = "^1.4.0" semver = "^3.0.2" gitpython = "^3.1.43" requests = "^2.32.3" -boto3 = "^1.35.14" +boto3 = "^1.35.15" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.2" From 051d434aed12117c6dc46ee454fdc506a620cb45 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 03:10:16 +0000 Subject: [PATCH 03/42] Upgrade: [dependabot] - bump @typescript-eslint/parser from 8.4.0 to 8.5.0 (#472) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.4.0 to 8.5.0.
Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.5.0

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary | undefined for optional parameters (#9479)
  • eslint-plugin: [no-unsafe-argument] differentiate error types (#9920)
  • typescript-estree: default projectService.defaultProject to 'tsconfig.json' (#9893)

🩹 Fixes

  • deps: update dependency prism-react-renderer to v2.4.0 (#9943)
  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer (#9898)
  • eslint-plugin: [no-misused-promises] handle static method (#9951)
  • eslint-plugin: [no-unnecessary-type-parameters] fix AST quick path scope analysis (#9900)
  • eslint-plugin: [consistent-type-assertions] access parser services lazily (#9921)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.5.0 (2024-09-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/parser&package-manager=npm_and_yarn&previous-version=8.4.0&new-version=8.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 92 ++++++++++++++++++++++++++++++++++++++++++----- package.json | 2 +- 2 files changed, 84 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index d653147a..d7806f84 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,7 @@ "@types/jest": "^29.5.12", "@types/node": "^22.5.4", "@typescript-eslint/eslint-plugin": "^8.4.0", - "@typescript-eslint/parser": "^8.4.0", + "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", "eslint-plugin-import-newlines": "^1.4.0", @@ -2797,16 +2797,15 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.4.0.tgz", - "integrity": "sha512-NHgWmKSgJk5K9N16GIhQ4jSobBoJwrmURaLErad0qlLjrpP5bECYg+wxVTGlGZmJbU03jj/dfnb6V9bw+5icsA==", + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.5.0.tgz", + "integrity": "sha512-gF77eNv0Xz2UJg/NbpWJ0kqAm35UMsvZf1GHj8D9MRFTj/V3tAciIWXfmPLsAAF/vUlpWPvUDyH1jjsr0cMVWw==", "dev": true, - "license": "BSD-2-Clause", "dependencies": { - "@typescript-eslint/scope-manager": "8.4.0", - "@typescript-eslint/types": "8.4.0", - "@typescript-eslint/typescript-estree": "8.4.0", - "@typescript-eslint/visitor-keys": "8.4.0", + "@typescript-eslint/scope-manager": "8.5.0", + "@typescript-eslint/types": "8.5.0", + "@typescript-eslint/typescript-estree": "8.5.0", + "@typescript-eslint/visitor-keys": "8.5.0", "debug": "^4.3.4" }, "engines": { @@ -2825,6 +2824,81 @@ } } }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.5.0.tgz", + "integrity": "sha512-06JOQ9Qgj33yvBEx6tpC8ecP9o860rsR22hWMEd12WcTRrfaFgHr2RB/CA/B+7BMhHkXT4chg2MyboGdFGawYg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.5.0", + "@typescript-eslint/visitor-keys": "8.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.5.0.tgz", + "integrity": "sha512-qjkormnQS5wF9pjSi6q60bKUHH44j2APxfh9TQRXK8wbYVeDYYdYJGIROL87LGZZ2gz3Rbmjc736qyL8deVtdw==", + "dev": true, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.5.0.tgz", + "integrity": "sha512-vEG2Sf9P8BPQ+d0pxdfndw3xIXaoSjliG0/Ejk7UggByZPKXmJmw3GW5jV2gHNQNawBUyfahoSiCFVov0Ruf7Q==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.5.0", + "@typescript-eslint/visitor-keys": "8.5.0", + "debug": "^4.3.4", + "fast-glob": "^3.3.2", + "is-glob": "^4.0.3", + "minimatch": "^9.0.4", + "semver": "^7.6.0", + "ts-api-utils": "^1.3.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.5.0.tgz", + "integrity": "sha512-yTPqMnbAZJNy2Xq2XU8AdtOW9tJIr+UQb64aXB9f3B1498Zx9JorVgFJcZpEc9UBuCCrdzKID2RGAMkYcDtZOw==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.5.0", + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/scope-manager": { "version": "8.4.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.4.0.tgz", diff --git a/package.json b/package.json index 512f4f32..a32dc719 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@types/jest": "^29.5.12", "@types/node": "^22.5.4", "@typescript-eslint/eslint-plugin": "^8.4.0", - "@typescript-eslint/parser": "^8.4.0", + "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", "eslint-plugin-import-newlines": "^1.4.0", From 64b58396f6d8187da9845598a7936edf567e98cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 03:16:43 +0000 Subject: [PATCH 04/42] Upgrade: [dependabot] - bump @typescript-eslint/eslint-plugin from 8.4.0 to 8.5.0 (#474) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.4.0 to 8.5.0.
Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.5.0

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary | undefined for optional parameters (#9479)
  • eslint-plugin: [no-unsafe-argument] differentiate error types (#9920)
  • typescript-estree: default projectService.defaultProject to 'tsconfig.json' (#9893)

🩹 Fixes

  • deps: update dependency prism-react-renderer to v2.4.0 (#9943)
  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer (#9898)
  • eslint-plugin: [no-misused-promises] handle static method (#9951)
  • eslint-plugin: [no-unnecessary-type-parameters] fix AST quick path scope analysis (#9900)
  • eslint-plugin: [consistent-type-assertions] access parser services lazily (#9921)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary `

  • eslint-plugin: [no-unsafe-argument] differentiate error types

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer

  • eslint-plugin: [no-misused-promises] handle static method

  • eslint-plugin: [no-unnecessary-type-parameters] fix AST quick path scope analysis

  • eslint-plugin: [consistent-type-assertions] access parser services lazily

❤️ Thank You

  • f44da958e
  • Josh Goldberg ✨
  • Kirk Waiblinger
  • YeonJuan

You can read about our versioning strategy and releases on our website.

Commits
  • 4d31ebe chore(release): publish 8.5.0
  • 918bdf4 fix(eslint-plugin): [consistent-type-assertions] access parser services lazil...
  • 4f6a97b fix(eslint-plugin): [no-unnecessary-type-parameters] fix AST quick path scope...
  • dbcade8 docs: [no-floating-promises] add MDN link regarding void operator (#9953)
  • ead85a3 fix(eslint-plugin): [no-misused-promises] handle static method (#9951)
  • c49b91f feat(eslint-plugin): [no-unsafe-argument] differentiate error types (#9920)
  • 04d1bd0 docs: mark allowRuleToRunWithoutStrictNullChecksIKnowWhatIAmDoing options as ...
  • cafed6d chore: enable unicorn/prefer-array-some (#9932)
  • bee8c9d chore: enable unicorn/prefer-spread (#9834)
  • fe2a16e fix(eslint-plugin): [no-unnecessary-type-assertion] fix TSNonNullExpression f...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/eslint-plugin&package-manager=npm_and_yarn&previous-version=8.4.0&new-version=8.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 146 ++++++++++------------------------------------ package.json | 2 +- 2 files changed, 33 insertions(+), 115 deletions(-) diff --git a/package-lock.json b/package-lock.json index d7806f84..2f64501d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.12", "@types/node": "^22.5.4", - "@typescript-eslint/eslint-plugin": "^8.4.0", + "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", @@ -2763,17 +2763,16 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.4.0.tgz", - "integrity": "sha512-rg8LGdv7ri3oAlenMACk9e+AR4wUV0yrrG+XKsGKOK0EVgeEDqurkXMPILG2836fW4ibokTB5v4b6Z9+GYQDEw==", + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.5.0.tgz", + "integrity": "sha512-lHS5hvz33iUFQKuPFGheAB84LwcJ60G8vKnEhnfcK1l8kGVLro2SFYW6K0/tj8FUhRJ0VHyg1oAfg50QGbPPHw==", "dev": true, - "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.4.0", - "@typescript-eslint/type-utils": "8.4.0", - "@typescript-eslint/utils": "8.4.0", - "@typescript-eslint/visitor-keys": "8.4.0", + "@typescript-eslint/scope-manager": "8.5.0", + "@typescript-eslint/type-utils": "8.5.0", + "@typescript-eslint/utils": "8.5.0", + "@typescript-eslint/visitor-keys": "8.5.0", "graphemer": "^1.4.0", "ignore": "^5.3.1", "natural-compare": "^1.4.0", @@ -2824,7 +2823,7 @@ } } }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { + "node_modules/@typescript-eslint/scope-manager": { "version": "8.5.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.5.0.tgz", "integrity": "sha512-06JOQ9Qgj33yvBEx6tpC8ecP9o860rsR22hWMEd12WcTRrfaFgHr2RB/CA/B+7BMhHkXT4chg2MyboGdFGawYg==", @@ -2841,91 +2840,14 @@ "url": "https://opencollective.com/typescript-eslint" } }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.5.0.tgz", - "integrity": "sha512-qjkormnQS5wF9pjSi6q60bKUHH44j2APxfh9TQRXK8wbYVeDYYdYJGIROL87LGZZ2gz3Rbmjc736qyL8deVtdw==", - "dev": true, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.5.0.tgz", - "integrity": "sha512-vEG2Sf9P8BPQ+d0pxdfndw3xIXaoSjliG0/Ejk7UggByZPKXmJmw3GW5jV2gHNQNawBUyfahoSiCFVov0Ruf7Q==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "8.5.0", - "@typescript-eslint/visitor-keys": "8.5.0", - "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", - "minimatch": "^9.0.4", - "semver": "^7.6.0", - "ts-api-utils": "^1.3.0" - }, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.5.0.tgz", - "integrity": "sha512-yTPqMnbAZJNy2Xq2XU8AdtOW9tJIr+UQb64aXB9f3B1498Zx9JorVgFJcZpEc9UBuCCrdzKID2RGAMkYcDtZOw==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "8.5.0", - "eslint-visitor-keys": "^3.4.3" - }, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/scope-manager": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.4.0.tgz", - "integrity": "sha512-n2jFxLeY0JmKfUqy3P70rs6vdoPjHK8P/w+zJcV3fk0b0BwRXC/zxRTEnAsgYT7MwdQDt/ZEbtdzdVC+hcpF0A==", - "dev": true, - "license": "MIT", - "dependencies": { - "@typescript-eslint/types": "8.4.0", - "@typescript-eslint/visitor-keys": "8.4.0" - }, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.4.0.tgz", - "integrity": "sha512-pu2PAmNrl9KX6TtirVOrbLPLwDmASpZhK/XU7WvoKoCUkdtq9zF7qQ7gna0GBZFN0hci0vHaSusiL2WpsQk37A==", + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.5.0.tgz", + "integrity": "sha512-N1K8Ix+lUM+cIDhL2uekVn/ZD7TZW+9/rwz8DclQpcQ9rk4sIL5CAlBC0CugWKREmDjBzI/kQqU4wkg46jWLYA==", "dev": true, - "license": "MIT", "dependencies": { - "@typescript-eslint/typescript-estree": "8.4.0", - "@typescript-eslint/utils": "8.4.0", + "@typescript-eslint/typescript-estree": "8.5.0", + "@typescript-eslint/utils": "8.5.0", "debug": "^4.3.4", "ts-api-utils": "^1.3.0" }, @@ -2943,11 +2865,10 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.4.0.tgz", - "integrity": "sha512-T1RB3KQdskh9t3v/qv7niK6P8yvn7ja1mS7QK7XfRVL6wtZ8/mFs/FHf4fKvTA0rKnqnYxl/uHFNbnEt0phgbw==", + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.5.0.tgz", + "integrity": "sha512-qjkormnQS5wF9pjSi6q60bKUHH44j2APxfh9TQRXK8wbYVeDYYdYJGIROL87LGZZ2gz3Rbmjc736qyL8deVtdw==", "dev": true, - "license": "MIT", "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" }, @@ -2957,14 +2878,13 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.4.0.tgz", - "integrity": "sha512-kJ2OIP4dQw5gdI4uXsaxUZHRwWAGpREJ9Zq6D5L0BweyOrWsL6Sz0YcAZGWhvKnH7fm1J5YFE1JrQL0c9dd53A==", + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.5.0.tgz", + "integrity": "sha512-vEG2Sf9P8BPQ+d0pxdfndw3xIXaoSjliG0/Ejk7UggByZPKXmJmw3GW5jV2gHNQNawBUyfahoSiCFVov0Ruf7Q==", "dev": true, - "license": "BSD-2-Clause", "dependencies": { - "@typescript-eslint/types": "8.4.0", - "@typescript-eslint/visitor-keys": "8.4.0", + "@typescript-eslint/types": "8.5.0", + "@typescript-eslint/visitor-keys": "8.5.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -2986,16 +2906,15 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.4.0.tgz", - "integrity": "sha512-swULW8n1IKLjRAgciCkTCafyTHHfwVQFt8DovmaF69sKbOxTSFMmIZaSHjqO9i/RV0wIblaawhzvtva8Nmm7lQ==", + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.5.0.tgz", + "integrity": "sha512-6yyGYVL0e+VzGYp60wvkBHiqDWOpT63pdMV2CVG4LVDd5uR6q1qQN/7LafBZtAtNIn/mqXjsSeS5ggv/P0iECw==", "dev": true, - "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", - "@typescript-eslint/scope-manager": "8.4.0", - "@typescript-eslint/types": "8.4.0", - "@typescript-eslint/typescript-estree": "8.4.0" + "@typescript-eslint/scope-manager": "8.5.0", + "@typescript-eslint/types": "8.5.0", + "@typescript-eslint/typescript-estree": "8.5.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -3009,13 +2928,12 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.4.0.tgz", - "integrity": "sha512-zTQD6WLNTre1hj5wp09nBIDiOc2U5r/qmzo7wxPn4ZgAjHql09EofqhF9WF+fZHzL5aCyaIpPcT2hyxl73kr9A==", + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.5.0.tgz", + "integrity": "sha512-yTPqMnbAZJNy2Xq2XU8AdtOW9tJIr+UQb64aXB9f3B1498Zx9JorVgFJcZpEc9UBuCCrdzKID2RGAMkYcDtZOw==", "dev": true, - "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.4.0", + "@typescript-eslint/types": "8.5.0", "eslint-visitor-keys": "^3.4.3" }, "engines": { diff --git a/package.json b/package.json index a32dc719..77f660c3 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.12", "@types/node": "^22.5.4", - "@typescript-eslint/eslint-plugin": "^8.4.0", + "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", From 429acb01268624389c7f0111c536f98bfccd269d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 03:23:31 +0000 Subject: [PATCH 05/42] Upgrade: [dependabot] - bump typescript from 5.5.4 to 5.6.2 (#473) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.5.4 to 5.6.2.
Release notes

Sourced from typescript's releases.

TypeScript 5.6

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

TypeScript 5.6 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

TypeScript 5.6 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

Commits
  • a7e3374 Bump version to 5.6.2 and LKG
  • 2063357 🤖 Pick PR #59708 (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...
  • 4fe7e41 🤖 Pick PR #59670 (fix(59649): ts Move to a new file d...) into release-5.6 (#...
  • 1a03e53 🤖 Pick PR #59761 (this can be nullish) into release-5.6 (#59762)
  • 6212132 Update LKG
  • bbb5faf 🤖 Pick PR #59542 (Fixing delay caused in vscode due t...) into release-5.6 (#...
  • e6914a5 Bump version to 5.6.1-rc and LKG
  • 34121c4 Update LKG
  • 2a30c2a Merge remote-tracking branch 'origin/main' into release-5.6
  • 936a79b Expose TypeChecker. getAwaitedType to public (#59268)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript&package-manager=npm_and_yarn&previous-version=5.5.4&new-version=5.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 9 ++++----- package.json | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2f64501d..3ff7c66a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -33,7 +33,7 @@ "semantic-release": "^24.1.0", "ts-jest": "^29.2.5", "ts-node": "^10.9.2", - "typescript": "^5.5.4" + "typescript": "^5.6.2" } }, "node_modules/@ampproject/remapping": { @@ -12339,11 +12339,10 @@ } }, "node_modules/typescript": { - "version": "5.5.4", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.4.tgz", - "integrity": "sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==", + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.2.tgz", + "integrity": "sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw==", "dev": true, - "license": "Apache-2.0", "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" diff --git a/package.json b/package.json index 77f660c3..6646d4a0 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "semantic-release": "^24.1.0", "ts-jest": "^29.2.5", "ts-node": "^10.9.2", - "typescript": "^5.5.4" + "typescript": "^5.6.2" }, "dependencies": { "conventional-changelog-eslint": "^6.0.0" From 0b05733ffb87a95d5bebe403dd16b42b83f809bb Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 11 Sep 2024 09:56:56 +0000 Subject: [PATCH 06/42] Bump sbom action version --- .github/workflows/quality_checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index 52dd0c08..f854a3ea 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -46,7 +46,7 @@ jobs: echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc - name: Generate and check SBOMs - uses: NHSDigital/eps-action-sbom@main + uses: NHSDigital/eps-action-sbom@v2.0.0 - name: Upload SBOMs uses: actions/upload-artifact@v3 From ccedd030e64e26431ea48611651f9a6d4ae63367 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 11 Sep 2024 10:40:30 +0000 Subject: [PATCH 07/42] Test defining versions --- .github/workflows/quality_checks.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index f854a3ea..7312c990 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -46,7 +46,13 @@ jobs: echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc - name: Generate and check SBOMs - uses: NHSDigital/eps-action-sbom@v2.0.0 + uses: NHSDigital/eps-action-sbom@bump-npm + with: + build-args: | + PYTHON_VERSION=3.12 + POETRY_VERSION=0.0.1-alpha + NODE_VERSION=20 + - name: Upload SBOMs uses: actions/upload-artifact@v3 From 083c4032face87ac6dc92640a0df4c3e41374025 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Sep 2024 02:18:58 +0000 Subject: [PATCH 08/42] Upgrade: [dependabot] - bump boto3 from 1.35.15 to 1.35.16 (#475) Bumps [boto3](https://github.com/boto/boto3) from 1.35.15 to 1.35.16.
Commits
  • 8e66c0f Merge branch 'release-1.35.16'
  • dfb5205 Bumping version to 1.35.16
  • 2e3fdd3 Add changelog entries from botocore
  • c0eb62b Merge branch 'release-1.35.15' into develop
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.15&new-version=1.35.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 18 +++++++++--------- pyproject.toml | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/poetry.lock b/poetry.lock index fddcf9c9..c77b275d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "boto3" -version = "1.35.15" +version = "1.35.16" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.35.15-py3-none-any.whl", hash = "sha256:c8e3567a843bee89b826b71916748088386ccd48014f0f55f56288215a686048"}, - {file = "boto3-1.35.15.tar.gz", hash = "sha256:5e286daa84f945e4c57b133fc96bd2abbcf4066e5d4e63c591ce5e949913d6fd"}, + {file = "boto3-1.35.16-py3-none-any.whl", hash = "sha256:9c5b0ce4a25bb78d659478d1c552f1dbb7ff275aab3263bb41cdbef8bca28693"}, + {file = "boto3-1.35.16.tar.gz", hash = "sha256:9b96c210678cf430b16b49dee87db30f46044602bb9a605a465e1900f468a43f"}, ] [package.dependencies] -botocore = ">=1.35.15,<1.36.0" +botocore = ">=1.35.16,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.35.15" +version = "1.35.16" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.35.15-py3-none-any.whl", hash = "sha256:a01a7668941c9276ca7697fb0b09a47ab1f13e585c5ca6551270528f4e086de8"}, - {file = "botocore-1.35.15.tar.gz", hash = "sha256:bbfe4f6cd417d1d097900db062f1017e5185775acdeccd0eff1ec0f499633242"}, + {file = "botocore-1.35.16-py3-none-any.whl", hash = "sha256:3564a980d95ff2861a6ca74313173d8778aa659125c63cf49c93ad23896c63b1"}, + {file = "botocore-1.35.16.tar.gz", hash = "sha256:1b48c94e8a4bbe23143f3d1c21a32b9ffc7476b651ef42371ab45d678f6dbfbc"}, ] [package.dependencies] @@ -141,7 +141,7 @@ python-dateutil = ">=2.1,<3.0.0" urllib3 = {version = ">=1.25.4,<2.2.0 || >2.2.0,<3", markers = "python_version >= \"3.10\""} [package.extras] -crt = ["awscrt (==0.21.2)"] +crt = ["awscrt (==0.21.5)"] [[package]] name = "certifi" @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "ba7d476d4bb256815358528ace44b89f0da061887025372dd909dd134dfbe10b" +content-hash = "ac742eea693f7e230c799dafd2cee58fe14ccf1560750bf6eb460aaf7742f2bf" diff --git a/pyproject.toml b/pyproject.toml index e98448ac..2042ee2d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ jsonpath-rw = "^1.4.0" semver = "^3.0.2" gitpython = "^3.1.43" requests = "^2.32.3" -boto3 = "^1.35.15" +boto3 = "^1.35.16" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.2" From 28d2855d886ae119c9c7791909f21bec389a475a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Sep 2024 02:25:43 +0000 Subject: [PATCH 09/42] Upgrade: [dependabot] - bump pytest from 8.3.2 to 8.3.3 (#476) Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.2 to 8.3.3.
Release notes

Sourced from pytest's releases.

8.3.3

pytest 8.3.3 (2024-09-09)

Bug fixes

  • #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by asottile{.interpreted-text role="user"}

  • #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1.

  • #12667: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.

  • #12744: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by Avasam{.interpreted-text role="user"}

  • #12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.

  • #6682: Fixed bug where the verbosity levels where not being respected when printing the "msg" part of failed assertion (as in assert condition, msg).

  • #9422: Fix bug where disabling the terminal plugin via -p no:terminal would cause crashes related to missing the verbose option.

    -- by GTowers1{.interpreted-text role="user"}

Improved documentation

  • #12663: Clarify that the [pytest_deselected]{.title-ref} hook should be called from [pytest_collection_modifyitems]{.title-ref} hook implementations when items are deselected.
  • #12678: Remove erroneous quotes from [tmp_path_retention_policy]{.title-ref} example in docs.

Miscellaneous internal changes

  • #12769: Fix typos discovered by codespell and add codespell to pre-commit hooks.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=pip&previous-version=8.3.2&new-version=8.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 8 ++++---- pyproject.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index c77b275d..6e94f2f5 100644 --- a/poetry.lock +++ b/poetry.lock @@ -951,13 +951,13 @@ files = [ [[package]] name = "pytest" -version = "8.3.2" +version = "8.3.3" description = "pytest: simple powerful testing with Python" optional = false python-versions = ">=3.8" files = [ - {file = "pytest-8.3.2-py3-none-any.whl", hash = "sha256:4ba08f9ae7dcf84ded419494d229b48d0903ea6407b030eaec46df5e6a73bba5"}, - {file = "pytest-8.3.2.tar.gz", hash = "sha256:c132345d12ce551242c87269de812483f5bcc87cdbb4722e48487ba194f9fdce"}, + {file = "pytest-8.3.3-py3-none-any.whl", hash = "sha256:a6853c7375b2663155079443d2e45de913a911a11d669df02a50814944db57b2"}, + {file = "pytest-8.3.3.tar.gz", hash = "sha256:70b98107bd648308a7952b06e6ca9a50bc660be218d53c257cc1fc94fda10181"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "ac742eea693f7e230c799dafd2cee58fe14ccf1560750bf6eb460aaf7742f2bf" +content-hash = "06cdfcaa70a495e16f181f31cffbcbc18f962f60e6eb2e56f411f4817f86948f" diff --git a/pyproject.toml b/pyproject.toml index 2042ee2d..2a595ea5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -34,7 +34,7 @@ requests = "^2.32.3" boto3 = "^1.35.16" argparse = "^1.4.0" pre-commit = "^3.5.0" -pytest = "^8.3.2" +pytest = "^8.3.3" cfn-lint = "^1.12.4" [tool.poetry.dev-dependencies] From 21e99b052acb6f1c0e14f7a691775fad9220e9ab Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 11 Sep 2024 10:56:04 +0000 Subject: [PATCH 10/42] Use inputs --- .github/workflows/quality_checks.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index 7312c990..1eeee0f1 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -48,10 +48,8 @@ jobs: - name: Generate and check SBOMs uses: NHSDigital/eps-action-sbom@bump-npm with: - build-args: | - PYTHON_VERSION=3.12 - POETRY_VERSION=0.0.1-alpha - NODE_VERSION=20 + python_version: 3.12 + node_version: 20 - name: Upload SBOMs From b5c2ee297d2667bba1cf606c73cbc4336222af5a Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 11 Sep 2024 11:12:42 +0000 Subject: [PATCH 11/42] Ditch python input (makes no difference to scan) --- .github/workflows/quality_checks.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index 1eeee0f1..3fe23192 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -48,7 +48,6 @@ jobs: - name: Generate and check SBOMs uses: NHSDigital/eps-action-sbom@bump-npm with: - python_version: 3.12 node_version: 20 From ecddf34344b377cea727301e4f8edd0d60cdaad6 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 11 Sep 2024 14:50:40 +0000 Subject: [PATCH 12/42] Try npm 20 SBOM --- .github/workflows/quality_checks.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index 3fe23192..7ba519c6 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -46,9 +46,7 @@ jobs: echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc - name: Generate and check SBOMs - uses: NHSDigital/eps-action-sbom@bump-npm - with: - node_version: 20 + uses: NHSDigital/eps-action-sbom@npm20_version - name: Upload SBOMs From 69a02187cfee8a200faec9b47fef58e8b4573e22 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 11 Sep 2024 15:13:58 +0000 Subject: [PATCH 13/42] Move the SBOM generation to after make install --- .github/workflows/quality_checks.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml index 7ba519c6..b85279f1 100644 --- a/.github/workflows/quality_checks.yml +++ b/.github/workflows/quality_checks.yml @@ -45,20 +45,19 @@ jobs: echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc + - name: make install + run: | + make install + - name: Generate and check SBOMs uses: NHSDigital/eps-action-sbom@npm20_version - - + - name: Upload SBOMs uses: actions/upload-artifact@v3 with: name: SBOMS path: '**/*sbom*.json' - - - name: make install - run: | - make install - + - name: run check-licenses run: make check-licenses From ca72ab0b779cd5439b3902faa7de91e51f35059a Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Thu, 12 Sep 2024 08:56:33 +0000 Subject: [PATCH 14/42] Ignore known issues --- ignored_security_issues.json | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ignored_security_issues.json diff --git a/ignored_security_issues.json b/ignored_security_issues.json new file mode 100644 index 00000000..8a884b11 --- /dev/null +++ b/ignored_security_issues.json @@ -0,0 +1,4 @@ +[ + "GHSA-8rmg-jf7p-4p22", + "GHSA-gc25-3vc5-2jf9" +] From 9e71ce4df7b9819c2e02877fe80735ff6a31aa0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 02:32:52 +0000 Subject: [PATCH 15/42] Upgrade: [dependabot] - bump boto3 from 1.35.14 to 1.35.15 (#471) Bumps [boto3](https://github.com/boto/boto3) from 1.35.14 to 1.35.15.
Commits
  • 2aaacf9 Merge branch 'release-1.35.15'
  • 3e5952c Bumping version to 1.35.15
  • 895bafa Add changelog entries from botocore
  • fe53908 Merge branch 'release-1.35.14' into develop
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.14&new-version=1.35.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 16 ++++++++-------- pyproject.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/poetry.lock b/poetry.lock index 6e94f2f5..c905f625 100644 --- a/poetry.lock +++ b/poetry.lock @@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "boto3" -version = "1.35.16" +version = "1.35.15" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.35.16-py3-none-any.whl", hash = "sha256:9c5b0ce4a25bb78d659478d1c552f1dbb7ff275aab3263bb41cdbef8bca28693"}, - {file = "boto3-1.35.16.tar.gz", hash = "sha256:9b96c210678cf430b16b49dee87db30f46044602bb9a605a465e1900f468a43f"}, + {file = "boto3-1.35.15-py3-none-any.whl", hash = "sha256:c8e3567a843bee89b826b71916748088386ccd48014f0f55f56288215a686048"}, + {file = "boto3-1.35.15.tar.gz", hash = "sha256:5e286daa84f945e4c57b133fc96bd2abbcf4066e5d4e63c591ce5e949913d6fd"}, ] [package.dependencies] -botocore = ">=1.35.16,<1.36.0" +botocore = ">=1.35.15,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.35.16" +version = "1.35.15" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.35.16-py3-none-any.whl", hash = "sha256:3564a980d95ff2861a6ca74313173d8778aa659125c63cf49c93ad23896c63b1"}, - {file = "botocore-1.35.16.tar.gz", hash = "sha256:1b48c94e8a4bbe23143f3d1c21a32b9ffc7476b651ef42371ab45d678f6dbfbc"}, + {file = "botocore-1.35.15-py3-none-any.whl", hash = "sha256:a01a7668941c9276ca7697fb0b09a47ab1f13e585c5ca6551270528f4e086de8"}, + {file = "botocore-1.35.15.tar.gz", hash = "sha256:bbfe4f6cd417d1d097900db062f1017e5185775acdeccd0eff1ec0f499633242"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "06cdfcaa70a495e16f181f31cffbcbc18f962f60e6eb2e56f411f4817f86948f" +content-hash = "ba7d476d4bb256815358528ace44b89f0da061887025372dd909dd134dfbe10b" diff --git a/pyproject.toml b/pyproject.toml index 2a595ea5..79f2cf70 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ jsonpath-rw = "^1.4.0" semver = "^3.0.2" gitpython = "^3.1.43" requests = "^2.32.3" -boto3 = "^1.35.16" +boto3 = "^1.35.15" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.3" From dc47c3d3928789f5101f146d3f836ebb8b531bbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 03:10:16 +0000 Subject: [PATCH 16/42] Upgrade: [dependabot] - bump @typescript-eslint/parser from 8.4.0 to 8.5.0 (#472) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.4.0 to 8.5.0.
Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.5.0

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary | undefined for optional parameters (#9479)
  • eslint-plugin: [no-unsafe-argument] differentiate error types (#9920)
  • typescript-estree: default projectService.defaultProject to 'tsconfig.json' (#9893)

🩹 Fixes

  • deps: update dependency prism-react-renderer to v2.4.0 (#9943)
  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer (#9898)
  • eslint-plugin: [no-misused-promises] handle static method (#9951)
  • eslint-plugin: [no-unnecessary-type-parameters] fix AST quick path scope analysis (#9900)
  • eslint-plugin: [consistent-type-assertions] access parser services lazily (#9921)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.5.0 (2024-09-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/parser&package-manager=npm_and_yarn&previous-version=8.4.0&new-version=8.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 77 ++++++++++++++++++++++++++++++++++++++++++++++- package.json | 2 +- 2 files changed, 77 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3ff7c66a..b8ab7050 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.12", "@types/node": "^22.5.4", - "@typescript-eslint/eslint-plugin": "^8.5.0", + "@typescript-eslint/eslint-plugin": "^8.4.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", @@ -2823,6 +2823,81 @@ } } }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.5.0.tgz", + "integrity": "sha512-06JOQ9Qgj33yvBEx6tpC8ecP9o860rsR22hWMEd12WcTRrfaFgHr2RB/CA/B+7BMhHkXT4chg2MyboGdFGawYg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.5.0", + "@typescript-eslint/visitor-keys": "8.5.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.5.0.tgz", + "integrity": "sha512-qjkormnQS5wF9pjSi6q60bKUHH44j2APxfh9TQRXK8wbYVeDYYdYJGIROL87LGZZ2gz3Rbmjc736qyL8deVtdw==", + "dev": true, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.5.0.tgz", + "integrity": "sha512-vEG2Sf9P8BPQ+d0pxdfndw3xIXaoSjliG0/Ejk7UggByZPKXmJmw3GW5jV2gHNQNawBUyfahoSiCFVov0Ruf7Q==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.5.0", + "@typescript-eslint/visitor-keys": "8.5.0", + "debug": "^4.3.4", + "fast-glob": "^3.3.2", + "is-glob": "^4.0.3", + "minimatch": "^9.0.4", + "semver": "^7.6.0", + "ts-api-utils": "^1.3.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.5.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.5.0.tgz", + "integrity": "sha512-yTPqMnbAZJNy2Xq2XU8AdtOW9tJIr+UQb64aXB9f3B1498Zx9JorVgFJcZpEc9UBuCCrdzKID2RGAMkYcDtZOw==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.5.0", + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/scope-manager": { "version": "8.5.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.5.0.tgz", diff --git a/package.json b/package.json index 6646d4a0..1e81e544 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.12", "@types/node": "^22.5.4", - "@typescript-eslint/eslint-plugin": "^8.5.0", + "@typescript-eslint/eslint-plugin": "^8.4.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", From 5f360058bd7115f7a904a31b595c80d665cb21cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 03:16:43 +0000 Subject: [PATCH 17/42] Upgrade: [dependabot] - bump @typescript-eslint/eslint-plugin from 8.4.0 to 8.5.0 (#474) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.4.0 to 8.5.0.
Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.5.0

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary | undefined for optional parameters (#9479)
  • eslint-plugin: [no-unsafe-argument] differentiate error types (#9920)
  • typescript-estree: default projectService.defaultProject to 'tsconfig.json' (#9893)

🩹 Fixes

  • deps: update dependency prism-react-renderer to v2.4.0 (#9943)
  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer (#9898)
  • eslint-plugin: [no-misused-promises] handle static method (#9951)
  • eslint-plugin: [no-unnecessary-type-parameters] fix AST quick path scope analysis (#9900)
  • eslint-plugin: [consistent-type-assertions] access parser services lazily (#9921)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary `

  • eslint-plugin: [no-unsafe-argument] differentiate error types

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer

  • eslint-plugin: [no-misused-promises] handle static method

  • eslint-plugin: [no-unnecessary-type-parameters] fix AST quick path scope analysis

  • eslint-plugin: [consistent-type-assertions] access parser services lazily

❤️ Thank You

  • f44da958e
  • Josh Goldberg ✨
  • Kirk Waiblinger
  • YeonJuan

You can read about our versioning strategy and releases on our website.

Commits
  • 4d31ebe chore(release): publish 8.5.0
  • 918bdf4 fix(eslint-plugin): [consistent-type-assertions] access parser services lazil...
  • 4f6a97b fix(eslint-plugin): [no-unnecessary-type-parameters] fix AST quick path scope...
  • dbcade8 docs: [no-floating-promises] add MDN link regarding void operator (#9953)
  • ead85a3 fix(eslint-plugin): [no-misused-promises] handle static method (#9951)
  • c49b91f feat(eslint-plugin): [no-unsafe-argument] differentiate error types (#9920)
  • 04d1bd0 docs: mark allowRuleToRunWithoutStrictNullChecksIKnowWhatIAmDoing options as ...
  • cafed6d chore: enable unicorn/prefer-array-some (#9932)
  • bee8c9d chore: enable unicorn/prefer-spread (#9834)
  • fe2a16e fix(eslint-plugin): [no-unnecessary-type-assertion] fix TSNonNullExpression f...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/eslint-plugin&package-manager=npm_and_yarn&previous-version=8.4.0&new-version=8.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 77 +---------------------------------------------- package.json | 2 +- 2 files changed, 2 insertions(+), 77 deletions(-) diff --git a/package-lock.json b/package-lock.json index b8ab7050..3ff7c66a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.12", "@types/node": "^22.5.4", - "@typescript-eslint/eslint-plugin": "^8.4.0", + "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", @@ -2823,81 +2823,6 @@ } } }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.5.0.tgz", - "integrity": "sha512-06JOQ9Qgj33yvBEx6tpC8ecP9o860rsR22hWMEd12WcTRrfaFgHr2RB/CA/B+7BMhHkXT4chg2MyboGdFGawYg==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "8.5.0", - "@typescript-eslint/visitor-keys": "8.5.0" - }, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.5.0.tgz", - "integrity": "sha512-qjkormnQS5wF9pjSi6q60bKUHH44j2APxfh9TQRXK8wbYVeDYYdYJGIROL87LGZZ2gz3Rbmjc736qyL8deVtdw==", - "dev": true, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.5.0.tgz", - "integrity": "sha512-vEG2Sf9P8BPQ+d0pxdfndw3xIXaoSjliG0/Ejk7UggByZPKXmJmw3GW5jV2gHNQNawBUyfahoSiCFVov0Ruf7Q==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "8.5.0", - "@typescript-eslint/visitor-keys": "8.5.0", - "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", - "minimatch": "^9.0.4", - "semver": "^7.6.0", - "ts-api-utils": "^1.3.0" - }, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.5.0.tgz", - "integrity": "sha512-yTPqMnbAZJNy2Xq2XU8AdtOW9tJIr+UQb64aXB9f3B1498Zx9JorVgFJcZpEc9UBuCCrdzKID2RGAMkYcDtZOw==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "8.5.0", - "eslint-visitor-keys": "^3.4.3" - }, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, "node_modules/@typescript-eslint/scope-manager": { "version": "8.5.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.5.0.tgz", diff --git a/package.json b/package.json index 1e81e544..6646d4a0 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.12", "@types/node": "^22.5.4", - "@typescript-eslint/eslint-plugin": "^8.4.0", + "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", From eeb1e5bf0b15ecc32026a209a4f68bd76bf8294d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Sep 2024 02:18:58 +0000 Subject: [PATCH 18/42] Upgrade: [dependabot] - bump boto3 from 1.35.15 to 1.35.16 (#475) Bumps [boto3](https://github.com/boto/boto3) from 1.35.15 to 1.35.16.
Commits
  • 8e66c0f Merge branch 'release-1.35.16'
  • dfb5205 Bumping version to 1.35.16
  • 2e3fdd3 Add changelog entries from botocore
  • c0eb62b Merge branch 'release-1.35.15' into develop
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.15&new-version=1.35.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 16 ++++++++-------- pyproject.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/poetry.lock b/poetry.lock index c905f625..0815fe18 100644 --- a/poetry.lock +++ b/poetry.lock @@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "boto3" -version = "1.35.15" +version = "1.35.16" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.35.15-py3-none-any.whl", hash = "sha256:c8e3567a843bee89b826b71916748088386ccd48014f0f55f56288215a686048"}, - {file = "boto3-1.35.15.tar.gz", hash = "sha256:5e286daa84f945e4c57b133fc96bd2abbcf4066e5d4e63c591ce5e949913d6fd"}, + {file = "boto3-1.35.16-py3-none-any.whl", hash = "sha256:9c5b0ce4a25bb78d659478d1c552f1dbb7ff275aab3263bb41cdbef8bca28693"}, + {file = "boto3-1.35.16.tar.gz", hash = "sha256:9b96c210678cf430b16b49dee87db30f46044602bb9a605a465e1900f468a43f"}, ] [package.dependencies] -botocore = ">=1.35.15,<1.36.0" +botocore = ">=1.35.16,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.35.15" +version = "1.35.16" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.35.15-py3-none-any.whl", hash = "sha256:a01a7668941c9276ca7697fb0b09a47ab1f13e585c5ca6551270528f4e086de8"}, - {file = "botocore-1.35.15.tar.gz", hash = "sha256:bbfe4f6cd417d1d097900db062f1017e5185775acdeccd0eff1ec0f499633242"}, + {file = "botocore-1.35.16-py3-none-any.whl", hash = "sha256:3564a980d95ff2861a6ca74313173d8778aa659125c63cf49c93ad23896c63b1"}, + {file = "botocore-1.35.16.tar.gz", hash = "sha256:1b48c94e8a4bbe23143f3d1c21a32b9ffc7476b651ef42371ab45d678f6dbfbc"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "ba7d476d4bb256815358528ace44b89f0da061887025372dd909dd134dfbe10b" +content-hash = "ac742eea693f7e230c799dafd2cee58fe14ccf1560750bf6eb460aaf7742f2bf" diff --git a/pyproject.toml b/pyproject.toml index 79f2cf70..2a595ea5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ jsonpath-rw = "^1.4.0" semver = "^3.0.2" gitpython = "^3.1.43" requests = "^2.32.3" -boto3 = "^1.35.15" +boto3 = "^1.35.16" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.3" From 37a97b1651151c3594581015d3dfc8d16dff60ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Sep 2024 02:25:43 +0000 Subject: [PATCH 19/42] Upgrade: [dependabot] - bump pytest from 8.3.2 to 8.3.3 (#476) Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.2 to 8.3.3.
Release notes

Sourced from pytest's releases.

8.3.3

pytest 8.3.3 (2024-09-09)

Bug fixes

  • #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by asottile{.interpreted-text role="user"}

  • #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1.

  • #12667: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.

  • #12744: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by Avasam{.interpreted-text role="user"}

  • #12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.

  • #6682: Fixed bug where the verbosity levels where not being respected when printing the "msg" part of failed assertion (as in assert condition, msg).

  • #9422: Fix bug where disabling the terminal plugin via -p no:terminal would cause crashes related to missing the verbose option.

    -- by GTowers1{.interpreted-text role="user"}

Improved documentation

  • #12663: Clarify that the [pytest_deselected]{.title-ref} hook should be called from [pytest_collection_modifyitems]{.title-ref} hook implementations when items are deselected.
  • #12678: Remove erroneous quotes from [tmp_path_retention_policy]{.title-ref} example in docs.

Miscellaneous internal changes

  • #12769: Fix typos discovered by codespell and add codespell to pre-commit hooks.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pytest&package-manager=pip&previous-version=8.3.2&new-version=8.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poetry.lock b/poetry.lock index 0815fe18..6e94f2f5 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "ac742eea693f7e230c799dafd2cee58fe14ccf1560750bf6eb460aaf7742f2bf" +content-hash = "06cdfcaa70a495e16f181f31cffbcbc18f962f60e6eb2e56f411f4817f86948f" From de534f854b963705f3701876cec9990209b6c72f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 02:47:14 +0000 Subject: [PATCH 20/42] Upgrade: [dependabot] - bump boto3 from 1.35.16 to 1.35.17 (#477) Bumps [boto3](https://github.com/boto/boto3) from 1.35.16 to 1.35.17.
Commits
  • 460ee25 Merge branch 'release-1.35.17'
  • b49ad9b Bumping version to 1.35.17
  • d9e2964 Add changelog entries from botocore
  • 4e31351 Merge branch 'release-1.35.16' into develop
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.16&new-version=1.35.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 16 ++++++++-------- pyproject.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/poetry.lock b/poetry.lock index 6e94f2f5..1d83b4d4 100644 --- a/poetry.lock +++ b/poetry.lock @@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "boto3" -version = "1.35.16" +version = "1.35.17" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.35.16-py3-none-any.whl", hash = "sha256:9c5b0ce4a25bb78d659478d1c552f1dbb7ff275aab3263bb41cdbef8bca28693"}, - {file = "boto3-1.35.16.tar.gz", hash = "sha256:9b96c210678cf430b16b49dee87db30f46044602bb9a605a465e1900f468a43f"}, + {file = "boto3-1.35.17-py3-none-any.whl", hash = "sha256:67268aa6c4043e9fdeb4ab3c1e9032f44a6fa168c789af5e351f63f1f8880a2f"}, + {file = "boto3-1.35.17.tar.gz", hash = "sha256:4a32db8793569ee5f13c5bf3efb260193353cb8946bf6426e3c330b61c68e59d"}, ] [package.dependencies] -botocore = ">=1.35.16,<1.36.0" +botocore = ">=1.35.17,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.35.16" +version = "1.35.17" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.35.16-py3-none-any.whl", hash = "sha256:3564a980d95ff2861a6ca74313173d8778aa659125c63cf49c93ad23896c63b1"}, - {file = "botocore-1.35.16.tar.gz", hash = "sha256:1b48c94e8a4bbe23143f3d1c21a32b9ffc7476b651ef42371ab45d678f6dbfbc"}, + {file = "botocore-1.35.17-py3-none-any.whl", hash = "sha256:a93f773ca93139529b5d36730b382dbee63ab4c7f26129aa5c84835255ca999d"}, + {file = "botocore-1.35.17.tar.gz", hash = "sha256:0d35d03ea647b5d464c7f77bdab6fb23ae5d49752b13cf97ab84444518c7b1bd"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "06cdfcaa70a495e16f181f31cffbcbc18f962f60e6eb2e56f411f4817f86948f" +content-hash = "4ec066a75c7862dfebb80e0510a99502a36603da4d08e5dfef0c24af063c8877" diff --git a/pyproject.toml b/pyproject.toml index 2a595ea5..8a140619 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ jsonpath-rw = "^1.4.0" semver = "^3.0.2" gitpython = "^3.1.43" requests = "^2.32.3" -boto3 = "^1.35.16" +boto3 = "^1.35.17" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.3" From ecf5e5446bbf59776f3d2d84be34f64851505183 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 07:33:03 +0000 Subject: [PATCH 21/42] Upgrade: [dependabot] - bump @NHSDigital/eps-spine-client from 2.0.15 to 2.1.0 (#480) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@NHSDigital/eps-spine-client](https://github.com/NHSDigital/nhs-eps-spine-client) from 2.0.15 to 2.1.0.
Release notes

Sourced from @​NHSDigital/eps-spine-client's releases.

v2.1.0

2.1.0 (2024-09-11)

New

  • [AEA-3614] - Adds Clinical View Interaction (#205) (8afec51)
  • [AEA-3751] - Modify the Spine Client to expose an interface to call the 'Search' Spine interaction (#199) (8436248)

Upgrade

  • [dependabot] - bump @​types/node from 22.5.3 to 22.5.4 (#207) (d5eca5a)
  • [dependabot] - bump @​typescript-eslint/eslint-plugin from 8.4.0 to 8.5.0 (#210) (55d1975)
  • [dependabot] - bump @​typescript-eslint/parser from 8.4.0 to 8.5.0 (#209) (339635f)
  • [dependabot] - bump eslint from 9.9.1 to 9.10.0 (#208) (10f1652)
  • [dependabot] - bump typescript from 5.5.4 to 5.6.2 (#211) (4a894a9)
Commits
  • 4a894a9 Upgrade: [dependabot] - bump typescript from 5.5.4 to 5.6.2 (#211)
  • 55d1975 Upgrade: [dependabot] - bump @​typescript-eslint/eslint-plugin from 8.4.0 to 8...
  • 339635f Upgrade: [dependabot] - bump @​typescript-eslint/parser from 8.4.0 to 8.5.0 (#...
  • 8436248 New: [AEA-3751] - Modify the Spine Client to expose an interface to call the ...
  • 10f1652 Upgrade: [dependabot] - bump eslint from 9.9.1 to 9.10.0 (#208)
  • 8afec51 New: [AEA-3614] - Adds Clinical View Interaction (#205)
  • d5eca5a Upgrade: [dependabot] - bump @​types/node from 22.5.3 to 22.5.4 (#207)
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@NHSDigital/eps-spine-client&package-manager=npm_and_yarn&previous-version=2.0.15&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com> --- package-lock.json | 25 ++++++++++++++++++++----- packages/statusLambda/package.json | 2 +- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3ff7c66a..919cea87 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1867,16 +1867,18 @@ } }, "node_modules/@NHSDigital/eps-spine-client": { - "version": "2.0.15", - "resolved": "https://npm.pkg.github.com/download/@NHSDigital/eps-spine-client/2.0.15/67f8f8fa5d22bdd5b2413493be6b6a51d63bcdc1", - "integrity": "sha512-kiJuPVAFPv0xCfYPs/l08KtNm1BH5pdEeI3hXIswVz2N2SjGVP1GC/73e1ksEgFDjQaLHZiPXQGCrxqFe8kGAw==", + "version": "2.1.0", + "resolved": "https://npm.pkg.github.com/download/@NHSDigital/eps-spine-client/2.1.0/dd5e971e78525000dca1a5e4ccd1e5e18bb257d1", + "integrity": "sha512-YAI4ACIc5ZoJLZ0ugNTL7gSD5u8Z0OG3AWJ10eyBDVPnn0C/tZO2OcBJGpLJBjNZPpSnovDtkcJLeCwbBSDuWg==", "license": "MIT", "dependencies": { "@aws-lambda-powertools/logger": "^2.7.0", + "@types/mustache": "^4.2.5", "aws-lambda": "^1.0.7", "axios": "^1.7.7", "axios-retry": "^4.5.0", - "conventional-changelog-eslint": "^6.0.0" + "conventional-changelog-eslint": "^6.0.0", + "mustache": "^4.2.0" } }, "node_modules/@nodelib/fs.scandir": { @@ -2714,6 +2716,11 @@ "pretty-format": "^29.0.0" } }, + "node_modules/@types/mustache": { + "version": "4.2.5", + "resolved": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "integrity": "sha512-PLwiVvTBg59tGFL/8VpcGvqOu3L4OuveNvPi0EYbWchRdEVP++yRUXJPFl+CApKEq13017/4Nf7aQ5lTtHUNsA==" + }, "node_modules/@types/node": { "version": "22.5.4", "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.4.tgz", @@ -7460,6 +7467,14 @@ "dev": true, "license": "MIT" }, + "node_modules/mustache": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "integrity": "sha512-71ippSywq5Yb7/tVYyGbkBggbU8H3u5Rz56fH60jGFgr8uHwxs+aSKeqmluIVzM0m0kB7xQjKS6qPfd0b2ZoqQ==", + "bin": { + "mustache": "bin/mustache" + } + }, "node_modules/mz": { "version": "2.7.0", "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", @@ -12828,7 +12843,7 @@ "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", "@nhs/fhir-middy-error-handler": "^2.1.2", - "@NHSDigital/eps-spine-client": "^2.0.15" + "@NHSDigital/eps-spine-client": "^2.1.0" }, "devDependencies": { "axios-mock-adapter": "^2.0.0", diff --git a/packages/statusLambda/package.json b/packages/statusLambda/package.json index 2a613d6b..2345d81d 100644 --- a/packages/statusLambda/package.json +++ b/packages/statusLambda/package.json @@ -19,7 +19,7 @@ "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", "@nhs/fhir-middy-error-handler": "^2.1.2", - "@NHSDigital/eps-spine-client": "^2.0.15" + "@NHSDigital/eps-spine-client": "^2.1.0" }, "devDependencies": { "axios-mock-adapter": "^2.0.0", From 6f2fd08929741fecfb5e957499dc1722c402aff5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 07:40:05 +0000 Subject: [PATCH 22/42] Upgrade: [dependabot] - bump @nhs/fhir-middy-error-handler from 2.1.2 to 2.1.3 (#478) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@nhs/fhir-middy-error-handler](https://github.com/NHSDigital/nhs-fhir-middy-error-handler) from 2.1.2 to 2.1.3.
Release notes

Sourced from @​nhs/fhir-middy-error-handler's releases.

v2.1.3

2.1.3 (2024-09-11)

Upgrade

  • [dependabot] - bump @​typescript-eslint/eslint-plugin from 8.4.0 to 8.5.0 (#198) (a8968e6)
  • [dependabot] - bump @​typescript-eslint/parser from 8.4.0 to 8.5.0 (#199) (10b781f)
  • [dependabot] - bump eslint from 9.9.1 to 9.10.0 (#196) (1aa91c1)
  • [dependabot] - bump typescript from 5.5.4 to 5.6.2 (#197) (e48a891)
Commits
  • a8968e6 Upgrade: [dependabot] - bump @​typescript-eslint/eslint-plugin from 8.4.0 to 8...
  • 10b781f Upgrade: [dependabot] - bump @​typescript-eslint/parser from 8.4.0 to 8.5.0 (#...
  • e48a891 Upgrade: [dependabot] - bump typescript from 5.5.4 to 5.6.2 (#197)
  • 1aa91c1 Upgrade: [dependabot] - bump eslint from 9.9.1 to 9.10.0 (#196)
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@nhs/fhir-middy-error-handler&package-manager=npm_and_yarn&previous-version=2.1.2&new-version=2.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 11 +++++------ packages/sandbox/package.json | 2 +- packages/statusLambda/package.json | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 919cea87..892161cc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1856,10 +1856,9 @@ } }, "node_modules/@nhs/fhir-middy-error-handler": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/@nhs/fhir-middy-error-handler/-/fhir-middy-error-handler-2.1.2.tgz", - "integrity": "sha512-sPUz2rkLRZ5FwTSaYi5aggPPP6glB52GgH2xmZ/05T5THAtmiwnag7wWn3fx5kuYAfJ0UFz1Icr4Gk+plVohcA==", - "license": "MIT", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/@nhs/fhir-middy-error-handler/-/fhir-middy-error-handler-2.1.3.tgz", + "integrity": "sha512-q2v9OKTVo95sdFlbPRCllOJgV+UoJtNUpOKJj+OWKSWjl4FNAqnwJewgiTk+pc0vPFaIHn4744/OJzggxGgUpQ==", "dependencies": { "@aws-lambda-powertools/logger": "^2.7.0", "@middy/core": "^5.4.7", @@ -12827,7 +12826,7 @@ "@aws-lambda-powertools/logger": "^2.7.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", - "@nhs/fhir-middy-error-handler": "^2.1.2" + "@nhs/fhir-middy-error-handler": "^2.1.3" }, "devDependencies": { "@clinicaltracker_common/testing": "^1.0.0" @@ -12842,7 +12841,7 @@ "@aws-lambda-powertools/parameters": "^2.7.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", - "@nhs/fhir-middy-error-handler": "^2.1.2", + "@nhs/fhir-middy-error-handler": "^2.1.3", "@NHSDigital/eps-spine-client": "^2.1.0" }, "devDependencies": { diff --git a/packages/sandbox/package.json b/packages/sandbox/package.json index 81d3687c..56a072b4 100644 --- a/packages/sandbox/package.json +++ b/packages/sandbox/package.json @@ -17,7 +17,7 @@ "@aws-lambda-powertools/logger": "^2.7.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", - "@nhs/fhir-middy-error-handler": "^2.1.2" + "@nhs/fhir-middy-error-handler": "^2.1.3" }, "devDependencies": { "@clinicaltracker_common/testing": "^1.0.0" diff --git a/packages/statusLambda/package.json b/packages/statusLambda/package.json index 2345d81d..6baa31e5 100644 --- a/packages/statusLambda/package.json +++ b/packages/statusLambda/package.json @@ -18,7 +18,7 @@ "@aws-lambda-powertools/parameters": "^2.7.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", - "@nhs/fhir-middy-error-handler": "^2.1.2", + "@nhs/fhir-middy-error-handler": "^2.1.3", "@NHSDigital/eps-spine-client": "^2.1.0" }, "devDependencies": { From b3bd38c623d7ae09ce724e6299dbb6388ba4b1c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 07:46:50 +0000 Subject: [PATCH 23/42] Upgrade: [dependabot] - bump semantic-release from 24.1.0 to 24.1.1 (#479) Bumps [semantic-release](https://github.com/semantic-release/semantic-release) from 24.1.0 to 24.1.1.
Release notes

Sourced from semantic-release's releases.

v24.1.1

24.1.1 (2024-09-11)

Bug Fixes

  • deps: update dependency hosted-git-info to v8 (#3436) (ab10ac1)
Commits
  • ab10ac1 fix(deps): update dependency hosted-git-info to v8 (#3436)
  • da5f8be chore(deps): update dependency sinon to v18.0.1 (#3440)
  • da38617 chore(deps): update dependency micromatch to v4.0.8 [security] (#3433)
  • 66ac996 ci(action): update actions/upload-artifact action to v4.4.0 (#3434)
  • 1d8d7af chore(deps): update npm to v10.8.3 (#3432)
  • 01f95fd chore(deps): update dependency nock to v13.5.5 (#3428)
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semantic-release&package-manager=npm_and_yarn&previous-version=24.1.0&new-version=24.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 23 ++++++++++------------- package.json | 2 +- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/package-lock.json b/package-lock.json index 892161cc..195aae7d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -30,7 +30,7 @@ "jest": "^29.7.0", "jest-junit": "^16.0.0", "license-checker": "^25.0.1", - "semantic-release": "^24.1.0", + "semantic-release": "^24.1.1", "ts-jest": "^29.2.5", "ts-node": "^10.9.2", "typescript": "^5.6.2" @@ -11187,11 +11187,10 @@ "license": "ISC" }, "node_modules/semantic-release": { - "version": "24.1.0", - "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-24.1.0.tgz", - "integrity": "sha512-FwaE2hKDHQn9G6GA7xmqsc9WnsjaFD/ppLM5PUg56Do9oKSCf+vH6cPeb3hEBV/m06n8Sh9vbVqPjHu/1onzQw==", + "version": "24.1.1", + "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-24.1.1.tgz", + "integrity": "sha512-4Ax2GxD411jUe9IdhOjMLuN+6wAj+aKjvOGngByrpD/iKL+UKN/2puQglhyI4gxNyy9XzEBMzBwbqpnEwbXGEg==", "dev": true, - "license": "MIT", "dependencies": { "@semantic-release/commit-analyzer": "^13.0.0-beta.1", "@semantic-release/error": "^4.0.0", @@ -11208,7 +11207,7 @@ "get-stream": "^6.0.0", "git-log-parser": "^1.2.0", "hook-std": "^3.0.0", - "hosted-git-info": "^7.0.0", + "hosted-git-info": "^8.0.0", "import-from-esm": "^1.3.1", "lodash-es": "^4.17.21", "marked": "^12.0.0", @@ -11357,16 +11356,15 @@ } }, "node_modules/semantic-release/node_modules/hosted-git-info": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", - "integrity": "sha512-puUZAUKT5m8Zzvs72XWy3HtvVbTWljRE66cP60bxJzAqf2DgICo7lYTY2IHUmLnNpjYvw5bvmoHvPc0QO2a62w==", + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.0.0.tgz", + "integrity": "sha512-4nw3vOVR+vHUOT8+U4giwe2tcGv+R3pwwRidUe67DoMBTjhrfr6rZYJVVwdkBE+Um050SG+X9tf0Jo4fOpn01w==", "dev": true, - "license": "ISC", "dependencies": { "lru-cache": "^10.0.1" }, "engines": { - "node": "^16.14.0 || >=18.0.0" + "node": "^18.17.0 || >=20.5.0" } }, "node_modules/semantic-release/node_modules/human-signals": { @@ -11409,8 +11407,7 @@ "version": "10.4.3", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", - "dev": true, - "license": "ISC" + "dev": true }, "node_modules/semantic-release/node_modules/npm-run-path": { "version": "5.3.0", diff --git a/package.json b/package.json index 6646d4a0..b8a36a8b 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "jest": "^29.7.0", "jest-junit": "^16.0.0", "license-checker": "^25.0.1", - "semantic-release": "^24.1.0", + "semantic-release": "^24.1.1", "ts-jest": "^29.2.5", "ts-node": "^10.9.2", "typescript": "^5.6.2" From fe92b2b0d1aa7d086f3c80ad22ca96568cbba792 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Mon, 16 Sep 2024 10:51:19 +0000 Subject: [PATCH 24/42] Make commands need some dev container infra --- .devcontainer/devcontainer.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index d0b8e46d..b57ffaf8 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -14,6 +14,14 @@ "source=${env:HOME}${env:USERPROFILE}/.gnupg,target=/home/vscode/.gnupg,type=bind", "source=${env:HOME}${env:USERPROFILE}/.npmrc,target=/home/vscode/.npmrc,type=bind" ], + "features": { + "ghcr.io/devcontainers/features/docker-outside-of-docker:1": { + "version": "latest", + "moby": "true", + "installDockerBuildx": "true" + } + }, + "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}/" }, "customizations": { "vscode": { "extensions": [ From a0ae8766285b8611c0329c0dbcf22c069f30a86e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Sep 2024 03:00:16 +0000 Subject: [PATCH 25/42] Upgrade: [dependabot] - bump boto3 from 1.35.17 to 1.35.18 (#481) Bumps [boto3](https://github.com/boto/boto3) from 1.35.17 to 1.35.18.
Commits
  • 9a862a7 Merge branch 'release-1.35.18'
  • b17398a Bumping version to 1.35.18
  • 3a12a82 Add changelog entries from botocore
  • 5d80cbe Merge branch 'release-1.35.17' into develop
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.17&new-version=1.35.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 16 ++++++++-------- pyproject.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/poetry.lock b/poetry.lock index 1d83b4d4..c5333306 100644 --- a/poetry.lock +++ b/poetry.lock @@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "boto3" -version = "1.35.17" +version = "1.35.18" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.35.17-py3-none-any.whl", hash = "sha256:67268aa6c4043e9fdeb4ab3c1e9032f44a6fa168c789af5e351f63f1f8880a2f"}, - {file = "boto3-1.35.17.tar.gz", hash = "sha256:4a32db8793569ee5f13c5bf3efb260193353cb8946bf6426e3c330b61c68e59d"}, + {file = "boto3-1.35.18-py3-none-any.whl", hash = "sha256:71e237d3997cf93425947854d7b121c577944f391ba633afb0659e1015364704"}, + {file = "boto3-1.35.18.tar.gz", hash = "sha256:fd130308f1f49d748a5fc63de92de79a995b51c79af3947ddde8815fcf0684fe"}, ] [package.dependencies] -botocore = ">=1.35.17,<1.36.0" +botocore = ">=1.35.18,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.35.17" +version = "1.35.18" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.35.17-py3-none-any.whl", hash = "sha256:a93f773ca93139529b5d36730b382dbee63ab4c7f26129aa5c84835255ca999d"}, - {file = "botocore-1.35.17.tar.gz", hash = "sha256:0d35d03ea647b5d464c7f77bdab6fb23ae5d49752b13cf97ab84444518c7b1bd"}, + {file = "botocore-1.35.18-py3-none-any.whl", hash = "sha256:1027083aeb1fe74057273410fd768e018e22f85adfbd717b5a69f578f7812b80"}, + {file = "botocore-1.35.18.tar.gz", hash = "sha256:e59da8b91ab06683d2725b6cbbb0383b30c68a241c3c63363f4c5bff59b3c0c0"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "4ec066a75c7862dfebb80e0510a99502a36603da4d08e5dfef0c24af063c8877" +content-hash = "c755c44d6d4d6901e42417bc21790860e18879c026783dbb240632bb18306980" diff --git a/pyproject.toml b/pyproject.toml index 8a140619..55f0fa93 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ jsonpath-rw = "^1.4.0" semver = "^3.0.2" gitpython = "^3.1.43" requests = "^2.32.3" -boto3 = "^1.35.17" +boto3 = "^1.35.18" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.3" From 6bdce71ba03e92bbdd65563346aaa8ed9efb38f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 15 Sep 2024 16:21:43 +0000 Subject: [PATCH 26/42] Upgrade: [dependabot] - bump @types/jest from 29.5.12 to 29.5.13 (#482) Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.13.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/jest&package-manager=npm_and_yarn&previous-version=29.5.12&new-version=29.5.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com> --- package-lock.json | 9 ++++----- package.json | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 195aae7d..977a6a56 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,7 @@ "@semantic-release/changelog": "^6.0.3", "@semantic-release/release-notes-generator": "^14.0.1", "@types/aws-lambda": "^8.10.145", - "@types/jest": "^29.5.12", + "@types/jest": "^29.5.13", "@types/node": "^22.5.4", "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", @@ -2705,11 +2705,10 @@ } }, "node_modules/@types/jest": { - "version": "29.5.12", - "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", - "integrity": "sha512-eDC8bTvT/QhYdxJAulQikueigY5AsdBRH2yDKW3yveW7svY3+DzN84/2NUgkw10RTiJbWqZrTtoGVdYlvFJdLw==", + "version": "29.5.13", + "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.13.tgz", + "integrity": "sha512-wd+MVEZCHt23V0/L642O5APvspWply/rGY5BcW4SUETo2UzPU3Z26qr8jC2qxpimI2jjx9h7+2cj2FwIr01bXg==", "dev": true, - "license": "MIT", "dependencies": { "expect": "^29.0.0", "pretty-format": "^29.0.0" diff --git a/package.json b/package.json index b8a36a8b..2102a181 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "@semantic-release/changelog": "^6.0.3", "@semantic-release/release-notes-generator": "^14.0.1", "@types/aws-lambda": "^8.10.145", - "@types/jest": "^29.5.12", + "@types/jest": "^29.5.13", "@types/node": "^22.5.4", "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", From 84c41090da3ed345d892eaf2d9dd2e18152e352b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 02:31:53 +0000 Subject: [PATCH 27/42] Upgrade: [dependabot] - bump @types/node from 22.5.4 to 22.5.5 (#483) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.5.4 to 22.5.5.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=22.5.4&new-version=22.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 9 ++++----- package.json | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 977a6a56..e779fc7e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "@semantic-release/release-notes-generator": "^14.0.1", "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.13", - "@types/node": "^22.5.4", + "@types/node": "^22.5.5", "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", @@ -2720,11 +2720,10 @@ "integrity": "sha512-PLwiVvTBg59tGFL/8VpcGvqOu3L4OuveNvPi0EYbWchRdEVP++yRUXJPFl+CApKEq13017/4Nf7aQ5lTtHUNsA==" }, "node_modules/@types/node": { - "version": "22.5.4", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.4.tgz", - "integrity": "sha512-FDuKUJQm/ju9fT/SeX/6+gBzoPzlVCzfzmGkwKvRHQVxi4BntVbyIwf6a4Xn62mrvndLiml6z/UBXIdEVjQLXg==", + "version": "22.5.5", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.5.tgz", + "integrity": "sha512-Xjs4y5UPO/CLdzpgR6GirZJx36yScjh73+2NlLlkFRSoQN8B0DpfXPdZGnvVmLRLOsqDpOfTNv7D9trgGhmOIA==", "dev": true, - "license": "MIT", "dependencies": { "undici-types": "~6.19.2" } diff --git a/package.json b/package.json index 2102a181..b85a71b8 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "@semantic-release/release-notes-generator": "^14.0.1", "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.13", - "@types/node": "^22.5.4", + "@types/node": "^22.5.5", "@typescript-eslint/eslint-plugin": "^8.5.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", From a2b7ac0dcd67eb0831d34f1e510bf6d78d31710e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 02:48:57 +0000 Subject: [PATCH 28/42] Upgrade: [dependabot] - bump boto3 from 1.35.18 to 1.35.19 (#485) Bumps [boto3](https://github.com/boto/boto3) from 1.35.18 to 1.35.19.
Commits
  • adf3a65 Merge branch 'release-1.35.19'
  • 0525d5f Bumping version to 1.35.19
  • 73688c0 Add changelog entries from botocore
  • a51a5eb Merge branch 'release-1.35.18' into develop
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=boto3&package-manager=pip&previous-version=1.35.18&new-version=1.35.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 16 ++++++++-------- pyproject.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/poetry.lock b/poetry.lock index c5333306..715452df 100644 --- a/poetry.lock +++ b/poetry.lock @@ -107,17 +107,17 @@ uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "boto3" -version = "1.35.18" +version = "1.35.19" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.35.18-py3-none-any.whl", hash = "sha256:71e237d3997cf93425947854d7b121c577944f391ba633afb0659e1015364704"}, - {file = "boto3-1.35.18.tar.gz", hash = "sha256:fd130308f1f49d748a5fc63de92de79a995b51c79af3947ddde8815fcf0684fe"}, + {file = "boto3-1.35.19-py3-none-any.whl", hash = "sha256:84b3fe1727945bc3cada832d969ddb3dc0d08fce1677064ca8bdc13a89c1a143"}, + {file = "boto3-1.35.19.tar.gz", hash = "sha256:9979fe674780a0b7100eae9156d74ee374cd1638a9f61c77277e3ce712f3e496"}, ] [package.dependencies] -botocore = ">=1.35.18,<1.36.0" +botocore = ">=1.35.19,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -126,13 +126,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.35.18" +version = "1.35.19" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.35.18-py3-none-any.whl", hash = "sha256:1027083aeb1fe74057273410fd768e018e22f85adfbd717b5a69f578f7812b80"}, - {file = "botocore-1.35.18.tar.gz", hash = "sha256:e59da8b91ab06683d2725b6cbbb0383b30c68a241c3c63363f4c5bff59b3c0c0"}, + {file = "botocore-1.35.19-py3-none-any.whl", hash = "sha256:c83f7f0cacfe7c19b109b363ebfa8736e570d24922f16ed371681f58ebab44a9"}, + {file = "botocore-1.35.19.tar.gz", hash = "sha256:42d6d8db7250cbd7899f786f9861e02cab17dc238f64d6acb976098ed9809625"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "c755c44d6d4d6901e42417bc21790860e18879c026783dbb240632bb18306980" +content-hash = "7690a282304f296f2704b8d85f4f9ff05f18133e29a8ff35809d4aad2aed908a" diff --git a/pyproject.toml b/pyproject.toml index 55f0fa93..44da14e6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ jsonpath-rw = "^1.4.0" semver = "^3.0.2" gitpython = "^3.1.43" requests = "^2.32.3" -boto3 = "^1.35.18" +boto3 = "^1.35.19" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.3" From 3924be86e78b149b5bde06d9f31df62f97feaec4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 02:55:34 +0000 Subject: [PATCH 29/42] Upgrade: [dependabot] - bump cfn-lint from 1.12.4 to 1.13.0 (#484) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) from 1.12.4 to 1.13.0.
Release notes

Sourced from cfn-lint's releases.

Release v1.13.0

What's Changed

New Contributors

Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.12.4...v1.13.0

Changelog

Sourced from cfn-lint's changelog.

v1.13.0

What's Changed

New Contributors

Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.12.4...v1.13.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cfn-lint&package-manager=pip&previous-version=1.12.4&new-version=1.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 8 ++++---- pyproject.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index 715452df..89a61b07 100644 --- a/poetry.lock +++ b/poetry.lock @@ -167,13 +167,13 @@ files = [ [[package]] name = "cfn-lint" -version = "1.12.4" +version = "1.13.0" description = "Checks CloudFormation templates for practices and behaviour that could potentially be improved" optional = false python-versions = ">=3.8" files = [ - {file = "cfn_lint-1.12.4-py3-none-any.whl", hash = "sha256:14c2faa79b421c0ceeb09e201f225ff984efea39b1dd34ba98979e4107b709d9"}, - {file = "cfn_lint-1.12.4.tar.gz", hash = "sha256:30fac1eec8acb1fb5f66300c8f2e17aaffad9788ccb7dc7f12bd0aee571300d1"}, + {file = "cfn_lint-1.13.0-py3-none-any.whl", hash = "sha256:f7823eac55168af8edde7c05076c79d27423f3748b39c759c22339f34d637306"}, + {file = "cfn_lint-1.13.0.tar.gz", hash = "sha256:5d193bc27403f3acbfcb941582596412905a13694d2bbf6d400764c6e4658341"}, ] [package.dependencies] @@ -1421,4 +1421,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "7690a282304f296f2704b8d85f4f9ff05f18133e29a8ff35809d4aad2aed908a" +content-hash = "3962b87f7f003d396950d182d1dc1167ee118fa7f7d8d8e0c3089b9cca3fc835" diff --git a/pyproject.toml b/pyproject.toml index 44da14e6..8cae28f7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -35,7 +35,7 @@ boto3 = "^1.35.19" argparse = "^1.4.0" pre-commit = "^3.5.0" pytest = "^8.3.3" -cfn-lint = "^1.12.4" +cfn-lint = "^1.13.0" [tool.poetry.dev-dependencies] flake8 = "^7.1.1" From 99161ebb8f21df8494c334a8e87bcc460860e508 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 02:24:47 +0000 Subject: [PATCH 30/42] Upgrade: [dependabot] - bump @aws-lambda-powertools/logger from 2.7.0 to 2.8.0 (#486) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@aws-lambda-powertools/logger](https://github.com/aws-powertools/powertools-lambda-typescript) from 2.7.0 to 2.8.0.
Release notes

Sourced from @​aws-lambda-powertools/logger's releases.

v2.8.0

Summary

This release introduces 1/ the ability store parameters on AWS System Manager Parameter Store using the Parameters utility, and 2/ a new option for Logger that you can use to specify the order of how keys appear in your JSON-structured logs.

We are also adding a new TRACE log level to align with AWS Lambda Advanced Logging Controls (ALC), and improved made improvements to errors in the Idempotency utility, which now include more details on the cause of the error.

Finally, you can now use our public AWS Lambda Layers in two new AWS Regions: ap-south-2 and me-central-1.

⭐️ Thanks to @​daschaa, @​arnabrahman, and @​timo92 for their contributions to this release!

Store parameters using SSM

Docs

In response to customer requests, you can now store parameters using AWS System Manager Parameter Store with the setParameter function. This new helper function fits right in with the other Parameters features you know and love, and provides a seamless experience without having to deal with the AWS SDK.

carbon-3

A big thank you to @​daschaa for working on this feature!

Specify log keys order

Docs

You can now change the order of the keys in your logs via the logRecordOrder constructor parameter when using Logger. This is useful when you want to customize how the logs are structured without having to create and maintain your own custom log formatter.

carbon-4

When you specify one or more keys in the logRecordOrder we’ll place these keys first, followed by all the other keys in the log.

Thank you to @​arnabrahman for adding this feature!

v1.x Reached End-of-Life (EOL)

Starting from September 1st 2024, v1.x of Powertools for AWS Lambda (TypeScript) has reached EOL and will not receive any further updates in accordance with our Versioning Policy.

We recommend you to upgrade to v2.x as soon as possible to continue receiving new feature and bug fixes. If you are having issues migrating and need support, please reach out via one of our channels or open a discussion on our repo.

Changes

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/logger's changelog.

2.8.0 (2024-09-16)

Bug Fixes

  • idempotency: include cause in idempotency persistence layer error (#2916) (47f0161)
  • tracer: include request pathname in trace data (#2955) (6864e53)

Features

  • logger: introduce log key reordering functionality (#2736) (9677258)
  • logger: introduce loglevel trace #1589 (#2902) (650252c)
  • parameters: adds setParameter function to store SSM parameters (#3020) (8fd5479)
Commits
  • af831b8 chore(ci): bump version to 2.8.0 (#3072)
  • e0cb52c chore(deps-dev): bump path-to-regexp to 6.3.0 (#3070)
  • 16f49b0 chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#3064)
  • e9adac4 chore(deps): bump the aws-sdk-v3 group across 1 directory with 9 updates (#3066)
  • 3a27424 chore(deps-dev): bump @​types/jest from 29.5.12 to 29.5.13 (#3063)
  • 078ccb5 chore(deps-dev): bump tsx from 4.19.0 to 4.19.1 (#3062)
  • 270afe5 chore(deps): bump vscode/devcontainers/javascript-node from aedf26c to `f1e...
  • db26958 improv(logger): streamline Logger types (#3054)
  • c0d2158 improv(tracer): set AWS_XRAY_CONTEXT_MISSING to IGNORE_ERROR when no valu...
  • 8a463ad chore(deps-dev): bump @​biomejs/biome from 1.8.3 to 1.9.0 (#3052)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@aws-lambda-powertools/logger&package-manager=npm_and_yarn&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 20 +++++++++----------- packages/sandbox/package.json | 2 +- packages/statusLambda/package.json | 2 +- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index e779fc7e..30732458 100644 --- a/package-lock.json +++ b/package-lock.json @@ -51,18 +51,16 @@ } }, "node_modules/@aws-lambda-powertools/commons": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/@aws-lambda-powertools/commons/-/commons-2.7.0.tgz", - "integrity": "sha512-IHDwmjJLiEVu8GfpHaHPrd7kEycHm/6Qh/6ssWGtyNZVDDJA/RzBmiRBnedx/As0h5njJmR28eNEkCNFA7rdSA==", - "license": "MIT-0" + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/@aws-lambda-powertools/commons/-/commons-2.8.0.tgz", + "integrity": "sha512-pdmX1GzvBogeR0njToCXeWpN7xPLct55uA0jHiF3T14G3GfCGPBxaJUanHC8qW58Y+GF8LbvoNOsOeS/Yz/kQA==" }, "node_modules/@aws-lambda-powertools/logger": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/@aws-lambda-powertools/logger/-/logger-2.7.0.tgz", - "integrity": "sha512-6nY26q7N5qH8eIDjV3ZBFxtNHx5M6cLQeQDP7kvdGPhRI3N0xWLsiaedMTByzRqaIDYjV3VXOaAIc9r59vCgbg==", - "license": "MIT-0", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/@aws-lambda-powertools/logger/-/logger-2.8.0.tgz", + "integrity": "sha512-CCTd2DEP+XOYZWvlZ1kaQnw9cxkT0Ep77XDXpB7/Gai9Ab0rATkiLxkOxhH5OsfoeHEqla396y/KJH5wx96CZw==", "dependencies": { - "@aws-lambda-powertools/commons": "^2.7.0", + "@aws-lambda-powertools/commons": "^2.8.0", "lodash.merge": "^4.6.2" }, "peerDependencies": { @@ -12818,7 +12816,7 @@ "license": "MIT", "dependencies": { "@aws-lambda-powertools/commons": "^2.7.0", - "@aws-lambda-powertools/logger": "^2.7.0", + "@aws-lambda-powertools/logger": "^2.8.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", "@nhs/fhir-middy-error-handler": "^2.1.3" @@ -12832,7 +12830,7 @@ "license": "MIT", "dependencies": { "@aws-lambda-powertools/commons": "^2.7.0", - "@aws-lambda-powertools/logger": "^2.7.0", + "@aws-lambda-powertools/logger": "^2.8.0", "@aws-lambda-powertools/parameters": "^2.7.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", diff --git a/packages/sandbox/package.json b/packages/sandbox/package.json index 56a072b4..0425d803 100644 --- a/packages/sandbox/package.json +++ b/packages/sandbox/package.json @@ -14,7 +14,7 @@ }, "dependencies": { "@aws-lambda-powertools/commons": "^2.7.0", - "@aws-lambda-powertools/logger": "^2.7.0", + "@aws-lambda-powertools/logger": "^2.8.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", "@nhs/fhir-middy-error-handler": "^2.1.3" diff --git a/packages/statusLambda/package.json b/packages/statusLambda/package.json index 6baa31e5..da9ea527 100644 --- a/packages/statusLambda/package.json +++ b/packages/statusLambda/package.json @@ -14,7 +14,7 @@ }, "dependencies": { "@aws-lambda-powertools/commons": "^2.7.0", - "@aws-lambda-powertools/logger": "^2.7.0", + "@aws-lambda-powertools/logger": "^2.8.0", "@aws-lambda-powertools/parameters": "^2.7.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", From 06d9d219caf5717b040177bc3087c19589d6be98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 02:31:21 +0000 Subject: [PATCH 31/42] Upgrade: [dependabot] - bump @aws-lambda-powertools/parameters from 2.7.0 to 2.8.0 (#490) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@aws-lambda-powertools/parameters](https://github.com/aws-powertools/powertools-lambda-typescript) from 2.7.0 to 2.8.0.
Release notes

Sourced from @​aws-lambda-powertools/parameters's releases.

v2.8.0

Summary

This release introduces 1/ the ability store parameters on AWS System Manager Parameter Store using the Parameters utility, and 2/ a new option for Logger that you can use to specify the order of how keys appear in your JSON-structured logs.

We are also adding a new TRACE log level to align with AWS Lambda Advanced Logging Controls (ALC), and improved made improvements to errors in the Idempotency utility, which now include more details on the cause of the error.

Finally, you can now use our public AWS Lambda Layers in two new AWS Regions: ap-south-2 and me-central-1.

⭐️ Thanks to @​daschaa, @​arnabrahman, and @​timo92 for their contributions to this release!

Store parameters using SSM

Docs

In response to customer requests, you can now store parameters using AWS System Manager Parameter Store with the setParameter function. This new helper function fits right in with the other Parameters features you know and love, and provides a seamless experience without having to deal with the AWS SDK.

carbon-3

A big thank you to @​daschaa for working on this feature!

Specify log keys order

Docs

You can now change the order of the keys in your logs via the logRecordOrder constructor parameter when using Logger. This is useful when you want to customize how the logs are structured without having to create and maintain your own custom log formatter.

carbon-4

When you specify one or more keys in the logRecordOrder we’ll place these keys first, followed by all the other keys in the log.

Thank you to @​arnabrahman for adding this feature!

v1.x Reached End-of-Life (EOL)

Starting from September 1st 2024, v1.x of Powertools for AWS Lambda (TypeScript) has reached EOL and will not receive any further updates in accordance with our Versioning Policy.

We recommend you to upgrade to v2.x as soon as possible to continue receiving new feature and bug fixes. If you are having issues migrating and need support, please reach out via one of our channels or open a discussion on our repo.

Changes

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/parameters's changelog.

2.8.0 (2024-09-16)

Bug Fixes

  • idempotency: include cause in idempotency persistence layer error (#2916) (47f0161)
  • tracer: include request pathname in trace data (#2955) (6864e53)

Features

  • logger: introduce log key reordering functionality (#2736) (9677258)
  • logger: introduce loglevel trace #1589 (#2902) (650252c)
  • parameters: adds setParameter function to store SSM parameters (#3020) (8fd5479)
Commits
  • af831b8 chore(ci): bump version to 2.8.0 (#3072)
  • e0cb52c chore(deps-dev): bump path-to-regexp to 6.3.0 (#3070)
  • 16f49b0 chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#3064)
  • e9adac4 chore(deps): bump the aws-sdk-v3 group across 1 directory with 9 updates (#3066)
  • 3a27424 chore(deps-dev): bump @​types/jest from 29.5.12 to 29.5.13 (#3063)
  • 078ccb5 chore(deps-dev): bump tsx from 4.19.0 to 4.19.1 (#3062)
  • 270afe5 chore(deps): bump vscode/devcontainers/javascript-node from aedf26c to `f1e...
  • db26958 improv(logger): streamline Logger types (#3054)
  • c0d2158 improv(tracer): set AWS_XRAY_CONTEXT_MISSING to IGNORE_ERROR when no valu...
  • 8a463ad chore(deps-dev): bump @​biomejs/biome from 1.8.3 to 1.9.0 (#3052)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@aws-lambda-powertools/parameters&package-manager=npm_and_yarn&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 11 +++++------ packages/statusLambda/package.json | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 30732458..2a630cf3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -73,12 +73,11 @@ } }, "node_modules/@aws-lambda-powertools/parameters": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/@aws-lambda-powertools/parameters/-/parameters-2.7.0.tgz", - "integrity": "sha512-fUt20q+qySAt72CuUqH5tu5bfdAqAmQLFWwXGZRqTblhnLayuj9XFfPiKdERA/pWoe2jkz2rhpFJCmyYsK7z3A==", - "license": "MIT-0", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/@aws-lambda-powertools/parameters/-/parameters-2.8.0.tgz", + "integrity": "sha512-VRNxX5r/1ROHSzjdBMEkZVDotzphgR5utNzyNT08RJNC0M0njSscUE+bcZ0YHO16xVGXJuMr/6OTkHGAw97Upw==", "dependencies": { - "@aws-lambda-powertools/commons": "^2.7.0" + "@aws-lambda-powertools/commons": "^2.8.0" }, "peerDependencies": { "@aws-sdk/client-appconfigdata": ">=3.x", @@ -12831,7 +12830,7 @@ "dependencies": { "@aws-lambda-powertools/commons": "^2.7.0", "@aws-lambda-powertools/logger": "^2.8.0", - "@aws-lambda-powertools/parameters": "^2.7.0", + "@aws-lambda-powertools/parameters": "^2.8.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", "@nhs/fhir-middy-error-handler": "^2.1.3", diff --git a/packages/statusLambda/package.json b/packages/statusLambda/package.json index da9ea527..a0c5ddf9 100644 --- a/packages/statusLambda/package.json +++ b/packages/statusLambda/package.json @@ -15,7 +15,7 @@ "dependencies": { "@aws-lambda-powertools/commons": "^2.7.0", "@aws-lambda-powertools/logger": "^2.8.0", - "@aws-lambda-powertools/parameters": "^2.7.0", + "@aws-lambda-powertools/parameters": "^2.8.0", "@middy/core": "^5.4.7", "@middy/input-output-logger": "^5.4.7", "@nhs/fhir-middy-error-handler": "^2.1.3", From b987927ad481b2055effdbe5a705cc1efec9a8e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 02:37:26 +0000 Subject: [PATCH 32/42] Upgrade: [dependabot] - bump @middy/input-output-logger from 5.4.7 to 5.5.0 (#488) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@middy/input-output-logger](https://github.com/middyjs/middy/tree/HEAD/packages/input-output-logger) from 5.4.7 to 5.5.0.
Release notes

Sourced from @​middy/input-output-logger's releases.

5.5.0

What's Changed

  • Add in notFoundResponse override to ws-router and http-router to allow returning a custom response. @​willfarrell

Full Changelog: https://github.com/middyjs/middy/compare/5.4.7...5.5.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@middy/input-output-logger&package-manager=npm_and_yarn&previous-version=5.4.7&new-version=5.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 11 +++++------ packages/sandbox/package.json | 2 +- packages/statusLambda/package.json | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2a630cf3..9012deb9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1840,10 +1840,9 @@ } }, "node_modules/@middy/input-output-logger": { - "version": "5.4.7", - "resolved": "https://registry.npmjs.org/@middy/input-output-logger/-/input-output-logger-5.4.7.tgz", - "integrity": "sha512-Q4tAs082hdbshbLgoH5bIUyhpBfMNoHxHNFIXzOpdec8HRg92npqgNaO0DSH2ZglJmqG3yEtXZM4D6TzT1+cUw==", - "license": "MIT", + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/@middy/input-output-logger/-/input-output-logger-5.5.0.tgz", + "integrity": "sha512-ayXY9RsiL5TQM5cMQNMXL8KUWvM1i5iYEl27Zb503dZi9J1QvoKdw0CY8IcNt2ivz/dUucwjZWdRcq/DpexWjg==", "engines": { "node": ">=18" }, @@ -12817,7 +12816,7 @@ "@aws-lambda-powertools/commons": "^2.7.0", "@aws-lambda-powertools/logger": "^2.8.0", "@middy/core": "^5.4.7", - "@middy/input-output-logger": "^5.4.7", + "@middy/input-output-logger": "^5.5.0", "@nhs/fhir-middy-error-handler": "^2.1.3" }, "devDependencies": { @@ -12832,7 +12831,7 @@ "@aws-lambda-powertools/logger": "^2.8.0", "@aws-lambda-powertools/parameters": "^2.8.0", "@middy/core": "^5.4.7", - "@middy/input-output-logger": "^5.4.7", + "@middy/input-output-logger": "^5.5.0", "@nhs/fhir-middy-error-handler": "^2.1.3", "@NHSDigital/eps-spine-client": "^2.1.0" }, diff --git a/packages/sandbox/package.json b/packages/sandbox/package.json index 0425d803..71cbbf44 100644 --- a/packages/sandbox/package.json +++ b/packages/sandbox/package.json @@ -16,7 +16,7 @@ "@aws-lambda-powertools/commons": "^2.7.0", "@aws-lambda-powertools/logger": "^2.8.0", "@middy/core": "^5.4.7", - "@middy/input-output-logger": "^5.4.7", + "@middy/input-output-logger": "^5.5.0", "@nhs/fhir-middy-error-handler": "^2.1.3" }, "devDependencies": { diff --git a/packages/statusLambda/package.json b/packages/statusLambda/package.json index a0c5ddf9..fb6be314 100644 --- a/packages/statusLambda/package.json +++ b/packages/statusLambda/package.json @@ -17,7 +17,7 @@ "@aws-lambda-powertools/logger": "^2.8.0", "@aws-lambda-powertools/parameters": "^2.8.0", "@middy/core": "^5.4.7", - "@middy/input-output-logger": "^5.4.7", + "@middy/input-output-logger": "^5.5.0", "@nhs/fhir-middy-error-handler": "^2.1.3", "@NHSDigital/eps-spine-client": "^2.1.0" }, From 4d9b3bcc7905b7eb051c43df2e627cc687b73a59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 02:44:15 +0000 Subject: [PATCH 33/42] Upgrade: [dependabot] - bump @typescript-eslint/eslint-plugin from 8.5.0 to 8.6.0 (#489) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.5.0 to 8.6.0.
Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.6.0

8.6.0 (2024-09-16)

🚀 Features

  • add allow option for restrict-template-expressions (#8556)
  • eslint-plugin: [no-unnecessary-condition] check switch cases (#9912)
  • eslint-plugin: [no-misused-promises] check array predicate return (#9955)
  • type-utils: isNullableType add Void logic (#9937)
  • typescript-estree: disable plugin loading by default in project service (#9964)

🩹 Fixes

  • eslint-plugin: [no-deprecated] don't report recursive types in destructuring assignment twice (#9969)
  • eslint-plugin: [no-deprecated] report on deprecated variables used in destructuring assignment (#9978)
  • eslint-plugin: [no-deprecated] report on deprecated properties with function-like types (#9977)
  • eslint-plugin: [no-unnecessary-condition] properly reflect multiple negations in message (#9940)
  • typescript-estree: don't throw on missing tsconfig.json by default in project service (#9989)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.6.0 (2024-09-16)

🚀 Features

  • add allow option for restrict-template-expressions

  • type-utils: isNullableType add Void logic

  • eslint-plugin: [no-unnecessary-condition] check switch cases

  • eslint-plugin: [no-misused-promises] check array predicate return

🩹 Fixes

  • eslint-plugin: [no-deprecated] don't report recursive types in destructuring assignment twice

  • eslint-plugin: [no-deprecated] report on deprecated variables used in destructuring assignment

  • eslint-plugin: [no-deprecated] report on deprecated properties with function-like types

  • eslint-plugin: [no-unnecessary-condition] properly reflect multiple negations in message

❤️ Thank You

  • Abraham Guo
  • auvred
  • Josh Goldberg ✨
  • Kim Sang Du
  • YeonJuan

You can read about our versioning strategy and releases on our website.

Commits
  • 343710e chore(release): publish 8.6.0
  • 454d37e feat(eslint-plugin): [no-misused-promises] check array predicate return (#9955)
  • af92611 feat: add allow option for restrict-template-expressions (#8556)
  • 2a809e2 test(eslint-plugin): [no-unnecessary-type-parameters] add tests with intrinsi...
  • 682299e feat(eslint-plugin): [no-unnecessary-condition] check switch cases (#9912)
  • 77e65df fix(eslint-plugin): [no-unnecessary-condition] properly reflect multiple nega...
  • c11ca06 chore(eslint-plugin): make utility for static member access (#9836)
  • 2a956b2 fix(eslint-plugin): [no-deprecated] report on deprecated properties with func...
  • 9a80067 fix(eslint-plugin): [no-deprecated] report on deprecated variables used in de...
  • 3710c9c feat(type-utils): isNullableType add Void logic (#9937)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/eslint-plugin&package-manager=npm_and_yarn&previous-version=8.5.0&new-version=8.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 218 ++++++++++++++++++++++++++++++++++++++++++---- package.json | 2 +- 2 files changed, 200 insertions(+), 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9012deb9..e5d64cac 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.13", "@types/node": "^22.5.5", - "@typescript-eslint/eslint-plugin": "^8.5.0", + "@typescript-eslint/eslint-plugin": "^8.6.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", @@ -2763,16 +2763,16 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.5.0.tgz", - "integrity": "sha512-lHS5hvz33iUFQKuPFGheAB84LwcJ60G8vKnEhnfcK1l8kGVLro2SFYW6K0/tj8FUhRJ0VHyg1oAfg50QGbPPHw==", + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.6.0.tgz", + "integrity": "sha512-UOaz/wFowmoh2G6Mr9gw60B1mm0MzUtm6Ic8G2yM1Le6gyj5Loi/N+O5mocugRGY+8OeeKmkMmbxNqUCq3B4Sg==", "dev": true, "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.5.0", - "@typescript-eslint/type-utils": "8.5.0", - "@typescript-eslint/utils": "8.5.0", - "@typescript-eslint/visitor-keys": "8.5.0", + "@typescript-eslint/scope-manager": "8.6.0", + "@typescript-eslint/type-utils": "8.6.0", + "@typescript-eslint/utils": "8.6.0", + "@typescript-eslint/visitor-keys": "8.6.0", "graphemer": "^1.4.0", "ignore": "^5.3.1", "natural-compare": "^1.4.0", @@ -2795,6 +2795,53 @@ } } }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.6.0.tgz", + "integrity": "sha512-ZuoutoS5y9UOxKvpc/GkvF4cuEmpokda4wRg64JEia27wX+PysIE9q+lzDtlHHgblwUWwo5/Qn+/WyTUvDwBHw==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.6.0", + "@typescript-eslint/visitor-keys": "8.6.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.6.0.tgz", + "integrity": "sha512-rojqFZGd4MQxw33SrOy09qIDS8WEldM8JWtKQLAjf/X5mGSeEFh5ixQlxssMNyPslVIk9yzWqXCsV2eFhYrYUw==", + "dev": true, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.6.0.tgz", + "integrity": "sha512-wapVFfZg9H0qOYh4grNVQiMklJGluQrOUiOhYRrQWhx7BY/+I1IYb8BczWNbbUpO+pqy0rDciv3lQH5E1bCLrg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.6.0", + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/parser": { "version": "8.5.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.5.0.tgz", @@ -2841,14 +2888,55 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.5.0.tgz", - "integrity": "sha512-N1K8Ix+lUM+cIDhL2uekVn/ZD7TZW+9/rwz8DclQpcQ9rk4sIL5CAlBC0CugWKREmDjBzI/kQqU4wkg46jWLYA==", + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.6.0.tgz", + "integrity": "sha512-dtePl4gsuenXVwC7dVNlb4mGDcKjDT/Ropsk4za/ouMBPplCLyznIaR+W65mvCvsyS97dymoBRrioEXI7k0XIg==", "dev": true, "dependencies": { - "@typescript-eslint/typescript-estree": "8.5.0", - "@typescript-eslint/utils": "8.5.0", + "@typescript-eslint/typescript-estree": "8.6.0", + "@typescript-eslint/utils": "8.6.0", + "debug": "^4.3.4", + "ts-api-utils": "^1.3.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.6.0.tgz", + "integrity": "sha512-rojqFZGd4MQxw33SrOy09qIDS8WEldM8JWtKQLAjf/X5mGSeEFh5ixQlxssMNyPslVIk9yzWqXCsV2eFhYrYUw==", + "dev": true, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.6.0.tgz", + "integrity": "sha512-MOVAzsKJIPIlLK239l5s06YXjNqpKTVhBVDnqUumQJja5+Y94V3+4VUFRA0G60y2jNnTVwRCkhyGQpavfsbq/g==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.6.0", + "@typescript-eslint/visitor-keys": "8.6.0", "debug": "^4.3.4", + "fast-glob": "^3.3.2", + "is-glob": "^4.0.3", + "minimatch": "^9.0.4", + "semver": "^7.6.0", "ts-api-utils": "^1.3.0" }, "engines": { @@ -2864,6 +2952,23 @@ } } }, + "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.6.0.tgz", + "integrity": "sha512-wapVFfZg9H0qOYh4grNVQiMklJGluQrOUiOhYRrQWhx7BY/+I1IYb8BczWNbbUpO+pqy0rDciv3lQH5E1bCLrg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.6.0", + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/types": { "version": "8.5.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.5.0.tgz", @@ -2906,15 +3011,15 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "8.5.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.5.0.tgz", - "integrity": "sha512-6yyGYVL0e+VzGYp60wvkBHiqDWOpT63pdMV2CVG4LVDd5uR6q1qQN/7LafBZtAtNIn/mqXjsSeS5ggv/P0iECw==", + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.6.0.tgz", + "integrity": "sha512-eNp9cWnYf36NaOVjkEUznf6fEgVy1TWpE0o52e4wtojjBx7D1UV2WAWGzR+8Y5lVFtpMLPwNbC67T83DWSph4A==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", - "@typescript-eslint/scope-manager": "8.5.0", - "@typescript-eslint/types": "8.5.0", - "@typescript-eslint/typescript-estree": "8.5.0" + "@typescript-eslint/scope-manager": "8.6.0", + "@typescript-eslint/types": "8.6.0", + "@typescript-eslint/typescript-estree": "8.6.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2927,6 +3032,81 @@ "eslint": "^8.57.0 || ^9.0.0" } }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.6.0.tgz", + "integrity": "sha512-ZuoutoS5y9UOxKvpc/GkvF4cuEmpokda4wRg64JEia27wX+PysIE9q+lzDtlHHgblwUWwo5/Qn+/WyTUvDwBHw==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.6.0", + "@typescript-eslint/visitor-keys": "8.6.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.6.0.tgz", + "integrity": "sha512-rojqFZGd4MQxw33SrOy09qIDS8WEldM8JWtKQLAjf/X5mGSeEFh5ixQlxssMNyPslVIk9yzWqXCsV2eFhYrYUw==", + "dev": true, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.6.0.tgz", + "integrity": "sha512-MOVAzsKJIPIlLK239l5s06YXjNqpKTVhBVDnqUumQJja5+Y94V3+4VUFRA0G60y2jNnTVwRCkhyGQpavfsbq/g==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.6.0", + "@typescript-eslint/visitor-keys": "8.6.0", + "debug": "^4.3.4", + "fast-glob": "^3.3.2", + "is-glob": "^4.0.3", + "minimatch": "^9.0.4", + "semver": "^7.6.0", + "ts-api-utils": "^1.3.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.6.0.tgz", + "integrity": "sha512-wapVFfZg9H0qOYh4grNVQiMklJGluQrOUiOhYRrQWhx7BY/+I1IYb8BczWNbbUpO+pqy0rDciv3lQH5E1bCLrg==", + "dev": true, + "dependencies": { + "@typescript-eslint/types": "8.6.0", + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, "node_modules/@typescript-eslint/visitor-keys": { "version": "8.5.0", "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.5.0.tgz", diff --git a/package.json b/package.json index b85a71b8..97eb33a9 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "@types/aws-lambda": "^8.10.145", "@types/jest": "^29.5.13", "@types/node": "^22.5.5", - "@typescript-eslint/eslint-plugin": "^8.5.0", + "@typescript-eslint/eslint-plugin": "^8.6.0", "@typescript-eslint/parser": "^8.5.0", "aws-lambda": "^1.0.7", "eslint": "^9.10.0", From 1457f0c44976d96947b418186999a14a3f7f32e5 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 11:00:15 +0000 Subject: [PATCH 34/42] Linter complains about this but I cant find an issue. Try deploying --- .github/workflows/ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0bdc118d..b5d2f1fb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,14 +2,17 @@ name: merge to main workflow on: push: - branches: [main] + branches: + - main env: BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} jobs: quality_checks: - uses: ./.github/workflows/quality_checks.yml + uses: NHSDigital/eps-workflow-quality-checks/workflows/quality-checks.yml@aea-000-dev + with: + node_version: "20" secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 073a1de860014976e7c3237cdc5b23d7bd5cc126 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 11:01:07 +0000 Subject: [PATCH 35/42] Remove old quality checks yaml --- .github/workflows/quality_checks.yml | 88 ---------------------------- 1 file changed, 88 deletions(-) delete mode 100644 .github/workflows/quality_checks.yml diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml deleted file mode 100644 index b85279f1..00000000 --- a/.github/workflows/quality_checks.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: quality checks - -on: - workflow_call: - secrets: - SONAR_TOKEN: - required: true - -jobs: - quality_checks: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ env.BRANCH_NAME }} - fetch-depth: 0 - - # using git commit sha for version of action to ensure we have stable version - - name: Install asdf - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.14.1 - - - name: Cache asdf - uses: actions/cache@v4 - with: - path: | - ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | - ${{ runner.os }}-asdf- - - - name: Install asdf dependencies in .tool-versions - uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.14.1 - env: - PYTHON_CONFIGURE_OPTS: --enable-shared - - - name: Setting up .npmrc - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc - echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc - - - name: make install - run: | - make install - - - name: Generate and check SBOMs - uses: NHSDigital/eps-action-sbom@npm20_version - - - name: Upload SBOMs - uses: actions/upload-artifact@v3 - with: - name: SBOMS - path: '**/*sbom*.json' - - - name: run check-licenses - run: make check-licenses - - - name: run lint - run: make lint - - - name: run unit tests - run: make test - - - name: Run cfn-guard - run: make cfn-guard - - - name: show cfn-guard output - if: failure() - run: find cfn_guard_output -type f -print0 | xargs -0 cat - - - uses: actions/upload-artifact@v4 - name: upload cfn_guard_output - if: failure() - with: - name: cfn_guard_output - path: cfn_guard_output - - - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From a601443b240e2c2fd60ef4b0734019f32b729bb8 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 11:05:36 +0000 Subject: [PATCH 36/42] Experimenting --- .github/workflows/ci.yml | 2 +- .github/workflows/pull_request.yml | 4 +++- .github/workflows/release.yml | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5d2f1fb..2c539fbf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/workflows/quality-checks.yml@aea-000-dev + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-000-dev with: node_version: "20" secrets: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 420abc4d..eb874747 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,7 +9,9 @@ env: jobs: quality_checks: - uses: ./.github/workflows/quality_checks.yml + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-000-dev + with: + node_version: "20" secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a6ef3097..15feb763 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,9 @@ env: jobs: quality_checks: - uses: ./.github/workflows/quality_checks.yml + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-000-dev + with: + node_version: "20" secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 563b45edc4281bb9afb2eed113355f031f3f97fa Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 11:59:03 +0000 Subject: [PATCH 37/42] Revert "Remove old quality checks yaml" This reverts commit b1f1ccadd33beac7744df41eccd4629f45c611c4. --- .github/workflows/quality_checks.yml | 88 ++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .github/workflows/quality_checks.yml diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml new file mode 100644 index 00000000..b85279f1 --- /dev/null +++ b/.github/workflows/quality_checks.yml @@ -0,0 +1,88 @@ +name: quality checks + +on: + workflow_call: + secrets: + SONAR_TOKEN: + required: true + +jobs: + quality_checks: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ env.BRANCH_NAME }} + fetch-depth: 0 + + # using git commit sha for version of action to ensure we have stable version + - name: Install asdf + uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.14.1 + + - name: Cache asdf + uses: actions/cache@v4 + with: + path: | + ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + restore-keys: | + ${{ runner.os }}-asdf- + + - name: Install asdf dependencies in .tool-versions + uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + with: + asdf_branch: v0.14.1 + env: + PYTHON_CONFIGURE_OPTS: --enable-shared + + - name: Setting up .npmrc + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc + echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc + + - name: make install + run: | + make install + + - name: Generate and check SBOMs + uses: NHSDigital/eps-action-sbom@npm20_version + + - name: Upload SBOMs + uses: actions/upload-artifact@v3 + with: + name: SBOMS + path: '**/*sbom*.json' + + - name: run check-licenses + run: make check-licenses + + - name: run lint + run: make lint + + - name: run unit tests + run: make test + + - name: Run cfn-guard + run: make cfn-guard + + - name: show cfn-guard output + if: failure() + run: find cfn_guard_output -type f -print0 | xargs -0 cat + + - uses: actions/upload-artifact@v4 + name: upload cfn_guard_output + if: failure() + with: + name: cfn_guard_output + path: cfn_guard_output + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 7c7380e055cd4c3e090fef2942a481adafbaf0b4 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 12:00:08 +0000 Subject: [PATCH 38/42] Revert 'Linter complains about this but I cant find an issue. Try deploying' This reverts commit e97a34dc187034172b9c05f1337437450a573fe1. --- .github/workflows/ci.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2c539fbf..0bdc118d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,17 +2,14 @@ name: merge to main workflow on: push: - branches: - - main + branches: [main] env: BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-000-dev - with: - node_version: "20" + uses: ./.github/workflows/quality_checks.yml secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 8bd6135af09a3af64898b9a095f5da1d31baeacc Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 12:33:35 +0000 Subject: [PATCH 39/42] Try again --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0bdc118d..c7b36599 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ env: jobs: quality_checks: - uses: ./.github/workflows/quality_checks.yml + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From a739f9a97e38cffb709df128171e34af0971a001 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 14:20:46 +0000 Subject: [PATCH 40/42] Maybe fixed? --- .github/workflows/ci.yml | 4 +++- .github/workflows/pull_request.yml | 8 ++++---- .github/workflows/release.yml | 8 ++++---- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c7b36599..ea85c624 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,9 @@ jobs: uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - + with: + node_version: "20" + get_commit_id: runs-on: ubuntu-latest outputs: diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index eb874747..fa144ccd 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -9,12 +9,12 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-000-dev - with: - node_version: "20" + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - + with: + node_version: "20" + pr_title_format_check: uses: ./.github/workflows/pr_title_check.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 15feb763..f15f344b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,12 +8,12 @@ env: jobs: quality_checks: - uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@aea-000-dev - with: - node_version: "20" + uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - + with: + node_version: "20" + get_commit_id: runs-on: ubuntu-latest outputs: From d0a7afe342b49b299f76f955db8a49ea88e99625 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Tue, 17 Sep 2024 14:21:39 +0000 Subject: [PATCH 41/42] Remove unnecessary yaml file --- .github/workflows/quality_checks.yml | 88 ---------------------------- 1 file changed, 88 deletions(-) delete mode 100644 .github/workflows/quality_checks.yml diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml deleted file mode 100644 index b85279f1..00000000 --- a/.github/workflows/quality_checks.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: quality checks - -on: - workflow_call: - secrets: - SONAR_TOKEN: - required: true - -jobs: - quality_checks: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ env.BRANCH_NAME }} - fetch-depth: 0 - - # using git commit sha for version of action to ensure we have stable version - - name: Install asdf - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.14.1 - - - name: Cache asdf - uses: actions/cache@v4 - with: - path: | - ~/.asdf - key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} - restore-keys: | - ${{ runner.os }}-asdf- - - - name: Install asdf dependencies in .tool-versions - uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 - with: - asdf_branch: v0.14.1 - env: - PYTHON_CONFIGURE_OPTS: --enable-shared - - - name: Setting up .npmrc - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc - echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc - - - name: make install - run: | - make install - - - name: Generate and check SBOMs - uses: NHSDigital/eps-action-sbom@npm20_version - - - name: Upload SBOMs - uses: actions/upload-artifact@v3 - with: - name: SBOMS - path: '**/*sbom*.json' - - - name: run check-licenses - run: make check-licenses - - - name: run lint - run: make lint - - - name: run unit tests - run: make test - - - name: Run cfn-guard - run: make cfn-guard - - - name: show cfn-guard output - if: failure() - run: find cfn_guard_output -type f -print0 | xargs -0 cat - - - uses: actions/upload-artifact@v4 - name: upload cfn_guard_output - if: failure() - with: - name: cfn_guard_output - path: cfn_guard_output - - - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 69d2ca6ac29637109d63b25c18f76ad6745920f7 Mon Sep 17 00:00:00 2001 From: Jim Wild Date: Wed, 18 Sep 2024 10:35:15 +0000 Subject: [PATCH 42/42] Meaningless change to force workflow to update --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index fa144ccd..6b913a7b 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -34,7 +34,7 @@ jobs: // Return issue number if present return context.issue.number; } else { - // Otherwise return issue number from commit + // Otherwise return the issue number from commit return ( await github.rest.repos.listPullRequestsAssociatedWithCommit({ commit_sha: context.sha,