Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

These dependencies are either deprecated or have replacements available:

Datasource	Name	Replacement PR?
npm	istanbul
npm	mem

Rate-Limited

The following updates are currently rate-limited. To force their creation now, click on a checkbox below.

• Update babel monorepo to v7.28.6 (@babel/core, @babel/traverse)
• Update Node.js to v22.22.0
• Update Yarn to v4.12.0
• Update actions/checkout action to v6
• Update dependency body-parser to v2
• Update dependency brace-expansion to v4
• Update dependency cross-env to v10
• Update dependency debug to v4
• Update dependency eslint to v9
• Update dependency eslint-plugin-mocha to v11
• Update dependency fetch-mock to v12
• Update dependency glob-parent to v6
• Update dependency https-proxy-agent to v7
• Update dependency ini to v6
• Update dependency js-yaml to v4
• Update dependency jwt-decode to v4
• Update dependency mem to v10
• Update dependency minimatch to v10
• Update dependency mocha to v11
• Update dependency nocache to v4
• Update dependency nock to v14
• Update dependency node-fetch to v3
• Update dependency nyc to v17
• Update dependency otp to v2
• Update dependency pa11y to v9
• Update dependency sinon to v21
• Update dependency sinon-chai to v4
• Update dependency supertest to v7
• Update dependency ws to v8
• Update Node.js to v24
• Update stefanzweifel/git-auto-commit-action action to v7
• Update tibdex/github-app-token action to v2
• 🔐 Create all rate-limited PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update dependency js-yaml to v3.14.2 [SECURITY]
• Update dependency qs to v6.14.1 [SECURITY]
• Update dependency form-data to v4 [SECURITY]
• Update dependency @hmcts/properties-volume to v1
• Update dependency applicationinsights to v3
• Update dependency async to v3
• Update dependency chai to v6
• Update dependency chai-http to v5
• Update dependency config to v4
• Update dependency cookie to v1
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• Update dependency http-proxy-middleware to v2 [SECURITY]
• Update dependency ansi-regex to v6

Detected Dependencies

docker-compose (1)

docker-compose.yml

dockerfile (1)

Dockerfile (2)

• hmctspublic.azurecr.io/base/node 18-alpine
• hmctspublic.azurecr.io/base/node 18-alpine

github-actions (2)

.github/workflows/auto-suppress-CVEs.yml (3)

• tibdex/github-app-token v1 → [Updates: v2]
• actions/checkout v3 → [Updates: v6]
• stefanzweifel/git-auto-commit-action v4 → [Updates: v7]

.github/workflows/scheduled-dummy-commit.yml (3)

• tibdex/github-app-token v1 → [Updates: v2]
• actions/checkout v3 → [Updates: v6]
• stefanzweifel/git-auto-commit-action v4 → [Updates: v7]

helm-values (1)

charts/ccd-api-gateway-web/values.yaml

helmv3 (1)

charts/ccd-api-gateway-web/Chart.yaml (1)

• nodejs 3.2.0

npm (1)

package.json (71)

• @hmcts/nodejs-healthcheck ^1.8.0
• @hmcts/nodejs-logging ^4.0.4
• @hmcts/properties-volume ^0.0.14 → [Updates: ^1.0.0]
• applicationinsights 2.9.8 → [Updates: 3.13.0]
• body-parser ^1.20.1 → [Updates: ^2.0.0]
• brace-expansion ^1.1.12 → [Updates: ^4.0.0]
• config ^3.3.7 → [Updates: ^4.0.0]
• cookie ^0.7.0 → [Updates: ^1.0.0]
• cookie-parser ~1.4.3
• cross-env ^5.2.1 → [Updates: ^10.0.0]
• debug ~2.6.3 → [Updates: ~4.4.0]
• dont-sniff-mimetype ^1.1.0
• express ^5.0.0
• form-data ^2.1.4 → [Updates: ^4.0.0]
• formidable ^3.5.4
• handlebars ^4.7.7
• http-proxy-middleware ^0.20.0 → [Updates: ^2.0.0]
• https-proxy-agent ^2.2.3 → [Updates: ^7.0.0]
• js-yaml ^3.13.1 → [Updates: ^4.0.0]
• jwt-decode ^2.2.0 → [Updates: ^4.0.0]
• lodash ^4.17.21
• mem ^6.0.0 → [Updates: ^10.0.0]
• nocache ^2.1.0 → [Updates: ^4.0.0]
• node-cache ^5.1.0
• node-fetch ^2.6.7 → [Updates: ^3.0.0]
• nyc ^15.1.0 → [Updates: ^17.0.0]
• or ^0.2.0
• otp ^0.1.3 → [Updates: ^2.0.0]
• chai ^4.0.2 → [Updates: ^6.0.0]
• chai-http ^4.2.1 → [Updates: ^5.0.0]
• eslint ^6.5.1 → [Updates: ^9.0.0]
• eslint-plugin-mocha ^6.1.1 → [Updates: ^11.0.0]
• fetch-mock ^6.5.2 → [Updates: ^12.0.0]
• git-message ^2.0.2
• istanbul ^0.4.5
• jsonwebtoken ^9.0.0
• mocha ^5.2.0 → [Updates: ^11.0.0]
• moment ^2.29.4
• nock ^13.3.2 → [Updates: ^14.0.0]
• pa11y ^8.0.0 → [Updates: ^9.0.0]
• proxyquire ^2.0.1
• should ^13.2.3
• should-http ^0.1.0
• sinon 4.5.0 → [Updates: 21.0.1]
• sinon-chai ^2.11.0 → [Updates: ^4.0.0]
• sinon-express-mock ^2.0.0
• sonar-scanner ^3.1.0
• supertest ^6.3.3 → [Updates: ^7.0.0]
• node ^22.0.0 → [Updates: ^24.0.0]
• js-yaml 3.14.1 → [Updates: 3.14.2]
• lodash ^4.17.21
• handlebars ^4.7.7
• mem ^6.0.0 → [Updates: ^10.0.0]
• minimist ^1.2.6
• ini ^1.3.7 → [Updates: ^6.0.0]
• glob-parent ^5.1.2 → [Updates: ^6.0.0]
• ws ^6.2.2 → [Updates: ^8.0.0]
• ansi-regex ^5.0.1 → [Updates: ^6.0.0]
• follow-redirects ^1.15.6
• moment ^2.29.4
• async ^2.6.4 → [Updates: ^3.0.0]
• minimatch ^3.0.5 → [Updates: ^10.0.0]
• json5 ^2.2.2
• cookiejar ^2.1.4
• qs ^6.10.3 → [Updates: ^6.10.3]
• @babel/traverse 7.28.5 → [Updates: 7.28.6]
• @babel/core ^7.28.5 → [Updates: ^7.28.5]
• micromatch ^4.0.8
• braces ^3.0.3
• brace-expansion ^1.1.12 → [Updates: ^4.0.0]
• yarn 4.9.3 → [Updates: 4.12.0]

nvm (1)

.nvmrc (1)

• node 22.18.0 → [Updates: 22.22.0, 24.13.0]

renovate-config-presets (1)

.github/renovate.json

terraform (2)

infrastructure/main.tf

infrastructure/state.tf (1)

• azurerm ~> 4.0

terraform-version (1)

infrastructure/.terraform-version (1)

• hashicorp/terraform 1.14.3

---

• Check this box to trigger a request for Renovate to run again on this repository