Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Deprecations / Replacements

Warning

The following dependencies are either deprecated or have replacements available.

Datasource	Package	Replacement PR?
npm	@types/autobind-decorator
npm	@types/config
npm	@types/copy-webpack-plugin
npm	@types/glob
npm	@types/mini-css-extract-plugin
npm	@types/uuid
npm	@types/webpack-dev-middleware
npm	csurf

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• Update dependency @sonar/scan to v4.3.6
• Update dependency axios to v1.15.2
• Update dependency hashicorp/terraform to v1.14.9
• Update dependency html-webpack-plugin to v5.6.7
• Update dependency nanoid to v5.1.9
• Update dependency postcss to v8.5.10
• Update nodejs Docker tag to v3.2.1
• Update dependency @hmcts/properties-volume to v1.4.0
• Update dependency @types/express-session to v1.19.0
• Update dependency node-gyp to v12.3.0
• Update dependency sass to v1.99.0
• Update dependency superagent to v10.3.0
• Update dependency terser-webpack-plugin to v5.4.0
• Update dependency typescript to v5.9.3
• Update dependency webpack to v5.106.2
• Update dependency ws to v8.20.0
• Update Node.js to v22.22.2
• Update Terraform azurerm to v4.69.0
• Update uppy monorepo (@uppy/core, @uppy/drop-target, @uppy/file-input, @uppy/progress-bar, @uppy/xhr-upload)
• Update webdriverio monorepo to v9.27.0 (@wdio/sauce-service, webdriverio)
• Update Yarn to v4.14.1
• Update actions/checkout action to v6
• Update actions/setup-node action to v6
• Update dependency @azure/msal-node to v5
• Update dependency @types/glob to v9
• Update dependency @types/jest to v30
• Update dependency @types/multer to v2
• Update dependency @types/uuid to v11
• Update dependency applicationinsights to v3
• Update dependency chai to v6
• Update dependency chokidar to v5
• Update dependency compressing to v2
• Update dependency config to v4 (config, @types/config)
• Update dependency connect-redis to v9
• Update dependency copy-webpack-plugin to v14
• Update dependency diff to v9
• Update dependency eslint to v10
• Update dependency eslint-plugin-jest to v29
• Update dependency express-rate-limit to v8
• Update dependency got to v15
• Update dependency govuk-frontend to v6
• Update dependency helmet to v8
• Update dependency jest-extended to v7
• Update dependency otplib to v13
• Update dependency path-to-regexp to v8
• Update dependency send to v1
• Update dependency test-exclude to v8
• Update dependency typescript to v6
• Update dependency webpack-cli to v7
• Update dependency webpack-dev-middleware to v8
• Update Node.js to v24 (node, @types/node)
• Update uppy monorepo (major) (@uppy/core, @uppy/drop-target, @uppy/xhr-upload)
• 🔐 Create all awaiting schedule PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• Update dependency basic-ftp to v5.3.0 [SECURITY]
• Update dependency uuid to v14 [SECURITY]
• Update dependency @types/autobind-decorator to v2.1.4
• Update dependency @types/copy-webpack-plugin to v10.1.3
• Update dependency @types/express to v4.17.25
• Update dependency eslint-plugin-import to v2.32.0
• Update dependency govuk-frontend to v5.14.0
• Update dependency path-to-regexp to ^0.2.0
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• Update dependency express to v5 (express, @types/express)
• Update dependency jwt-decode to v4
• Update typescript-eslint monorepo to v8 (major) (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)

Detected Dependencies

docker-compose (1)

docker-compose.yml

dockerfile (1)

Dockerfile (1)

• hmctsprod.azurecr.io/base/node 22-alpine

github-actions (1)

.github/workflows/checks.yml (3)

• actions/checkout v4 → [Updates: v6]
• actions/setup-node v4 → [Updates: v6]
• node 20 → [Updates: 24]

helm-values (1)

charts/sptribs-frontend/values.yaml

helmv3 (1)

charts/sptribs-frontend/Chart.yaml (1)

• nodejs 3.2.0 → [Updates: 3.2.1]

npm (1)

package.json (158)

• @hmcts/cookie-manager ^1.0.0
• @hmcts/frontend ^0.0.50-alpha
• @hmcts/nodejs-healthcheck ^1.8.0
• @hmcts/nodejs-logging ^4.0.4
• @hmcts/properties-volume ^1.0.0 → [Updates: ^1.0.0]
• @types/autobind-decorator ^2.1.0 → [Updates: ^2.1.0]
• @types/config ^3.0.0 → [Updates: ^4.0.0]
• @types/cookie-parser ^1.4.2
• @types/csurf ^1.11.4
• @types/es6-promisify ^6.0.3
• @types/express ^4.17.20 → [Updates: ^4.17.20, ^5.0.0]
• @types/express-session ^1.17.4 → [Updates: ^1.17.4]
• @types/glob ^8.0.0 → [Updates: ^9.0.0]
• @types/lodash ^4.14.201
• @types/multer ^1.4.7 → [Updates: ^2.0.0]
• @types/negotiator ^0.6.1
• @types/node ^22.0.0 → [Updates: ^24.0.0]
• @types/nunjucks ^3.2.1
• @types/require-directory ^2.1.4
• @types/serve-favicon ^2.5.3
• @types/session-file-store ^1.2.5
• @types/toobusy-js ^0.5.2
• @types/uuid ^10.0.0 → [Updates: ^11.0.0]
• @uppy/core ^4.0.0 → [Updates: ^4.0.0, ^5.0.0]
• @uppy/drop-target ^3.0.0 → [Updates: ^3.0.0, ^4.0.0]
• @uppy/file-input ^4.0.0 → [Updates: ^4.0.0]
• @uppy/progress-bar ^4.0.0 → [Updates: ^4.0.0]
• @uppy/xhr-upload ^4.0.0 → [Updates: ^4.0.0, ^5.0.0]
• applicationinsights 2.9.8 → [Updates: 3.14.0]
• autobind-decorator ^2.4.0
• axios ^1.12.0
• config ^3.3.7 → [Updates: ^4.0.0]
• connect-redis ^8.0.3 → [Updates: ^9.0.0]
• cookie-parser ^1.4.5
• cors ^2.8.5
• csurf ^1.11.0
• dayjs ^1.11.1
• email-validator ^2.0.4
• express ^4.20.0 → [Updates: ^5.0.0]
• express-fileupload ^1.3.1
• express-http-proxy ^2.0.0
• express-rate-limit ^7.4.0 → [Updates: ^8.0.0]
• express-session ^1.18.2
• follow-redirects ^1.15.6
• form-data ^4.0.0
• glob ^13.0.0
• govuk-frontend ^5.10.0 → [Updates: ^5.10.0, ^6.0.0]
• helmet ^4.6.0 → [Updates: ^8.0.0]
• http-status-codes ^2.2.0
• js-yaml ^4.1.0
• jwt-decode ^3.1.2 → [Updates: ^4.0.0]
• kill ^0.0.2
• kill-port 2.0.1
• lodash ^4.17.21
• negotiator ^1.0.0
• nunjucks ^3.2.4
• otplib ^12.0.1 → [Updates: ^13.0.0]
• redis ^5.0.1
• require-directory ^2.1.1
• serve-favicon ^2.5.0
• session-file-store ^1.5.0
• terser-webpack-plugin ^5.3.10 → [Updates: ^5.3.10]
• toobusy-js ^0.5.1
• ts-node ^10.4.0
• tsconfig-paths ^4.0.0
• typescript ^5.0.0 → [Updates: ^5.0.0, ^6.0.0]
• uuid ^11.0.0 → [Updates: ^14.0.0]
• @babel/core ^7.23.2
• @babel/eslint-parser ^7.22.15
• @babel/preset-env ^7.23.2
• @babel/preset-typescript ^7.23.2
• @sonar/scan ^4.3.4 → [Updates: ^4.3.4]
• @types/copy-webpack-plugin ^10.1.0 → [Updates: ^10.1.0]
• @types/cors ^2.8.17
• @types/jest ^29.5.4 → [Updates: ^30.0.0]
• @types/mini-css-extract-plugin ^2.5.1
• @types/webpack-dev-middleware ^5.3.0
• @typescript-eslint/eslint-plugin ^6.0.0 → [Updates: ^8.0.0]
• @typescript-eslint/parser ^6.0.0 → [Updates: ^8.0.0]
• @wdio/sauce-service ^9.24.0 → [Updates: ^9.24.0]
• allure-commandline ^2.36.0
• ansi-regex ^6.0.0
• axios-debug-log ^1.0.0
• babel-loader ^10.0.0
• chai ^5.0.0 → [Updates: ^6.0.0]
• chai-as-promised ^8.0.0
• concurrently ^9.0.0
• copy-webpack-plugin ^13.0.0 → [Updates: ^14.0.0]
• css-loader ^7.0.0
• decode-uri-component ^0.4.0
• eslint ^8.0.0 → [Updates: ^10.0.0]
• eslint-config-prettier ^10.0.0
• eslint-plugin-import ^2.27.5 → [Updates: ^2.27.5]
• eslint-plugin-jest ^28.11.0 → [Updates: ^29.0.0]
• eslint-plugin-prettier ^5.0.0
• html-webpack-plugin ^5.5.3 → [Updates: ^5.5.3]
• http-cache-semantics ^4.1.1
• husky ^9.0.0
• jest ^30.2.0
• jest-extended ^4.0.2 → [Updates: ^7.0.0]
• lint-staged ^16.0.0
• mini-css-extract-plugin ^2.7.6
• mocha-junit-reporter ^2.0.0
• mocha-multi ^1.1.6
• mochawesome 7.1.4
• moment ^2.29.3
• nodemon ^3.0.0
• npm-run-all2 ^8.0.0
• pa11y ^9.1.0
• postcss ^8.4.31 → [Updates: ^8.4.31]
• prettier ^3.0.0
• sass ^1.88.0 → [Updates: ^1.88.0]
• sass-loader ^16.0.0
• semver ^7.5.2
• style-loader ^4.0.0
• ts-jest ^29.4.6
• ts-loader ^9.2.6
• uglifyjs-webpack-plugin ^2.2.0
• webdriverio ^9.24.0 → [Updates: ^9.24.0]
• webpack ^5.85.0 → [Updates: ^5.85.0]
• webpack-cli ^6.0.0 → [Updates: ^7.0.0]
• webpack-dev-middleware ^7.0.0 → [Updates: ^8.0.0]
• webpack-node-externals ^3.0.0
• node >=18.16.0
• @azure/msal-node ^3.0.0 → [Updates: ^5.0.0]
• @babel/traverse ^7.23.2
• @tootallnate/once ^3.0.1
• axios 1.15.0 → [Updates: 1.15.2]
• basic-ftp ^5.2.0 → [Updates: ^5.2.0]
• bfj ^9.1.3
• bn.js ^5.2.3
• brace-expansion ^5.0.0
• chokidar ^4.0.0 → [Updates: ^5.0.0]
• cookie ^1.0.0
• compressing ^1.10.3 → [Updates: ^2.0.0]
• cross-spawn ^7.0.5
• diff ^8.0.2 → [Updates: ^9.0.0]
• follow-redirects ^1.15.6
• formidable ^3.5.4
• got ^14.0.0 → [Updates: ^15.0.0]
• html-minifier-terser ^7.2.0
• js-yaml ^4.1.1
• minimatch ^10.2.3
• nanoid ^5.0.0 → [Updates: ^5.0.0]
• node-gyp ^12.2.0 → [Updates: ^12.2.0]
• path-to-regexp ^0.1.13 → [Updates: ^0.2.0, ^8.0.0]
• postcss ^8.4.31 → [Updates: ^8.4.31]
• semver ^7.5.2
• send ^0.19.0 → [Updates: ^1.0.0]
• serialize-javascript ^7.0.3
• superagent ^10.2.2 → [Updates: ^10.2.2]
• tar-fs ^3.0.9
• test-exclude ^7.0.1 → [Updates: ^8.0.0]
• express ^4.22.0 → [Updates: ^5.0.0]
• qs ^6.14.2
• validator ^13.15.22
• ws ^8.18.2 → [Updates: ^8.18.2]
• yarn 4.10.3 → [Updates: 4.14.1]

nvm (1)

.nvmrc (1)

• node 22.15.0 → [Updates: 22.22.2, 24.15.0]

renovate-config-presets (1)

.github/renovate.json

terraform (3)

infrastructure/main.tf

infrastructure/state.tf (1)

• azurerm 4.28.0 → [Updates: 4.69.0]

infrastructure/versions.tf (1)

• hashicorp/terraform >= 0.13

terraform-version (1)

infrastructure/.terraform-version (1)

• hashicorp/terraform 1.14.8 → [Updates: 1.14.9]

---

• Check this box to trigger a request for Renovate to run again on this repository