Update minor npm dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@aws-sdk/client-s3 (source)	3.1005.0 → 3.1032.0
@aws-sdk/client-sqs (source)	3.1005.0 → 3.1032.0
@aws-sdk/credential-providers (source)	3.1005.0 → 3.1032.0
@aws-sdk/s3-request-presigner (source)	3.1005.0 → 3.1032.0
@dr.pogodin/csurf (source)	1.16.6 → 1.16.9
@eslint/eslintrc	3.3.3 → 3.3.5
@eslint/js (source)	9.39.2 → 9.39.4
@microsoft/applicationinsights-web	3.3.10 → 3.4.1
@ministryofjustice/hmpps-npm-script-allowlist (source)	0.0.3 → 0.0.4
@sentry/node (source)	10.32.1 → 10.49.0
@types/express-serve-static-core (source)	5.1.0 → 5.1.1
@types/express-session (source)	1.18.2 → 1.19.0
@types/jquery (source)	3.5.33 → 3.5.34
@types/node (source)	24.10.4 → 24.12.2
@types/pg (source)	8.16.0 → 8.20.0
@types/qs (source)	6.14.0 → 6.15.0
@typescript-eslint/eslint-plugin (source)	8.50.0 → 8.58.2
@typescript-eslint/parser (source)	8.50.0 → 8.58.2
body-parser	2.2.1 → 2.2.2
cypress (source)	15.8.1 → 15.14.0
cypress-slow-down	1.3.1 → 1.4.0
dotenv	17.2.3 → 17.4.2
eslint (source)	9.39.2 → 9.39.4
eslint-plugin-cypress	5.2.0 → 5.3.0
eslint-plugin-prettier	5.5.4 → 5.5.5
express-session	1.18.2 → 1.19.0
jest-html-reporter	4.3.0 → 4.4.0
jest-pact	^0.11.0 → ^0.13.0
joi	18.0.2 → 18.1.2
lint-staged	16.2.7 → 16.4.0
moment-timezone (source)	0.6.0 → 0.6.1
nock	14.0.10 → 14.0.12
nodemon (source)	3.1.11 → 3.1.14
prettier (source)	3.7.4 → 3.8.3
redis	5.10.0 → 5.12.1
sass	1.97.1 → 1.99.0
stylelint-scss	6.13.0 → 6.14.0
superagent	10.2.3 → 10.3.0
supertest	7.1.4 → 7.2.2

---

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)

v3.1032.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1031.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1030.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1029.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1028.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1027.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1026.0

Compare Source

Features

• client-s3: Updated list of the valid AWS Region values for the LocationConstraint parameter for general purpose buckets. (229167d)

v3.1025.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1021.0

Compare Source

Bug Fixes

• codegen: sync for adaptive retry throttling detection fix (#​7905) (03f108d)

Features

• client-s3: Add Bucket Metrics configuration support to directory buckets (67ff7cc)

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1015.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1013.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1012.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1011.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1010.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1009.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1008.0

Compare Source

Features

• client-s3: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. (1791028)

v3.1007.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.1006.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

aws/aws-sdk-js-v3 (@​aws-sdk/client-sqs)

v3.1032.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1031.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1030.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1029.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1028.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1027.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1026.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1025.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1021.0

Compare Source

Bug Fixes

• codegen: sync for adaptive retry throttling detection fix (#​7905) (03f108d)

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1015.0

Compare Source

Bug Fixes

• core/protocols: use composite error registry for error handling, revert default error message to "UnknownError" (#​7877) (55f7726)

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1013.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1012.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1011.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1010.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1009.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1008.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1007.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

v3.1006.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-sqs

aws/aws-sdk-js-v3 (@​aws-sdk/credential-providers)

v3.1032.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1031.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1030.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1029.0

Compare Source

3.1029.0(2026-04-10)

New Features

• client-observabilityadmin: CloudWatch Observability Admin adds support for multi-region telemetry evaluation and telemetry enablement rules. (861e172a)
• client-rtbfabric: Adds optional health check configuration for Responder Gateways with ASG Managed Endpoints. When provided, RTB Fabric continuously probes customers' instance IPs and routes traffic only to healthy ones, reducing errors during deployments, scaling events, and instance failures. (3e890437)
• client-ecs: Minor updates to exceptions for completeness (788ab4a6)
• client-devops-agent: Devops Agent now supports associate Splunk, Datadog and custom MCP server to an Agent Space. (44503175)
• client-mediaconvert: Adds support for MV-HEVC video output and clear lead for AV1 DRM output. (812d3dad)
• client-imagebuilder: Image pipelines can now automatically apply tags to images they create. Set the imageTags property when creating or updating your pipelines to get started. (5eb366f5)
• client-sagemaker: Support new SageMaker StartClusterHealthCheck API for on-demand DHC on Hyperpod EKS cluster. Support updated CreateCluster, UpdateCluster, DescribeCluster, BatchAddClusterNodes APIs for flexible instance group on HyperPod cluster (dfcde032)
• client-connect: Conversational Analytics for Email (fd2820f8)

---

For list of updated packages, view updated-packages.md in assets-3.1029.0.zip

v3.1028.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1027.0

Compare Source

3.1027.0(2026-04-08)

New Features

• clients: update client endpoints as of 2026-04-08 (88eb6682)
• client-outposts: Add AWS Outposts APIs to view renewal pricing options and submit renewal requests for Outpost contracts (ba6c2a7e)
• client-ecr: Add UnableToListUpstreamImageReferrersException in ListImageReferrers (459df0bc)
• client-backup: Adding EKS specific backup vault notification types for AWS Backup. (c5badfde)
• client-marketplace-discovery: AWS Marketplace Discovery API provides an interface that enables programmatic access to the AWS Marketplace catalog, including searching and browsing listings, retrieving product details and fulfillment options, and accessing public and private offer pricing and terms. (1523d996)
• client-ivs-realtime: Adds support for Amazon IVS real-time streaming redundant ingest. (1a8caf9e)
• client-medialive: MediaLive is adding support for MediaConnect Router by supporting a new output type called MEDIACONNECT ROUTER. This new output type will provide seamless encrypted transport between your MediaLive channel and MediaConnect Router. (9d257a3f)
• client-drs: This changes adds support for modifying the replication configuration to support data replication using IPv6. (b2cd4452)

---

For list of updated packages, view updated-packages.md in assets-3.1027.0.zip

v3.1026.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1025.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1021.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1015.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1013.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1012.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1011.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1010.0

Compare Source

3.1010.0(2026-03-16)

New Features

• clients: update client endpoints as of 2026-03-16 (6ae1dd8a)
• client-ecs: Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances. (f165f183)
• client-bedrock-agentcore-control: Supporting hosting of public ECR Container Images in AgentCore Runtime (a3ca4b6e)
• client-bedrock: You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations. (e9c8b9ce)
• client-bedrock-agentcore: Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand API (14fb5577)
• middleware-flexible-checksums: allow custom checksums to be used in responses (#​7849) (213defa2)

Tests

• canary: use vitest 4.0.17 in canary tests (#​7848) (bda6c45a)

---

For list of updated packages, view updated-packages.md in assets-3.1010.0.zip

v3.1009.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1008.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1007.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.1006.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

aws/aws-sdk-js-v3 (@​aws-sdk/s3-request-presigner)

v3.1032.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1031.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1030.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1029.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1028.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1027.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1026.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1025.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1021.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.1020.0

Compare Source

Note: Version bump only for package

---

Configuration

📅 Schedule: (in timezone Europe/London)

• Branch creation
  • "after 9am every weekday,before 5pm every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[Kumar Thangavel (kth13)]

LGTM

[atlassian]

🔗 Link your GitHub account to Atlassian

To enable Code Reviewer, please link your GitHub account to your Atlassian account.

Click here to connect your accounts

This is a one-time setup that takes less than a minute.

[atlassian]

🔗 Link your GitHub account to Atlassian

To enable Code Reviewer, please link your GitHub account to your Atlassian account.

Click here to connect your accounts

This is a one-time setup that takes less than a minute.

[atlassian]

🔗 Link your GitHub account to Atlassian

To enable Code Reviewer, please link your GitHub account to your Atlassian account.

Click here to connect your accounts

This is a one-time setup that takes less than a minute.

[atlassian]

🔗 Link your GitHub account to Atlassian

To enable Code Reviewer, please link your GitHub account to your Atlassian account.

Click here to connect your accounts

This is a one-time setup that takes less than a minute.

[atlassian]

🔗 Link your GitHub account to Atlassian

To enable Code Reviewer, please link your GitHub account to your Atlassian account.

Click here to connect your accounts

This is a one-time setup that takes less than a minute.

[atlassian]

🔗 Link your GitHub account to Atlassian

To enable Code Reviewer, please link your GitHub account to your Atlassian account.

Click here to connect your accounts

This is a one-time setup that takes less than a minute.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: hmpps-interventions-ui@0.0.1
npm error Found: @pact-foundation/pact@15.0.1
npm error node_modules/@pact-foundation/pact
npm error   dev @pact-foundation/pact@"^15.0.1" from the root project
npm error
npm error Could not resolve dependency:
npm error peer @pact-foundation/pact@"^16.0.0" from jest-pact@0.13.0
npm error node_modules/jest-pact
npm error   dev jest-pact@"^0.13.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry this command with --force or --legacy-peer-deps to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-04-17T20_11_07_952Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-04-17T20_11_07_952Z-debug-0.log