From 7d283db19046fb0b102cdf3ecdf609b218eeb1af Mon Sep 17 00:00:00 2001
From: Gemma Talbot <gemma.talbot@solirius.com>
Date: Wed, 13 Nov 2024 15:59:12 +0000
Subject: [PATCH 01/15] add wait

---
 test/browser/2-0-additional-evidence.cy.test.ts | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/browser/2-0-additional-evidence.cy.test.ts b/test/browser/2-0-additional-evidence.cy.test.ts
index cd1da2569..39d8fe124 100644
--- a/test/browser/2-0-additional-evidence.cy.test.ts
+++ b/test/browser/2-0-additional-evidence.cy.test.ts
@@ -82,9 +82,8 @@ describe.skip('CY - Additional Evidence @mya @nightly99', function () {
     assignCasePage.verifyLanguage('cy');
     await assignCasePage.fillPostcode('TN32 6PL');
     await assignCasePage.submit();
-
     await page.reload();
-    statusPage.verifyPage();
+    await statusPage.verifyPage();
     await additionalEvidencePage.visitPage();
   });
 

From a691c65985956c901f7c5912b234eeb52dd06751 Mon Sep 17 00:00:00 2001
From: Gemma Talbot <gemma.talbot@solirius.com>
Date: Wed, 13 Nov 2024 16:09:53 +0000
Subject: [PATCH 02/15] add wait

---
 test/browser/2-0-additional-evidence.cy.test.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/browser/2-0-additional-evidence.cy.test.ts b/test/browser/2-0-additional-evidence.cy.test.ts
index 39d8fe124..d75a212be 100644
--- a/test/browser/2-0-additional-evidence.cy.test.ts
+++ b/test/browser/2-0-additional-evidence.cy.test.ts
@@ -83,7 +83,8 @@ describe.skip('CY - Additional Evidence @mya @nightly99', function () {
     await assignCasePage.fillPostcode('TN32 6PL');
     await assignCasePage.submit();
     await page.reload();
-    await statusPage.verifyPage();
+    this.await(10)
+    statusPage.verifyPage();
     await additionalEvidencePage.visitPage();
   });
 

From 3ea14aeac031e8f26b98c758d2d8363b61fedcbb Mon Sep 17 00:00:00 2001
From: Gemma Talbot <gemma.talbot@solirius.com>
Date: Wed, 13 Nov 2024 16:40:33 +0000
Subject: [PATCH 03/15] add semicolon

---
 test/browser/2-0-additional-evidence.cy.test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/browser/2-0-additional-evidence.cy.test.ts b/test/browser/2-0-additional-evidence.cy.test.ts
index d75a212be..3739e26c4 100644
--- a/test/browser/2-0-additional-evidence.cy.test.ts
+++ b/test/browser/2-0-additional-evidence.cy.test.ts
@@ -83,7 +83,7 @@ describe.skip('CY - Additional Evidence @mya @nightly99', function () {
     await assignCasePage.fillPostcode('TN32 6PL');
     await assignCasePage.submit();
     await page.reload();
-    this.await(10)
+    this.await(10);
     statusPage.verifyPage();
     await additionalEvidencePage.visitPage();
   });

From bd46e169f3fe82051562adf05f09ac93eda93c70 Mon Sep 17 00:00:00 2001
From: Gemma Talbot <gemma.talbot@solirius.com>
Date: Wed, 13 Nov 2024 17:32:57 +0000
Subject: [PATCH 04/15] add welsh charges translation

---
 app/common/locale/content.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/common/locale/content.json b/app/common/locale/content.json
index fc4979473..4d4a6d09f 100644
--- a/app/common/locale/content.json
+++ b/app/common/locale/content.json
@@ -1609,6 +1609,7 @@
       "telephone": {
         "title": "Ffoniwch ni",
         "desc": "Siaradwch ag un o’n asiantau dros y ffôn nawr.",
+        "charges": "Gwybodaeth am brisiau galwadau",
         "England": {
           "desc": "Llinell gymorth apeliadau budd-daliadau (Cymru a Lloegr - Siaradwyr Cymraeg)",
           "phone": "Rhif ffôn: 0300 303 5170",

From ed1d8c531bf7934d5812ac02e766022d2875ec78 Mon Sep 17 00:00:00 2001
From: Gemma Talbot <gemma.talbot@solirius.com>
Date: Tue, 19 Nov 2024 15:02:59 +0000
Subject: [PATCH 05/15] add wait

---
 test/browser/2-0-additional-evidence.test.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/browser/2-0-additional-evidence.test.ts b/test/browser/2-0-additional-evidence.test.ts
index 84b50ef4c..a909faa9c 100644
--- a/test/browser/2-0-additional-evidence.test.ts
+++ b/test/browser/2-0-additional-evidence.test.ts
@@ -85,6 +85,7 @@ describe('Additional Evidence @mya @nightly', function () {
 
     await page.reload();
     statusPage.verifyPage();
+    this.await(10);
     await additionalEvidencePage.visitPage();
   });
 

From 050fd1126c5cf5a5eabe641972e26a5fdc6c15d7 Mon Sep 17 00:00:00 2001
From: Katalin Kovacs <katalin.kovacs@solirius.com>
Date: Tue, 26 Nov 2024 10:14:03 +0000
Subject: [PATCH 06/15] Added cookie@npm:1.0.2 and cross-spawn@npm:7.0.6 to
 resolutions

---
 package.json            |  10 +-
 yarn-audit-known-issues |   2 +-
 yarn.lock               | 401 ++++++++++++----------------------------
 3 files changed, 121 insertions(+), 292 deletions(-)

diff --git a/package.json b/package.json
index 861c98116..8417b917d 100644
--- a/package.json
+++ b/package.json
@@ -63,7 +63,7 @@
     "computed-style": "^0.3.0",
     "config": "3.3.9",
     "connect-redis": "^6.1.3",
-    "cookie-parser": "^1.4.3",
+    "cookie-parser": "^1.4.7",
     "copy-webpack-plugin": "^12.0.2",
     "csurf": "^1.10.0",
     "eslint-plugin-mocha": "^10.1.0",
@@ -107,7 +107,7 @@
     "@types/cli-color": "^2.0.2",
     "@types/config": "3.3.0",
     "@types/connect-redis": "^0.0.19",
-    "@types/cookie-parser": "^1.4.1",
+    "@types/cookie-parser": "^1.4.7",
     "@types/joi": "^13.5.2",
     "@types/jquery": "^3.5.29",
     "@types/mocha": "^10.0.0",
@@ -124,7 +124,7 @@
     "chai-http": "^4.3.0",
     "chai-string": "^1.5.0",
     "cli-color": "^2.0.3",
-    "codeceptjs": "^3.6.5",
+    "codeceptjs": "^3.6.7",
     "concurrently": "^7.0.0",
     "cross-env": "^4.0.0",
     "domready": "^1.0.8",
@@ -184,7 +184,9 @@
     "braces": "^3.0.3",
     "ws": "^8.17.1",
     "micromatch": "^4.0.8",
-    "body-parser": "^1.20.3"
+    "body-parser": "^1.20.3",
+    "cookie": "^1.0.2",
+    "cross-spawn": "^7.0.6"
   },
   "typeScriptVersion": "4.8",
   "packageManager": "yarn@3.6.0"
diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
index f46cae9ac..4bf64e365 100755
--- a/yarn-audit-known-issues
+++ b/yarn-audit-known-issues
@@ -1 +1 @@
-{"actions":[],"advisories":{"1096727":{"findings":[{"version":"2.88.2","paths":["promise-request-retry>request","promise-request-retry>coveralls>request"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://security.netapp.com/advisory/ntap-20230413-0007\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","id":1096727,"npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","reported_by":null,"title":"Server-Side Request Forgery in Request","metadata":null,"cves":["CVE-2023-28155"],"access":"public","severity":"moderate","module_name":"request","vulnerable_versions":"<=2.88.2","github_advisory_id":"GHSA-p8p7-x288-28g6","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-03-21T17:47:21.000Z","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"},"1099516":{"findings":[{"version":"3.0.0","paths":["i18next-conv>node-gettext"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-21528\n- https://security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943\n- https://github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js#L113\n- https://github.com/advisories/GHSA-g974-hxvm-x689","created":"2024-09-10T06:30:48.000Z","id":1099516,"npm_advisory_id":null,"overview":"All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.","reported_by":null,"title":"node-gettext vulnerable to Prototype Pollution","metadata":null,"cves":["CVE-2024-21528"],"access":"public","severity":"moderate","module_name":"node-gettext","vulnerable_versions":"<=3.0.0","github_advisory_id":"GHSA-g974-hxvm-x689","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-09-10T15:52:57.000Z","cvss":{"score":5.9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-g974-hxvm-x689"},"1099846":{"findings":[{"version":"0.4.1","paths":["cookie-parser>cookie"]}],"found_by":null,"deleted":null,"references":"- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x\n- https://github.com/jshttp/cookie/pull/167\n- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c\n- https://github.com/advisories/GHSA-pxg6-pf52-xh8x","created":"2024-10-04T20:31:00.000Z","id":1099846,"npm_advisory_id":null,"overview":"### Impact\n\nThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize(\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a\", value)` would result in `\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test\"`, setting `userName` cookie to `<script>` and ignoring `value`.\n\nA similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.\n\n### Patches\n\nUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.\n\n### Workarounds\n\nAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.\n\n### References\n\n* https://github.com/jshttp/cookie/pull/167","reported_by":null,"title":"cookie accepts cookie name, path, and domain with out of bounds characters","metadata":null,"cves":["CVE-2024-47764"],"access":"public","severity":"low","module_name":"cookie","vulnerable_versions":"<0.7.0","github_advisory_id":"GHSA-pxg6-pf52-xh8x","recommendation":"Upgrade to version 0.7.0 or later","patched_versions":">=0.7.0","updated":"2024-10-04T20:31:01.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-74"],"url":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":1,"moderate":3,"high":0,"critical":0},"dependencies":435,"devDependencies":96,"optionalDependencies":0,"totalDependencies":531}}
+{"actions":[],"advisories":{"1096727":{"findings":[{"version":"2.88.2","paths":["promise-request-retry>request","promise-request-retry>coveralls>request"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://security.netapp.com/advisory/ntap-20230413-0007\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","id":1096727,"npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","reported_by":null,"title":"Server-Side Request Forgery in Request","metadata":null,"cves":["CVE-2023-28155"],"access":"public","severity":"moderate","module_name":"request","vulnerable_versions":"<=2.88.2","github_advisory_id":"GHSA-p8p7-x288-28g6","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-03-21T17:47:21.000Z","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"},"1100531":{"findings":[{"version":"3.0.0","paths":["i18next-conv>node-gettext"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-21528\n- https://security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943\n- https://github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js#L113\n- https://github.com/advisories/GHSA-g974-hxvm-x689","created":"2024-09-10T06:30:48.000Z","id":1100531,"npm_advisory_id":null,"overview":"All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.","reported_by":null,"title":"node-gettext vulnerable to Prototype Pollution","metadata":null,"cves":["CVE-2024-21528"],"access":"public","severity":"high","module_name":"node-gettext","vulnerable_versions":"<=3.0.0","github_advisory_id":"GHSA-g974-hxvm-x689","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-11-18T16:27:11.000Z","cvss":{"score":5.9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-g974-hxvm-x689"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":2,"high":1,"critical":0},"dependencies":440,"devDependencies":96,"optionalDependencies":0,"totalDependencies":536}}
diff --git a/yarn.lock b/yarn.lock
index 74d091a63..eb8e3e0ea 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1572,13 +1572,13 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@codeceptjs/detox-helper@npm:1.0.8":
-  version: 1.0.8
-  resolution: "@codeceptjs/detox-helper@npm:1.0.8"
+"@codeceptjs/detox-helper@npm:1.1.2":
+  version: 1.1.2
+  resolution: "@codeceptjs/detox-helper@npm:1.1.2"
   dependencies:
     detox: 20.18.1
     react-native: ^0.73.4
-  checksum: 75938eed3351f827c4a8b977463a6f42076c6eaf7aa2e1db421015cf86443a3b4de89641938942bb105dbc71b137e258ec1a38b9d0138d15fae8675fae10ce27
+  checksum: 4d9c97c926d375da2cfda2b81c78346ab8458d22ae72b61c7eb6032369c478a5751c86752316050d61ee237c97efc09fc95adfb15e27679426d474abd823eb67
   languageName: node
   linkType: hard
 
@@ -2128,30 +2128,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@puppeteer/browsers@npm:1.3.0":
-  version: 1.3.0
-  resolution: "@puppeteer/browsers@npm:1.3.0"
-  dependencies:
-    debug: 4.3.4
-    extract-zip: 2.0.1
-    http-proxy-agent: 5.0.0
-    https-proxy-agent: 5.0.1
-    progress: 2.0.3
-    proxy-from-env: 1.1.0
-    tar-fs: 2.1.1
-    unbzip2-stream: 1.4.3
-    yargs: 17.7.1
-  peerDependencies:
-    typescript: ">= 4.7.4"
-  peerDependenciesMeta:
-    typescript:
-      optional: true
-  bin:
-    browsers: lib/cjs/main-cli.js
-  checksum: b966546abc56d23e1546a8139a5c10137e7b67c4a7403947518bab27a47a0d8f8a0b30c12108f04014a08e345f7e5d899b174dab3605d46774bd0245295c8789
-  languageName: node
-  linkType: hard
-
 "@puppeteer/browsers@npm:1.9.1, @puppeteer/browsers@npm:^1.6.0":
   version: 1.9.1
   resolution: "@puppeteer/browsers@npm:1.9.1"
@@ -2862,12 +2838,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/cookie-parser@npm:^1.4.1":
-  version: 1.4.2
-  resolution: "@types/cookie-parser@npm:1.4.2"
-  dependencies:
+"@types/cookie-parser@npm:^1.4.7":
+  version: 1.4.8
+  resolution: "@types/cookie-parser@npm:1.4.8"
+  peerDependencies:
     "@types/express": "*"
-  checksum: d5b3c0e193cc95289444306ad396b27b92c9ff1ffd0769268b374d09315c8df1ae94de5fe2a81a79c0629560646763136e15c8a4069d3dc5ba5cb6bc185eaccd
+  checksum: b26ace5560adce1a746c059a75f18227ee3e3614a49c70dd29b8af204696079ced22eaa9d6cb084e3433ec433bff845cb47ffb890ae9af96a4aab2ff85e40da7
   languageName: node
   linkType: hard
 
@@ -3414,33 +3390,33 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@wdio/config@npm:8.39.0":
-  version: 8.39.0
-  resolution: "@wdio/config@npm:8.39.0"
+"@wdio/config@npm:8.40.0":
+  version: 8.40.0
+  resolution: "@wdio/config@npm:8.40.0"
   dependencies:
     "@wdio/logger": 8.38.0
     "@wdio/types": 8.39.0
-    "@wdio/utils": 8.39.0
+    "@wdio/utils": 8.40.0
     decamelize: ^6.0.0
     deepmerge-ts: ^5.0.0
     glob: ^10.2.2
     import-meta-resolve: ^4.0.0
-  checksum: 04549689603d608882c302b717c53aa2a554ccdfc3cda39a11af3089b92d877b5c3cd6d19e8b50af7ed6164cbf74fee9234ed125c69d61eda584d99923ffc3e3
+  checksum: 711e47c2827d801bb51f84631c1fd566f0745c911c96ed1128677030149b337bdca9dddd09082aa499274a527d49420b83c4ffcca96751df066c0cf7d6959c4b
   languageName: node
   linkType: hard
 
-"@wdio/config@npm:8.40.0":
-  version: 8.40.0
-  resolution: "@wdio/config@npm:8.40.0"
+"@wdio/config@npm:8.40.2":
+  version: 8.40.2
+  resolution: "@wdio/config@npm:8.40.2"
   dependencies:
     "@wdio/logger": 8.38.0
     "@wdio/types": 8.39.0
-    "@wdio/utils": 8.40.0
+    "@wdio/utils": 8.40.2
     decamelize: ^6.0.0
     deepmerge-ts: ^5.0.0
     glob: ^10.2.2
     import-meta-resolve: ^4.0.0
-  checksum: 711e47c2827d801bb51f84631c1fd566f0745c911c96ed1128677030149b337bdca9dddd09082aa499274a527d49420b83c4ffcca96751df066c0cf7d6959c4b
+  checksum: 191e3c9b9cda804ad03979e807a4994d7b08dabfb9463ef3519c2b25a7c9bb24c9d753fb41895e7acfdc5d2c71e5d6d7dd1161847abda7a825dcca10c3705ce7
   languageName: node
   linkType: hard
 
@@ -3481,9 +3457,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@wdio/utils@npm:8.39.0":
-  version: 8.39.0
-  resolution: "@wdio/utils@npm:8.39.0"
+"@wdio/utils@npm:8.40.0":
+  version: 8.40.0
+  resolution: "@wdio/utils@npm:8.40.0"
   dependencies:
     "@puppeteer/browsers": ^1.6.0
     "@wdio/logger": 8.38.0
@@ -3498,13 +3474,13 @@ __metadata:
     safaridriver: ^0.1.0
     split2: ^4.2.0
     wait-port: ^1.0.4
-  checksum: f994aab6eb46a49523f8ee7fe2c72f2c6eba3a4d6ad00e38f248f363a9e2d4d1cd98075e425b55e3a0a9156ac5b4b7afa4f29329d45ebb7dc9f4e164cf4720e5
+  checksum: ad1c4360ec35a47ac5719faaf3d4735477289e865e82b3836acc3485b804a2a921b5b3f2860f7bad7db9b4efedda2af7e7f761c8ecb500c5387d3143c481e899
   languageName: node
   linkType: hard
 
-"@wdio/utils@npm:8.40.0":
-  version: 8.40.0
-  resolution: "@wdio/utils@npm:8.40.0"
+"@wdio/utils@npm:8.40.2":
+  version: 8.40.2
+  resolution: "@wdio/utils@npm:8.40.2"
   dependencies:
     "@puppeteer/browsers": ^1.6.0
     "@wdio/logger": 8.38.0
@@ -3519,7 +3495,7 @@ __metadata:
     safaridriver: ^0.1.0
     split2: ^4.2.0
     wait-port: ^1.0.4
-  checksum: ad1c4360ec35a47ac5719faaf3d4735477289e865e82b3836acc3485b804a2a921b5b3f2860f7bad7db9b4efedda2af7e7f761c8ecb500c5387d3143c481e899
+  checksum: d592d482d40822b81d3bc92286dd406e5cf74b1e7e2b0f96efc92e82f39f6952f0131b57059c5fa4479aa2161aaa09ca6e1dc6fded0a3029495ef36c79e0f9ce
   languageName: node
   linkType: hard
 
@@ -4425,14 +4401,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"axios@npm:1.7.2":
-  version: 1.7.2
-  resolution: "axios@npm:1.7.2"
+"axios@npm:1.7.7":
+  version: 1.7.7
+  resolution: "axios@npm:1.7.7"
   dependencies:
     follow-redirects: ^1.15.6
     form-data: ^4.0.0
     proxy-from-env: ^1.1.0
-  checksum: e457e2b0ab748504621f6fa6609074ac08c824bf0881592209dfa15098ece7e88495300e02cd22ba50b3468fd712fe687e629dcb03d6a3f6a51989727405aedf
+  checksum: 882d4fe0ec694a07c7f5c1f68205eb6dc5a62aecdb632cc7a4a3d0985188ce3030e0b277e1a8260ac3f194d314ae342117660a151fabffdc5081ca0b5a8b47fe
   languageName: node
   linkType: hard
 
@@ -5348,17 +5324,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"chromium-bidi@npm:0.4.9":
-  version: 0.4.9
-  resolution: "chromium-bidi@npm:0.4.9"
-  dependencies:
-    mitt: 3.0.0
-  peerDependencies:
-    devtools-protocol: "*"
-  checksum: cb2eea787282634718d1877bc63f00e8be33ce49369852b6e95dfe97a097f051445c8e374617d6433f8c9b578ec2d2d86a9889c152c7a850596cdae9342f81ad
-  languageName: node
-  linkType: hard
-
 "chromium-bidi@npm:0.5.8":
   version: 0.5.8
   resolution: "chromium-bidi@npm:0.5.8"
@@ -5572,12 +5537,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"codeceptjs@npm:^3.6.5":
-  version: 3.6.5
-  resolution: "codeceptjs@npm:3.6.5"
+"codeceptjs@npm:^3.6.7":
+  version: 3.6.7
+  resolution: "codeceptjs@npm:3.6.7"
   dependencies:
     "@codeceptjs/configure": 1.0.1
-    "@codeceptjs/detox-helper": 1.0.8
+    "@codeceptjs/detox-helper": 1.1.2
     "@codeceptjs/helper": 2.0.4
     "@cucumber/cucumber-expressions": 17
     "@cucumber/gherkin": 26
@@ -5585,7 +5550,7 @@ __metadata:
     "@xmldom/xmldom": 0.8.10
     acorn: 8.12.1
     arrify: 2.0.1
-    axios: 1.7.2
+    axios: 1.7.7
     chai: 5.1.1
     chai-deep-match: 1.2.1
     chai-exclude: 2.1.1
@@ -5598,8 +5563,8 @@ __metadata:
     cross-spawn: 7.0.3
     css-to-xpath: 0.1.0
     csstoxpath: 1.6.0
-    devtools: 8.39.1
-    envinfo: 7.11.1
+    devtools: 8.40.2
+    envinfo: 7.14.0
     escape-string-regexp: 4.0.0
     figures: 3.2.0
     fn-args: 4.0.0
@@ -5612,23 +5577,23 @@ __metadata:
     lodash.clonedeep: 4.5.0
     lodash.merge: 4.6.2
     mkdirp: 1.0.4
-    mocha: 10.6.0
-    monocart-coverage-reports: 2.10.0
+    mocha: 10.7.3
+    monocart-coverage-reports: 2.10.3
     ms: 2.1.3
     ora-classic: 5.4.2
-    pactum: 3.6.9
+    pactum: 3.7.1
     parse-function: 5.6.10
     parse5: 7.1.2
     promise-retry: 1.1.1
     resq: 1.11.0
     sprintf-js: 1.1.1
-    uuid: 9.0
+    uuid: 10.0
   dependenciesMeta:
     "@codeceptjs/detox-helper":
       optional: true
   bin:
     codeceptjs: bin/codecept.js
-  checksum: b2c14965ecfa64134e094b791daf7fe1099c94830138de672d757f9af7d80626509ce587dbef3d0258ec0cbf5c24780781838d561de57c2ecb34d043a3be7fe1
+  checksum: 240f41542907e3b674a7c2f12681dc13f1811a0e09cde89580d2c07ab6e43b2f4092d7c4fe381eef9c07e6c623877ef2bbade9bb6eb982a907f9564316fc0b1e
   languageName: node
   linkType: hard
 
@@ -5962,16 +5927,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cookie-parser@npm:^1.4.3":
-  version: 1.4.5
-  resolution: "cookie-parser@npm:1.4.5"
-  dependencies:
-    cookie: 0.4.0
-    cookie-signature: 1.0.6
-  checksum: 09b41e191af8e472229b53468b858a53f64a355b438ecb56a38be2a729b862b8233041e5af102115caebae534d399813ec7270b68a949bba3b987b38555c30b6
-  languageName: node
-  linkType: hard
-
 "cookie-parser@npm:^1.4.5":
   version: 1.4.6
   resolution: "cookie-parser@npm:1.4.6"
@@ -5982,6 +5937,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cookie-parser@npm:^1.4.7":
+  version: 1.4.7
+  resolution: "cookie-parser@npm:1.4.7"
+  dependencies:
+    cookie: 0.7.2
+    cookie-signature: 1.0.6
+  checksum: 243fa13f217e793d20a57675e6552beea08c5989fcc68495d543997a31646875335e0e82d687b42dcfd466df57891d22bae7f5ba6ab33b7705ed2dd6eb989105
+  languageName: node
+  linkType: hard
+
 "cookie-signature@npm:1.0.6":
   version: 1.0.6
   resolution: "cookie-signature@npm:1.0.6"
@@ -5996,24 +5961,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cookie@npm:0.4.0":
-  version: 0.4.0
-  resolution: "cookie@npm:0.4.0"
-  checksum: 760384ba0aef329c52523747e36a452b5e51bc49b34160363a6934e7b7df3f93fcc88b35e33450361535d40a92a96412da870e1816aba9aa6cc556a9fedd8492
-  languageName: node
-  linkType: hard
-
-"cookie@npm:0.4.1":
-  version: 0.4.1
-  resolution: "cookie@npm:0.4.1"
-  checksum: bd7c47f5d94ab70ccdfe8210cde7d725880d2fcda06d8e375afbdd82de0c8d3b73541996e9ce57d35f67f672c4ee6d60208adec06b3c5fc94cebb85196084cf8
-  languageName: node
-  linkType: hard
-
-"cookie@npm:0.6.0":
-  version: 0.6.0
-  resolution: "cookie@npm:0.6.0"
-  checksum: f56a7d32a07db5458e79c726b77e3c2eff655c36792f2b6c58d351fb5f61531e5b1ab7f46987150136e366c65213cbe31729e02a3eaed630c3bf7334635fb410
+"cookie@npm:^1.0.2":
+  version: 1.0.2
+  resolution: "cookie@npm:1.0.2"
+  checksum: 2c5a6214147ffa7135ce41860c781de17e93128689b0d080d3116468274b3593b607bcd462ac210d3a61f081db3d3b09ae106e18d60b1f529580e95cf2db8a55
   languageName: node
   linkType: hard
 
@@ -6177,15 +6128,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cross-fetch@npm:3.1.6":
-  version: 3.1.6
-  resolution: "cross-fetch@npm:3.1.6"
-  dependencies:
-    node-fetch: ^2.6.11
-  checksum: 704b3519ab7de488328cc49a52cf1aa14132ec748382be5b9557b22398c33ffa7f8c2530e8a97ed8cb55da52b0a9740a9791d361271c4591910501682d981d9c
-  languageName: node
-  linkType: hard
-
 "cross-fetch@npm:4.0.0":
   version: 4.0.0
   resolution: "cross-fetch@npm:4.0.0"
@@ -6195,35 +6137,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"cross-spawn@npm:7.0.3, cross-spawn@npm:^7.0.0, cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3":
-  version: 7.0.3
-  resolution: "cross-spawn@npm:7.0.3"
+"cross-spawn@npm:^7.0.6":
+  version: 7.0.6
+  resolution: "cross-spawn@npm:7.0.6"
   dependencies:
     path-key: ^3.1.0
     shebang-command: ^2.0.0
     which: ^2.0.1
-  checksum: 671cc7c7288c3a8406f3c69a3ae2fc85555c04169e9d611def9a675635472614f1c0ed0ef80955d5b6d4e724f6ced67f0ad1bb006c2ea643488fcfef994d7f52
-  languageName: node
-  linkType: hard
-
-"cross-spawn@npm:^4.0.2":
-  version: 4.0.2
-  resolution: "cross-spawn@npm:4.0.2"
-  dependencies:
-    lru-cache: ^4.0.1
-    which: ^1.2.9
-  checksum: 8ce57b3e11c5c798542a21ddfdc1edef33ab6fe001958b31f3340a6ff684e3334a8baad2751efa78b6200aad442cf12b939396d758b0dd5c42c9b782c28fe06e
-  languageName: node
-  linkType: hard
-
-"cross-spawn@npm:^5.1.0":
-  version: 5.1.0
-  resolution: "cross-spawn@npm:5.1.0"
-  dependencies:
-    lru-cache: ^4.0.1
-    shebang-command: ^1.2.0
-    which: ^1.2.9
-  checksum: 726939c9954fc70c20e538923feaaa33bebc253247d13021737c3c7f68cdc3e0a57f720c0fe75057c0387995349f3f12e20e9bfdbf12274db28019c7ea4ec166
+  checksum: 8d306efacaf6f3f60e0224c287664093fa9185680b2d195852ba9a863f85d02dcc737094c6e512175f8ee0161f9b87c73c6826034c2422e39de7d6569cf4503b
   languageName: node
   linkType: hard
 
@@ -6697,13 +6618,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"devtools-protocol@npm:0.0.1120988":
-  version: 0.0.1120988
-  resolution: "devtools-protocol@npm:0.0.1120988"
-  checksum: 68eb7aa6a2fe20f8321168f9381849296b203355a5c052461b7ed95e8787b34458029dd64c8d4a8640d9fd329138a6d82f41237f5331ea4267c090dcbf6581f7
-  languageName: node
-  linkType: hard
-
 "devtools-protocol@npm:0.0.1232444":
   version: 0.0.1232444
   resolution: "devtools-protocol@npm:0.0.1232444"
@@ -6725,25 +6639,25 @@ __metadata:
   languageName: node
   linkType: hard
 
-"devtools@npm:8.39.1":
-  version: 8.39.1
-  resolution: "devtools@npm:8.39.1"
+"devtools@npm:8.40.2":
+  version: 8.40.2
+  resolution: "devtools@npm:8.40.2"
   dependencies:
     "@types/node": ^20.1.0
-    "@wdio/config": 8.39.0
+    "@wdio/config": 8.40.2
     "@wdio/logger": 8.38.0
     "@wdio/protocols": 8.38.0
     "@wdio/types": 8.39.0
-    "@wdio/utils": 8.39.0
+    "@wdio/utils": 8.40.2
     chrome-launcher: ^1.0.0
     edge-paths: ^3.0.5
     import-meta-resolve: ^4.0.0
-    puppeteer-core: 20.3.0
+    puppeteer-core: ^21.11.0
     query-selector-shadow-dom: ^1.0.0
     ua-parser-js: ^1.0.37
-    uuid: ^9.0.0
+    uuid: ^10.0.0
     which: ^4.0.0
-  checksum: 2973bb83f4166e3415ce17492d5fc3641bab00c86a62e030b111929722dfdf7b802f21ad1dd6605a8ea16122a6bbc6e91f5efa28695bf4e8a5a1ecf6ffbc9a16
+  checksum: d6e9b4fd598aa6b20a6a5f0b856cc037e53e5da7df43bb73103d6edda9f75d4e254f6489e9cf4c63f476c6ac52427189799e368e810449c7f6d1314948f8afbf
   languageName: node
   linkType: hard
 
@@ -7080,12 +6994,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"envinfo@npm:7.11.1, envinfo@npm:~7.11.1":
-  version: 7.11.1
-  resolution: "envinfo@npm:7.11.1"
+"envinfo@npm:7.14.0":
+  version: 7.14.0
+  resolution: "envinfo@npm:7.14.0"
   bin:
     envinfo: dist/cli.js
-  checksum: f3d38ab6bc62388466e86e2f5665f90f238ca349c81bb36b311d908cb5ca96650569b43b308c9dcb6725a222693f6c43a704794e74a68fb445ec5575a90ca05e
+  checksum: 137c1dd9a4d5781c4a6cdc6b695454ba3c4ba1829f73927198aa4122f11b35b59d7b2cb7e1ceea1364925a30278897548511d22f860c14253a33797d0bebd551
   languageName: node
   linkType: hard
 
@@ -7098,6 +7012,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"envinfo@npm:~7.11.1":
+  version: 7.11.1
+  resolution: "envinfo@npm:7.11.1"
+  bin:
+    envinfo: dist/cli.js
+  checksum: f3d38ab6bc62388466e86e2f5665f90f238ca349c81bb36b311d908cb5ca96650569b43b308c9dcb6725a222693f6c43a704794e74a68fb445ec5575a90ca05e
+  languageName: node
+  linkType: hard
+
 "err-code@npm:^1.0.0":
   version: 1.1.2
   resolution: "err-code@npm:1.1.2"
@@ -8395,7 +8318,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"foreground-child@npm:^3.1.1":
+"foreground-child@npm:^3.1.1, foreground-child@npm:^3.3.0":
   version: 3.3.0
   resolution: "foreground-child@npm:3.3.0"
   dependencies:
@@ -8405,16 +8328,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"foreground-child@npm:^3.2.1":
-  version: 3.2.1
-  resolution: "foreground-child@npm:3.2.1"
-  dependencies:
-    cross-spawn: ^7.0.0
-    signal-exit: ^4.0.1
-  checksum: 3e2e844d6003c96d70affe8ae98d7eaaba269a868c14d997620c088340a8775cd5d2d9043e6ceebae1928d8d9a874911c4d664b9a267e8995945df20337aebc0
-  languageName: node
-  linkType: hard
-
 "forever-agent@npm:~0.6.1":
   version: 0.6.1
   resolution: "forever-agent@npm:0.6.1"
@@ -9371,7 +9284,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"http-proxy-agent@npm:5.0.0, http-proxy-agent@npm:^5.0.0":
+"http-proxy-agent@npm:^5.0.0":
   version: 5.0.0
   resolution: "http-proxy-agent@npm:5.0.0"
   dependencies:
@@ -11332,16 +11245,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"lru-cache@npm:^4.0.1":
-  version: 4.1.5
-  resolution: "lru-cache@npm:4.1.5"
-  dependencies:
-    pseudomap: ^1.0.2
-    yallist: ^2.1.2
-  checksum: 4bb4b58a36cd7dc4dcec74cbe6a8f766a38b7426f1ff59d4cf7d82a2aa9b9565cd1cb98f6ff60ce5cd174524868d7bc9b7b1c294371851356066ca9ac4cf135a
-  languageName: node
-  linkType: hard
-
 "lru-cache@npm:^5.1.1":
   version: 5.1.1
   resolution: "lru-cache@npm:5.1.1"
@@ -12038,13 +11941,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"mitt@npm:3.0.0":
-  version: 3.0.0
-  resolution: "mitt@npm:3.0.0"
-  checksum: f7be5049d27d18b1dbe9408452d66376fa60ae4a79fe9319869d1b90ae8cbaedadc7e9dab30b32d781411256d468be5538996bb7368941c09009ef6bbfa6bfc7
-  languageName: node
-  linkType: hard
-
 "mitt@npm:3.0.1":
   version: 3.0.1
   resolution: "mitt@npm:3.0.1"
@@ -12101,9 +11997,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"mocha@npm:10.6.0":
-  version: 10.6.0
-  resolution: "mocha@npm:10.6.0"
+"mocha@npm:10.7.3":
+  version: 10.7.3
+  resolution: "mocha@npm:10.7.3"
   dependencies:
     ansi-colors: ^4.1.3
     browser-stdout: ^1.3.1
@@ -12128,7 +12024,7 @@ __metadata:
   bin:
     _mocha: bin/_mocha
     mocha: bin/mocha.js
-  checksum: 3cdb3b3bf2a8fe280222135cda13e62e513225a13730652f81b12b966c2fa6f12ecfc574a37f88daa579d81bd21498a7d78b6d040a821dabb046a764dc261357
+  checksum: 956376dd8c7cd3e4f496ab1b06b7c89673ade2fb7f78704d8fce32b491f6940550eb1e784b7eef617e37fa29257a728df8b5b2b5e34ed7e83a692652290fab3c
   languageName: node
   linkType: hard
 
@@ -12227,9 +12123,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"monocart-coverage-reports@npm:2.10.0":
-  version: 2.10.0
-  resolution: "monocart-coverage-reports@npm:2.10.0"
+"monocart-coverage-reports@npm:2.10.3":
+  version: 2.10.3
+  resolution: "monocart-coverage-reports@npm:2.10.3"
   dependencies:
     "@bcoe/v8-coverage": ^0.2.3
     "@jridgewell/sourcemap-codec": ^1.5.0
@@ -12239,7 +12135,7 @@ __metadata:
     commander: ^12.1.0
     console-grid: ^2.2.2
     eight-colors: ^1.3.0
-    foreground-child: ^3.2.1
+    foreground-child: ^3.3.0
     istanbul-lib-coverage: ^3.2.2
     istanbul-lib-report: ^3.0.1
     istanbul-reports: ^3.1.7
@@ -12247,7 +12143,7 @@ __metadata:
     monocart-locator: ^1.0.2
   bin:
     mcr: lib/cli.js
-  checksum: 742bb8424d380887bd74d3b07de3793625a7db503c96ef4d23aa37a69c0d1067d46e096bc40f37d0a77223bee42a37be4a88d00b9db795e2fde0d83ecd9f4ceb
+  checksum: b77bc644ffb619d7983b1ad1e3b02e822f600b5e95e361d2a3faa22aae5b8559ac4f96eaa4c71a18bf124369275ae340c7333a0fcb337655a0b105f15462a5ae
   languageName: node
   linkType: hard
 
@@ -12544,20 +12440,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"node-fetch@npm:^2.6.11":
-  version: 2.6.11
-  resolution: "node-fetch@npm:2.6.11"
-  dependencies:
-    whatwg-url: ^5.0.0
-  peerDependencies:
-    encoding: ^0.1.0
-  peerDependenciesMeta:
-    encoding:
-      optional: true
-  checksum: 249d0666a9497553384d46b5ab296ba223521ac88fed4d8a17d6ee6c2efb0fc890f3e8091cafe7f9fba8151a5b8d925db2671543b3409a56c3cd522b468b47b3
-  languageName: node
-  linkType: hard
-
 "node-fetch@npm:^3.3.0":
   version: 3.3.1
   resolution: "node-fetch@npm:3.3.1"
@@ -13266,9 +13148,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"pactum@npm:3.6.9":
-  version: 3.6.9
-  resolution: "pactum@npm:3.6.9"
+"pactum@npm:3.7.1":
+  version: 3.7.1
+  resolution: "pactum@npm:3.7.1"
   dependencies:
     "@exodus/schemasafe": ^1.3.0
     deep-override: ^1.0.2
@@ -13281,7 +13163,7 @@ __metadata:
     parse-graphql: ^1.0.0
     phin: ^3.7.0
     polka: ^0.5.2
-  checksum: 6eb57a96276b933fba1a750696ad2c66ae1aa5afd320fbc2f0e13b33db8746264ab8ecdd57bcdadb3a2c4a68a2a8b379730a1f3ef4f5017aa64ac6168426dd71
+  checksum: a5c4f6feadf85be2f79fb4b395e7e8542326c048a1e770f9e1e23a2c04dfee7404c9e336022a733568af87cf880ed5e3f1ac2a8ab963db9f44cd19ad2223bb46
   languageName: node
   linkType: hard
 
@@ -13851,13 +13733,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"pseudomap@npm:^1.0.2":
-  version: 1.0.2
-  resolution: "pseudomap@npm:1.0.2"
-  checksum: 856c0aae0ff2ad60881168334448e898ad7a0e45fe7386d114b150084254c01e200c957cf378378025df4e052c7890c5bd933939b0e0d2ecfcc1dc2f0b2991f5
-  languageName: node
-  linkType: hard
-
 "psl@npm:^1.1.33":
   version: 1.9.0
   resolution: "psl@npm:1.9.0"
@@ -13914,25 +13789,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"puppeteer-core@npm:20.3.0":
-  version: 20.3.0
-  resolution: "puppeteer-core@npm:20.3.0"
-  dependencies:
-    "@puppeteer/browsers": 1.3.0
-    chromium-bidi: 0.4.9
-    cross-fetch: 3.1.6
-    debug: 4.3.4
-    devtools-protocol: 0.0.1120988
-    ws: 8.13.0
-  peerDependencies:
-    typescript: ">= 4.7.4"
-  peerDependenciesMeta:
-    typescript:
-      optional: true
-  checksum: df0b0e249c100d7985b23bca56df6f50e970540f61e6bd80341aff88a9097230185d349a37375954db0de8149d6c64f21823841df6a773ccd18dca7b9a81f938
-  languageName: node
-  linkType: hard
-
 "puppeteer-core@npm:22.15.0":
   version: 22.15.0
   resolution: "puppeteer-core@npm:22.15.0"
@@ -15118,15 +14974,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"shebang-command@npm:^1.2.0":
-  version: 1.2.0
-  resolution: "shebang-command@npm:1.2.0"
-  dependencies:
-    shebang-regex: ^1.0.0
-  checksum: 9eed1750301e622961ba5d588af2212505e96770ec376a37ab678f965795e995ade7ed44910f5d3d3cb5e10165a1847f52d3348c64e146b8be922f7707958908
-  languageName: node
-  linkType: hard
-
 "shebang-command@npm:^2.0.0":
   version: 2.0.0
   resolution: "shebang-command@npm:2.0.0"
@@ -15136,13 +14983,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"shebang-regex@npm:^1.0.0":
-  version: 1.0.0
-  resolution: "shebang-regex@npm:1.0.0"
-  checksum: 404c5a752cd40f94591dfd9346da40a735a05139dac890ffc229afba610854d8799aaa52f87f7e0c94c5007f2c6af55bdcaeb584b56691926c5eaf41dc8f1372
-  languageName: node
-  linkType: hard
-
 "shebang-regex@npm:^3.0.0":
   version: 3.0.0
   resolution: "shebang-regex@npm:3.0.0"
@@ -15463,7 +15303,7 @@ __metadata:
     "@types/cli-color": ^2.0.2
     "@types/config": 3.3.0
     "@types/connect-redis": ^0.0.19
-    "@types/cookie-parser": ^1.4.1
+    "@types/cookie-parser": ^1.4.7
     "@types/express": ^4.17.21
     "@types/express-serve-static-core": ^4.19.5
     "@types/joi": ^13.5.2
@@ -15486,12 +15326,12 @@ __metadata:
     chokidar: ^3.5.3
     cli-color: ^2.0.3
     cliui: ^8.0.1
-    codeceptjs: ^3.6.5
+    codeceptjs: ^3.6.7
     computed-style: ^0.3.0
     concurrently: ^7.0.0
     config: 3.3.9
     connect-redis: ^6.1.3
-    cookie-parser: ^1.4.3
+    cookie-parser: ^1.4.7
     copy-webpack-plugin: ^12.0.2
     cross-env: ^4.0.0
     csurf: ^1.10.0
@@ -16958,12 +16798,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"uuid@npm:9.0, uuid@npm:9.0.1":
-  version: 9.0.1
-  resolution: "uuid@npm:9.0.1"
+"uuid@npm:10.0, uuid@npm:^10.0.0":
+  version: 10.0.0
+  resolution: "uuid@npm:10.0.0"
   bin:
     uuid: dist/bin/uuid
-  checksum: 39931f6da74e307f51c0fb463dc2462807531dc80760a9bff1e35af4316131b4fc3203d16da60ae33f07fdca5b56f3f1dd662da0c99fea9aaeab2004780cc5f4
+  checksum: 4b81611ade2885d2313ddd8dc865d93d8dccc13ddf901745edca8f86d99bc46d7a330d678e7532e7ebf93ce616679fb19b2e3568873ac0c14c999032acb25869
   languageName: node
   linkType: hard
 
@@ -16976,6 +16816,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"uuid@npm:9.0.1":
+  version: 9.0.1
+  resolution: "uuid@npm:9.0.1"
+  bin:
+    uuid: dist/bin/uuid
+  checksum: 39931f6da74e307f51c0fb463dc2462807531dc80760a9bff1e35af4316131b4fc3203d16da60ae33f07fdca5b56f3f1dd662da0c99fea9aaeab2004780cc5f4
+  languageName: node
+  linkType: hard
+
 "uuid@npm:^3.0.1, uuid@npm:^3.3.2":
   version: 3.4.0
   resolution: "uuid@npm:3.4.0"
@@ -17342,7 +17191,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"which@npm:^1.2.9, which@npm:^1.3.1":
+"which@npm:^1.3.1":
   version: 1.3.1
   resolution: "which@npm:1.3.1"
   dependencies:
@@ -17546,13 +17395,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"yallist@npm:^2.1.2":
-  version: 2.1.2
-  resolution: "yallist@npm:2.1.2"
-  checksum: 9ba99409209f485b6fcb970330908a6d41fa1c933f75e08250316cce19383179a6b70a7e0721b89672ebb6199cc377bf3e432f55100da6a7d6e11902b0a642cb
-  languageName: node
-  linkType: hard
-
 "yallist@npm:^3.0.2":
   version: 3.1.1
   resolution: "yallist@npm:3.1.1"
@@ -17641,21 +17483,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"yargs@npm:17.7.1":
-  version: 17.7.1
-  resolution: "yargs@npm:17.7.1"
-  dependencies:
-    cliui: ^8.0.1
-    escalade: ^3.1.1
-    get-caller-file: ^2.0.5
-    require-directory: ^2.1.1
-    string-width: ^4.2.3
-    y18n: ^5.0.5
-    yargs-parser: ^21.1.1
-  checksum: 3d8a43c336a4942bc68080768664aca85c7bd406f018bad362fd255c41c8f4e650277f42fd65d543fce99e084124ddafee7bbfc1a5c6a8fda4cec78609dcf8d4
-  languageName: node
-  linkType: hard
-
 "yargs@npm:17.7.2, yargs@npm:^17.0.0, yargs@npm:^17.2.1, yargs@npm:^17.3.1, yargs@npm:^17.6.2, yargs@npm:^17.7.2":
   version: 17.7.2
   resolution: "yargs@npm:17.7.2"

From dd0871a813b6a4c20f3fbdab1f5788041db71820 Mon Sep 17 00:00:00 2001
From: Katalin Kovacs <katalin.kovacs@solirius.com>
Date: Tue, 26 Nov 2024 15:33:25 +0000
Subject: [PATCH 07/15] Removed wait

---
 test/browser/2-0-additional-evidence.test.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/browser/2-0-additional-evidence.test.ts b/test/browser/2-0-additional-evidence.test.ts
index a909faa9c..84b50ef4c 100644
--- a/test/browser/2-0-additional-evidence.test.ts
+++ b/test/browser/2-0-additional-evidence.test.ts
@@ -85,7 +85,6 @@ describe('Additional Evidence @mya @nightly', function () {
 
     await page.reload();
     statusPage.verifyPage();
-    this.await(10);
     await additionalEvidencePage.visitPage();
   });
 

From 1c017b7216a330c796c0f07ab71ff426e880abb2 Mon Sep 17 00:00:00 2001
From: NHAL22 <113360585+NHAL22@users.noreply.github.com>
Date: Mon, 9 Dec 2024 16:19:35 +0000
Subject: [PATCH 08/15] add field for functional test

---
 app/common/locale/content.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/common/locale/content.json b/app/common/locale/content.json
index fc4979473..4d4a6d09f 100644
--- a/app/common/locale/content.json
+++ b/app/common/locale/content.json
@@ -1609,6 +1609,7 @@
       "telephone": {
         "title": "Ffoniwch ni",
         "desc": "Siaradwch ag un o’n asiantau dros y ffôn nawr.",
+        "charges": "Gwybodaeth am brisiau galwadau",
         "England": {
           "desc": "Llinell gymorth apeliadau budd-daliadau (Cymru a Lloegr - Siaradwyr Cymraeg)",
           "phone": "Rhif ffôn: 0300 303 5170",

From ae23af62de3d3c400c8fce42382e0e962203287d Mon Sep 17 00:00:00 2001
From: NHAL22 <113360585+NHAL22@users.noreply.github.com>
Date: Tue, 10 Dec 2024 15:46:12 +0000
Subject: [PATCH 09/15] update yarn file

---
 yarn-audit-known-issues | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
index f46cae9ac..70508ff50 100755
--- a/yarn-audit-known-issues
+++ b/yarn-audit-known-issues
@@ -1 +1 @@
-{"actions":[],"advisories":{"1096727":{"findings":[{"version":"2.88.2","paths":["promise-request-retry>request","promise-request-retry>coveralls>request"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://security.netapp.com/advisory/ntap-20230413-0007\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","id":1096727,"npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","reported_by":null,"title":"Server-Side Request Forgery in Request","metadata":null,"cves":["CVE-2023-28155"],"access":"public","severity":"moderate","module_name":"request","vulnerable_versions":"<=2.88.2","github_advisory_id":"GHSA-p8p7-x288-28g6","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-03-21T17:47:21.000Z","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"},"1099516":{"findings":[{"version":"3.0.0","paths":["i18next-conv>node-gettext"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-21528\n- https://security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943\n- https://github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js#L113\n- https://github.com/advisories/GHSA-g974-hxvm-x689","created":"2024-09-10T06:30:48.000Z","id":1099516,"npm_advisory_id":null,"overview":"All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.","reported_by":null,"title":"node-gettext vulnerable to Prototype Pollution","metadata":null,"cves":["CVE-2024-21528"],"access":"public","severity":"moderate","module_name":"node-gettext","vulnerable_versions":"<=3.0.0","github_advisory_id":"GHSA-g974-hxvm-x689","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-09-10T15:52:57.000Z","cvss":{"score":5.9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-g974-hxvm-x689"},"1099846":{"findings":[{"version":"0.4.1","paths":["cookie-parser>cookie"]}],"found_by":null,"deleted":null,"references":"- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x\n- https://github.com/jshttp/cookie/pull/167\n- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c\n- https://github.com/advisories/GHSA-pxg6-pf52-xh8x","created":"2024-10-04T20:31:00.000Z","id":1099846,"npm_advisory_id":null,"overview":"### Impact\n\nThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize(\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a\", value)` would result in `\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test\"`, setting `userName` cookie to `<script>` and ignoring `value`.\n\nA similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.\n\n### Patches\n\nUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.\n\n### Workarounds\n\nAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.\n\n### References\n\n* https://github.com/jshttp/cookie/pull/167","reported_by":null,"title":"cookie accepts cookie name, path, and domain with out of bounds characters","metadata":null,"cves":["CVE-2024-47764"],"access":"public","severity":"low","module_name":"cookie","vulnerable_versions":"<0.7.0","github_advisory_id":"GHSA-pxg6-pf52-xh8x","recommendation":"Upgrade to version 0.7.0 or later","patched_versions":">=0.7.0","updated":"2024-10-04T20:31:01.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-74"],"url":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":1,"moderate":3,"high":0,"critical":0},"dependencies":435,"devDependencies":96,"optionalDependencies":0,"totalDependencies":531}}
+{"actions":[],"advisories":{"1096727":{"findings":[{"version":"2.88.2","paths":["promise-request-retry>request","promise-request-retry>coveralls>request"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://security.netapp.com/advisory/ntap-20230413-0007\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","id":1096727,"npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","reported_by":null,"title":"Server-Side Request Forgery in Request","metadata":null,"cves":["CVE-2023-28155"],"access":"public","severity":"moderate","module_name":"request","vulnerable_versions":"<=2.88.2","github_advisory_id":"GHSA-p8p7-x288-28g6","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-03-21T17:47:21.000Z","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"},"1099846":{"findings":[{"version":"0.4.1","paths":["cookie-parser>cookie"]}],"found_by":null,"deleted":null,"references":"- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x\n- https://github.com/jshttp/cookie/pull/167\n- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c\n- https://github.com/advisories/GHSA-pxg6-pf52-xh8x","created":"2024-10-04T20:31:00.000Z","id":1099846,"npm_advisory_id":null,"overview":"### Impact\n\nThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize(\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a\", value)` would result in `\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test\"`, setting `userName` cookie to `<script>` and ignoring `value`.\n\nA similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.\n\n### Patches\n\nUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.\n\n### Workarounds\n\nAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.\n\n### References\n\n* https://github.com/jshttp/cookie/pull/167","reported_by":null,"title":"cookie accepts cookie name, path, and domain with out of bounds characters","metadata":null,"cves":["CVE-2024-47764"],"access":"public","severity":"low","module_name":"cookie","vulnerable_versions":"<0.7.0","github_advisory_id":"GHSA-pxg6-pf52-xh8x","recommendation":"Upgrade to version 0.7.0 or later","patched_versions":">=0.7.0","updated":"2024-10-04T20:31:01.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-74"],"url":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":1,"moderate":3,"high":0,"critical":0},"dependencies":435,"devDependencies":96,"optionalDependencies":0,"totalDependencies":531}}

From 2b2b51b24212627282c11c66613e0bfe9d264c99 Mon Sep 17 00:00:00 2001
From: NHAL22 <113360585+NHAL22@users.noreply.github.com>
Date: Tue, 10 Dec 2024 15:46:54 +0000
Subject: [PATCH 10/15] ignore vulnerabilities

---
 yarn-audit-known-issues | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
index 70508ff50..a11c06ce7 100755
--- a/yarn-audit-known-issues
+++ b/yarn-audit-known-issues
@@ -1 +1 @@
-{"actions":[],"advisories":{"1096727":{"findings":[{"version":"2.88.2","paths":["promise-request-retry>request","promise-request-retry>coveralls>request"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://security.netapp.com/advisory/ntap-20230413-0007\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","id":1096727,"npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","reported_by":null,"title":"Server-Side Request Forgery in Request","metadata":null,"cves":["CVE-2023-28155"],"access":"public","severity":"moderate","module_name":"request","vulnerable_versions":"<=2.88.2","github_advisory_id":"GHSA-p8p7-x288-28g6","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-03-21T17:47:21.000Z","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"},"1099846":{"findings":[{"version":"0.4.1","paths":["cookie-parser>cookie"]}],"found_by":null,"deleted":null,"references":"- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x\n- https://github.com/jshttp/cookie/pull/167\n- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c\n- https://github.com/advisories/GHSA-pxg6-pf52-xh8x","created":"2024-10-04T20:31:00.000Z","id":1099846,"npm_advisory_id":null,"overview":"### Impact\n\nThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize(\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a\", value)` would result in `\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test\"`, setting `userName` cookie to `<script>` and ignoring `value`.\n\nA similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.\n\n### Patches\n\nUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.\n\n### Workarounds\n\nAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.\n\n### References\n\n* https://github.com/jshttp/cookie/pull/167","reported_by":null,"title":"cookie accepts cookie name, path, and domain with out of bounds characters","metadata":null,"cves":["CVE-2024-47764"],"access":"public","severity":"low","module_name":"cookie","vulnerable_versions":"<0.7.0","github_advisory_id":"GHSA-pxg6-pf52-xh8x","recommendation":"Upgrade to version 0.7.0 or later","patched_versions":">=0.7.0","updated":"2024-10-04T20:31:01.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-74"],"url":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":1,"moderate":3,"high":0,"critical":0},"dependencies":435,"devDependencies":96,"optionalDependencies":0,"totalDependencies":531}}
+{"actions":[],"advisories":{"1096727":{"findings":[{"version":"2.88.2","paths":["promise-request-retry>request","promise-request-retry>coveralls>request"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://security.netapp.com/advisory/ntap-20230413-0007\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","id":1096727,"npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","reported_by":null,"title":"Server-Side Request Forgery in Request","metadata":null,"cves":["CVE-2023-28155"],"access":"public","severity":"moderate","module_name":"request","vulnerable_versions":"<=2.88.2","github_advisory_id":"GHSA-p8p7-x288-28g6","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-03-21T17:47:21.000Z","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"cwe":["CWE-918"],"url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"},"1099846":{"findings":[{"version":"0.4.1","paths":["cookie-parser>cookie"]}],"found_by":null,"deleted":null,"references":"- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x\n- https://github.com/jshttp/cookie/pull/167\n- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c\n- https://github.com/advisories/GHSA-pxg6-pf52-xh8x","created":"2024-10-04T20:31:00.000Z","id":1099846,"npm_advisory_id":null,"overview":"### Impact\n\nThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize(\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a\", value)` would result in `\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test\"`, setting `userName` cookie to `<script>` and ignoring `value`.\n\nA similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.\n\n### Patches\n\nUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.\n\n### Workarounds\n\nAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.\n\n### References\n\n* https://github.com/jshttp/cookie/pull/167","reported_by":null,"title":"cookie accepts cookie name, path, and domain with out of bounds characters","metadata":null,"cves":["CVE-2024-47764"],"access":"public","severity":"low","module_name":"cookie","vulnerable_versions":"<0.7.0","github_advisory_id":"GHSA-pxg6-pf52-xh8x","recommendation":"Upgrade to version 0.7.0 or later","patched_versions":">=0.7.0","updated":"2024-10-04T20:31:01.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-74"],"url":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x"},"1100531":{"findings":[{"version":"3.0.0","paths":["i18next-conv>node-gettext"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-21528\n- https://security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943\n- https://github.com/alexanderwallin/node-gettext/blob/65d9670f691c2eeca40dce129c95bcf8b613d344/lib/gettext.js#L113\n- https://github.com/advisories/GHSA-g974-hxvm-x689","created":"2024-09-10T06:30:48.000Z","id":1100531,"npm_advisory_id":null,"overview":"All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.","reported_by":null,"title":"node-gettext vulnerable to Prototype Pollution","metadata":null,"cves":["CVE-2024-21528"],"access":"public","severity":"high","module_name":"node-gettext","vulnerable_versions":"<=3.0.0","github_advisory_id":"GHSA-g974-hxvm-x689","recommendation":"None","patched_versions":"<0.0.0","updated":"2024-11-18T16:27:11.000Z","cvss":{"score":5.9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1321"],"url":"https://github.com/advisories/GHSA-g974-hxvm-x689"},"1100562":{"findings":[{"version":"4.0.2","paths":["eslint-plugin-mocha>eslint>cross-spawn","copy-webpack-plugin>webpack>webpack-cli>cross-spawn"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-21538\n- https://github.com/moxystudio/node-cross-spawn/pull/160\n- https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\n- https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\n- https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230\n- https://github.com/moxystudio/node-cross-spawn/issues/165\n- https://github.com/moxystudio/node-cross-spawn/commit/d35c865b877d2f9ded7c1ed87521c2fdb689c8dd\n- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349\n- https://github.com/advisories/GHSA-3xgq-45jj-v275","created":"2024-11-08T06:30:47.000Z","id":1100562,"npm_advisory_id":null,"overview":"Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in cross-spawn","metadata":null,"cves":["CVE-2024-21538"],"access":"public","severity":"high","module_name":"cross-spawn","vulnerable_versions":"<6.0.6","github_advisory_id":"GHSA-3xgq-45jj-v275","recommendation":"Upgrade to version 6.0.6 or later","patched_versions":">=6.0.6","updated":"2024-11-19T16:19:50.000Z","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-3xgq-45jj-v275"},"1101081":{"findings":[{"version":"0.1.10","paths":["express>path-to-regexp"]}],"found_by":null,"deleted":null,"references":"- https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w\n- https://blakeembrey.com/posts/2024-09-web-redos\n- https://nvd.nist.gov/vuln/detail/CVE-2024-52798\n- https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4\n- https://github.com/advisories/GHSA-rhx6-c78j-4q9w","created":"2024-12-05T22:40:47.000Z","id":1101081,"npm_advisory_id":null,"overview":"### Impact\n\nThe regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of `path-to-regexp`, originally reported in CVE-2024-45296\n\n### Patches\n\nUpgrade to 0.1.12.\n\n### Workarounds\n\nAvoid using two parameters within a single path segment, when the separator is not `.` (e.g. no `/:a-:b`). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.\n\n### References\n\n- https://github.com/advisories/GHSA-9wv6-86v2-598j\n- https://blakeembrey.com/posts/2024-09-web-redos/","reported_by":null,"title":"Unpatched `path-to-regexp` ReDoS in 0.1.x","metadata":null,"cves":["CVE-2024-52798"],"access":"public","severity":"moderate","module_name":"path-to-regexp","vulnerable_versions":"<0.1.12","github_advisory_id":"GHSA-rhx6-c78j-4q9w","recommendation":"Upgrade to version 0.1.12 or later","patched_versions":">=0.1.12","updated":"2024-12-06T00:33:29.000Z","cvss":{"score":0,"vectorString":null},"cwe":["CWE-1333"],"url":"https://github.com/advisories/GHSA-rhx6-c78j-4q9w"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":1,"moderate":3,"high":3,"critical":0},"dependencies":435,"devDependencies":96,"optionalDependencies":0,"totalDependencies":531}}

From f1e08fa41cdda80f4202d2b0f62041b45cddc83b Mon Sep 17 00:00:00 2001
From: Arunabha Chowdhury <90389022+ArunabhaChowdhury@users.noreply.github.com>
Date: Tue, 7 Jan 2025 11:48:46 +0000
Subject: [PATCH 11/15] Investigating failing cross browser test in nightly
 pipeline

---
 .../journeys/myaLandingPage.test.js           | 40 +++++++++----------
 test/crossbrowser/saucelabs.conf.ts           | 12 +++---
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/test/crossbrowser/journeys/myaLandingPage.test.js b/test/crossbrowser/journeys/myaLandingPage.test.js
index f2c5dd141..28e02765c 100644
--- a/test/crossbrowser/journeys/myaLandingPage.test.js
+++ b/test/crossbrowser/journeys/myaLandingPage.test.js
@@ -19,25 +19,25 @@ Scenario(
       await I.uploadEvidence();
     }
   }
-).retry(2);
+).retry(0);
 
-Scenario(
-  'Welsh - can track appeal status via manager your appeal',
-  async ({ I }) => {
-    if (appealData === null) {
-      console.log('Failed to create test data');
-    } else {
-      await I.loginToANewCase(appealData);
-      await I.verifyWelshAppellantPostCode();
-      await I.waitForElement('.govuk-heading-xl', 10);
-      await I.verifyWelshStatusHeader();
-      await I.uploadWelshEvidence();
-    }
-  }
-).retry(1);
+// Scenario(
+//   'Welsh - can track appeal status via manager your appeal',
+//   async ({ I }) => {
+//     if (appealData === null) {
+//       console.log('Failed to create test data');
+//     } else {
+//       await I.loginToANewCase(appealData);
+//       await I.verifyWelshAppellantPostCode();
+//       await I.waitForElement('.govuk-heading-xl', 10);
+//       await I.verifyWelshStatusHeader();
+//       await I.uploadWelshEvidence();
+//     }
+//   }
+// ).retry(1);
 
-After(async ({ I }) => {
-  if (appealData && appealData.sidamUser) {
-    await I.deleteUser(appealData.sidamUser);
-  }
-});
+// After(async ({ I }) => {
+//   if (appealData && appealData.sidamUser) {
+//     await I.deleteUser(appealData.sidamUser);
+//   }
+// });
diff --git a/test/crossbrowser/saucelabs.conf.ts b/test/crossbrowser/saucelabs.conf.ts
index 7d43f71f3..a82832731 100644
--- a/test/crossbrowser/saucelabs.conf.ts
+++ b/test/crossbrowser/saucelabs.conf.ts
@@ -66,12 +66,12 @@ export const setupConfig = {
     chrome: {
       browsers: getBrowserConfig('chromium'),
     },
-    firefox: {
-      browsers: getBrowserConfig('firefox'),
-    },
-    webkit: {
-      browsers: getBrowserConfig('webkit'),
-    },
+    // firefox: {
+    //   browsers: getBrowserConfig('firefox'),
+    // },
+    // webkit: {
+    //   browsers: getBrowserConfig('webkit'),
+    // },
   },
   name: 'SSCS COR Crossbrowser Tests',
 };

From 3ba854c5edee145ff044c65c453f63e7d76391ff Mon Sep 17 00:00:00 2001
From: Pettedson John <pettedson.john1@hmcts.net>
Date: Tue, 7 Jan 2025 16:15:38 +0000
Subject: [PATCH 12/15] test: fixed the added benefit appeal post code check

---
 test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js b/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js
index 2a150ac48..8057d19ce 100644
--- a/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js
+++ b/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js
@@ -1,6 +1,8 @@
 function verifyAppeallantPostCode() {
   const I = this;
   I.wait(5);
+  I.click('[for=\'appeal-type-otherBenefits\']')
+  I.wait(1);
   I.fillField('#postcode', 'TN32 6PL');
   I.click('#assign-case');
 }
@@ -11,6 +13,8 @@ function verifyWelshAppellantPostCode() {
   I.wait(5);
   I.click('.govuk-link.language');
   I.wait(5);
+  I.click('[for=\'appeal-type-otherBenefits\']')
+  I.wait(1);
   I.fillField('#postcode', 'TN32 6PL');
   I.click('#assign-case');
 }

From 6add3e48dc9ceecffda5e1ec9e5a7c87322966d9 Mon Sep 17 00:00:00 2001
From: Pettedson John <pettedson.john1@hmcts.net>
Date: Tue, 7 Jan 2025 16:34:01 +0000
Subject: [PATCH 13/15] test: fix for the post code verification issue for
 benefit appeals.

---
 test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js b/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js
index 2a150ac48..8057d19ce 100644
--- a/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js
+++ b/test/crossbrowser/pages/postcode/verifyAppeallantPostCode.js
@@ -1,6 +1,8 @@
 function verifyAppeallantPostCode() {
   const I = this;
   I.wait(5);
+  I.click('[for=\'appeal-type-otherBenefits\']')
+  I.wait(1);
   I.fillField('#postcode', 'TN32 6PL');
   I.click('#assign-case');
 }
@@ -11,6 +13,8 @@ function verifyWelshAppellantPostCode() {
   I.wait(5);
   I.click('.govuk-link.language');
   I.wait(5);
+  I.click('[for=\'appeal-type-otherBenefits\']')
+  I.wait(1);
   I.fillField('#postcode', 'TN32 6PL');
   I.click('#assign-case');
 }

From 56493b8bd716e450b33f1b6a2bcd990128edc86b Mon Sep 17 00:00:00 2001
From: taleb <tech@benouaer.com>
Date: Tue, 14 Jan 2025 11:37:25 +0000
Subject: [PATCH 14/15] SSCSCI-1568: remove empty anchor tag

---
 views/components/mya-contact-us.njk | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/views/components/mya-contact-us.njk b/views/components/mya-contact-us.njk
index 0c6e3cf9f..f96905842 100644
--- a/views/components/mya-contact-us.njk
+++ b/views/components/mya-contact-us.njk
@@ -77,10 +77,6 @@
                      href="https://www.gov.uk/call-charges"
                      target="_blank">{{ content[i18n.language].contactUs.telephone.charges }}</a>
                 </p>
-                <p class="govuk-body govuk-!-margin-bottom-2">
-                  {{ content[i18n.language].contactUs.telephone.ibca.WelshSpeakers.emailText }}
-                  <a href="mailto:Contactsscs@justice.gov.uk">{{ content[i18n.language].contactUs.telephone.ibca.WelshSpeakers.emailAddress }}</a>
-                </p>
               <!-- IBCA AllOthers -->
               <p class="govuk-body govuk-!-margin-bottom-2">{{ content[i18n.language].contactUs.telephone.ibca.desc }}</p>
               <h3 class="govuk-heading-s govuk-!-margin-bottom-0">{{ content[i18n.language].contactUs.telephone.ibca.AllOthers.desc }}</h3>

From a91f15d8d8ccbb2ba36121dd33a358eb6dc07feb Mon Sep 17 00:00:00 2001
From: taleb <tech@benouaer.com>
Date: Tue, 14 Jan 2025 11:43:01 +0000
Subject: [PATCH 15/15] SSCSCI-1539: reinstate commented out lines

---
 .../journeys/myaLandingPage.test.js           | 40 +++++++++----------
 test/crossbrowser/saucelabs.conf.ts           | 12 +++---
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/test/crossbrowser/journeys/myaLandingPage.test.js b/test/crossbrowser/journeys/myaLandingPage.test.js
index 28e02765c..f2c5dd141 100644
--- a/test/crossbrowser/journeys/myaLandingPage.test.js
+++ b/test/crossbrowser/journeys/myaLandingPage.test.js
@@ -19,25 +19,25 @@ Scenario(
       await I.uploadEvidence();
     }
   }
-).retry(0);
+).retry(2);
 
-// Scenario(
-//   'Welsh - can track appeal status via manager your appeal',
-//   async ({ I }) => {
-//     if (appealData === null) {
-//       console.log('Failed to create test data');
-//     } else {
-//       await I.loginToANewCase(appealData);
-//       await I.verifyWelshAppellantPostCode();
-//       await I.waitForElement('.govuk-heading-xl', 10);
-//       await I.verifyWelshStatusHeader();
-//       await I.uploadWelshEvidence();
-//     }
-//   }
-// ).retry(1);
+Scenario(
+  'Welsh - can track appeal status via manager your appeal',
+  async ({ I }) => {
+    if (appealData === null) {
+      console.log('Failed to create test data');
+    } else {
+      await I.loginToANewCase(appealData);
+      await I.verifyWelshAppellantPostCode();
+      await I.waitForElement('.govuk-heading-xl', 10);
+      await I.verifyWelshStatusHeader();
+      await I.uploadWelshEvidence();
+    }
+  }
+).retry(1);
 
-// After(async ({ I }) => {
-//   if (appealData && appealData.sidamUser) {
-//     await I.deleteUser(appealData.sidamUser);
-//   }
-// });
+After(async ({ I }) => {
+  if (appealData && appealData.sidamUser) {
+    await I.deleteUser(appealData.sidamUser);
+  }
+});
diff --git a/test/crossbrowser/saucelabs.conf.ts b/test/crossbrowser/saucelabs.conf.ts
index a82832731..7d43f71f3 100644
--- a/test/crossbrowser/saucelabs.conf.ts
+++ b/test/crossbrowser/saucelabs.conf.ts
@@ -66,12 +66,12 @@ export const setupConfig = {
     chrome: {
       browsers: getBrowserConfig('chromium'),
     },
-    // firefox: {
-    //   browsers: getBrowserConfig('firefox'),
-    // },
-    // webkit: {
-    //   browsers: getBrowserConfig('webkit'),
-    // },
+    firefox: {
+      browsers: getBrowserConfig('firefox'),
+    },
+    webkit: {
+      browsers: getBrowserConfig('webkit'),
+    },
   },
   name: 'SSCS COR Crossbrowser Tests',
 };