From 71c9d280e03d7faa226f920bf7eba935110863e2 Mon Sep 17 00:00:00 2001
From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com>
Date: Mon, 2 Feb 2026 17:11:55 +0000
Subject: [PATCH 1/2] chore: copy fast-xml-parser ignore from fhir api

---
 .trivyignore.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index e9e00f0..4f9c1e6 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -4,3 +4,6 @@ vulnerabilities:
       - "package-lock.json"
     statement: downstream dependency for tar - waiting for new npm release
     expired_at: 2026-06-01
+  - id: CVE-2026-25128
+    statement: fast-xml-parser vulnerability accepted as risk - dependency of aws-sdk/client-dynamodb
+    expired_at: 2026-03-01

From 180b0bf0f05c2d6c9dfd7417b3599942e0d027e7 Mon Sep 17 00:00:00 2001
From: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com>
Date: Mon, 2 Feb 2026 17:23:01 +0000
Subject: [PATCH 2/2] trigger build