v1.0.550-alpha

NPA-6501: bump spec version before release (#318)

# Pull Request

## 🧾 Ticket Link

<!-- Add the Jira ticket link here -->

https://nhsd-jira.digital.nhs.uk/browse/NPA-6501

---

## 📄 Description/Summary of Changes

<!-- Describe the changes made in this PR. Include the
purpose/scope/impact of the changes -->

- <!-- Briefly describe the key changes in this PR -->

---

## 🧪 Developer Testing Carried Out

<!-- Describe what tests (automated/unit/manual etc.) have been done for
the ticket. Include: -->
<!-- - Any tests added/updated -->
<!-- - Evidence that each acceptance criterion from the Jira ticket is
met -->
<!-- - Evidence of tests running eg. link to github workflow with tests
passing or screenshot of tests running locally -->

- <!-- Briefly describe the testing carried out in this PR -->

---

## 📋 PR Principles

<!-- Principles we as a team follow when conducting a PR -->

- Keep PRs Small and Focused: Ensure the PR addresses a single task or
feature to make it easier to review.
- Multiple PRs for one Ticket: When splitting work into multiple PRs,
clearly describe what this PR addresses and outline the remaining work
to complete the ticket.
- Ensure Tests Are Included: Add or update unit, integration, or
end-to-end tests to cover the changes made.
- Follow Coding Standards: Ensure the code adheres to the team's coding
guidelines and best practices.
- Resolve Comments Promptly: If you raise a comment, ensure you follow
up and resolve it before approving the PR to maintain clarity and ensure
comments are addressed.
- Foster Learning: PR reviews are an opportunity to share knowledge,
provide constructive feedback, and encourage a collaborative
environment.

## 🏷️ Naming Conventions Reminder

Please ensure the following naming conventions are followed:

- PR title follows the format: `NPA-XXXX: <short-description>`
- Branch name follows the convention:
`<type>/NPA-XXXX/<short-description>`
- Commit messages follow the template: `NPA-XXXX: <short-description>`

v1.0.549-alpha

NPA-6263: Update GET RelatedPerson examples to ensure the patient res…

v1.0.548-alpha

no-ticket: update pr template (#316)

# Pull Request

## 🧾 Ticket Link

<!-- Add the Jira ticket link here -->

https://nhsd-jira.digital.nhs.uk/browse/no-ticket

---

## 📄 Description/Summary of Changes

<!-- Describe the changes made in this PR. Include the
purpose/scope/impact of the changes -->

- Updated pull request template

---

## 🧪 Developer Testing Carried Out

<!-- Describe what tests (automated/unit/manual etc.) have been done for
the ticket. Include: -->
<!-- - Any tests added/updated -->
<!-- - Evidence that each acceptance criterion from the Jira ticket is
met -->
<!-- - Evidence of tests running eg. link to github workflow with tests
passing or screenshot of tests running locally -->

- <!-- Briefly describe the testing carried out in this PR -->

---

## 📋 PR Principles

<!-- Principles we as a team follow when conducting a PR -->

- Keep PRs Small and Focused: Ensure the PR addresses a single task or
feature to make it easier to review.
- Multiple PRs for one Ticket: When splitting work into multiple PRs,
clearly describe what this PR addresses and outline the remaining work
to complete the ticket.
- Ensure Tests Are Included: Add or update unit, integration, or
end-to-end tests to cover the changes made.
- Follow Coding Standards: Ensure the code adheres to the team's coding
guidelines and best practices.
- Resolve Comments Promptly: If you raise a comment, ensure you follow
up and resolve it before approving the PR to maintain clarity and ensure
comments are addressed.
- Foster Learning: PR reviews are an opportunity to share knowledge,
provide constructive feedback, and encourage a collaborative
environment.

## 🏷️ Naming Conventions Reminder

Please ensure the following naming conventions are followed:

- PR title follows the format: `NPA-XXXX: <short-description>`
- Branch name follows the convention:
`<type>/NPA-XXXX/<short-description>`
- Commit messages follow the template: `NPA-XXXX: <short-description>`

v1.0.547-alpha

NPA-6333: Runbook - Resolve Dependabot Alerts (#315)

# Pull Request

## 🧾 Ticket Link

https://nhsd-jira.digital.nhs.uk/browse/NPA-6333

---

## 📄 Description/Summary of Changes

- Runbook for resolving dependabot pull requests
- Remove unused dependencies
- Align dependency versions across project directories

---

## 🧪 Developer Testing Carried Out

- make test
- make generate-postman-collection
- make release (clean publish build-proxy)
- make schema-all 
- make test (/sandbox)
- make build (/sandbox) 

---

## 🧪 Reviewer Testing Required

- Review new runbook

---

## ✅ Developer Checklist

- [x] PR title follows the format: `NPA-XXXX: <short-description>`
- [x] Branch name follows the convention:
`<type>/NPA-XXXX/<short-description>`
- [x] Commit messages follow the template: `NPA-XXXX:
<short-description>`
- [ ] All acceptance criteria from the Jira ticket are addressed
- [ ] Automated tests (unit/integration/API/infrastructure etc. tests)
are added or updated
- [ ] Assignees and appropriate labels (e.g. `terraform`,
`documentation`) are added

---

## 👀 Reviewer Checklist

<!-- To be completed by the reviewer -->

- [ ] Changes meet the acceptance criteria of the Jira ticket
- [ ] Code is able to be merged (no conflicts and adheres to coding
standards)
- [ ] Sufficient test evidence is provided (manual and/or automated)
- [ ] Infrastructure/operational/build changes are validated (if
applicable)

---

## 🚀 Post-merge

<!-- Actions to complete after merging -->

After merging and deploying changes to the sandbox, Postman collection
or spec examples please run the Run Postman
collection workflow.

This will run the tests within the collection to check that the sandbox
is working as expected once deployed.

v1.0.546-alpha

Bump the pip group across 1 directory with 2 updates (#314)

Bumps the pip group with 2 updates in the /scripts directory:
[authlib](https://github.com/authlib/authlib) and
[cryptography](https://github.com/pyca/cryptography).

Updates `authlib` from 1.6.5 to 1.6.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/authlib/authlib/releases">authlib's
releases</a>.</em></p>
<blockquote>
<h2>v1.6.7</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7">https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7</a></p>
<p>Set supported algorithms for the default <code>jwt</code>
instance.</p>
<h2>v1.6.6</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(ClientAuth): fix incorrect signature when Content-Type is
x-www-form-urlencoded by <a
href="https://github.com/shc261392"><code>@​shc261392</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/778">authlib/authlib#778</a></li>
<li>Fix: Use <code>expires_in</code> when <code>expires_at</code> is
unparsable by <a
href="https://github.com/bendavis78"><code>@​bendavis78</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/842">authlib/authlib#842</a></li>
<li><code>get_jwt_config</code> takes a <code>client</code> parameter.
by <a href="https://github.com/azmeuk"><code>@​azmeuk</code></a> in <a
href="https://redirect.github.com/authlib/authlib/pull/844">authlib/authlib#844</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/shc261392"><code>@​shc261392</code></a>
made their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/778">authlib/authlib#778</a></li>
<li><a
href="https://github.com/bendavis78"><code>@​bendavis78</code></a> made
their first contribution in <a
href="https://redirect.github.com/authlib/authlib/pull/842">authlib/authlib#842</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6">https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>.. meta::
:description: The full list of changes between each Authlib release.</p>
<p>Here you can see the full list of changes between each Authlib
release.</p>
<h2>Version 1.7.0</h2>
<p><strong>Unreleased</strong></p>
<ul>
<li>Add support for <code>OpenID Connect RP-Initiated Logout 1.0
&lt;https://openid.net/specs/openid-connect-rpinitiated-1_0.html&gt;</code>_.
See :ref:<code>specs/rpinitiated</code> for details.
:issue:<code>500</code></li>
<li>Per RFC 6749 Section 3.3, the <code>scope</code> parameter is now
optional at both
authorization and token endpoints.
<code>client.get_allowed_scope()</code> is called
to determine the default scope when omitted.
:issue:<code>845</code></li>
<li>Stop support for Python 3.9, start support Python 3.14.
:pr:<code>850</code></li>
<li>Allow <code>AuthorizationServerMetadata.validate()</code> to compose
with RFC extension classes.</li>
<li>Fix <code>expires_at=0</code> being incorrectly treated as
<code>None</code>. :issue:<code>530</code></li>
<li>Allow <code>ResourceProtector</code> decorator to be used without
parentheses. :issue:<code>604</code></li>
<li>Implement RFC9700 PKCE downgrade countermeasure.</li>
</ul>
<p>Upgrade Guide: :ref:<code>joserfc_upgrade</code>.</p>
<h2>Version 1.6.6</h2>
<p><strong>Released on Dec 12, 2025</strong></p>
<ul>
<li><code>get_jwt_config</code> takes a <code>client</code> parameter,
:pr:<code>844</code>.</li>
<li>Fix incorrect signature when <code>Content-Type</code> is
x-www-form-urlencoded for OAuth 1.0 Client, :pr:<code>778</code>.</li>
<li>Use <code>expires_in</code> in <code>OAuth2Token</code> when
<code>expires_at</code> is unparsable, :pr:<code>842</code>.</li>
<li>Always track <code>state</code> in session for OAuth client
integrations.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/authlib/authlib/commit/38e872a3f5b97d2658507acc8762a4e18adaa50e"><code>38e872a</code></a>
chore: release 1.6.7</li>
<li><a
href="https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"><code>b87c32e</code></a>
fix: remove &quot;none&quot; algorithm from default jwt instance</li>
<li><a
href="https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774"><code>bb7a315</code></a>
chore: release 1.6.6</li>
<li><a
href="https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2"><code>0a423d4</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/844">#844</a>
from azmeuk/806-get-jwt-config-client</li>
<li><a
href="https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489"><code>2808378</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda"><code>714502a</code></a>
feat: get_jwt_config takes a client parameter</li>
<li><a
href="https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2"><code>260d04e</code></a>
Fix: Use <code>expires_in</code> when <code>expires_at</code> is
unparsable</li>
<li><a
href="https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8"><code>eb37124</code></a>
Merge pull request <a
href="https://redirect.github.com/authlib/authlib/issues/778">#778</a>
from shc261392/fix-httpx-oauth1-form-data-incorrect-s...</li>
<li><a
href="https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62"><code>0ba9ec4</code></a>
docs: fix guide on requests self signed certificate</li>
<li><a
href="https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91"><code>a2e9943</code></a>
docs: indicate that <a
href="https://redirect.github.com/authlib/authlib/issues/743">#743</a>
needs a migration</li>
<li>Additional commits viewable in <a
href="https://github.com/authlib/authlib/compare/v1.6.5...v1.6.7">compare
view</a></li>
</ul>
</details>
<br />

Updates `cryptography` from 46.0.3 to 46.0.5
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.5 - 2026-02-10</p>
<pre><code>
* An attacker could create a malicious public key that reveals portions
of your
private key when using certain uncommon elliptic curves (binary curves).
This version now includes additional security checks to prevent this
attack.
This issue only affects binary elliptic curves, which are rarely used in
real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab
and
Atuin Automated Vulnerability Discovery Engine** for reporting the
issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
<p>.. v46-0-4:</p>
<p>46.0.4 - 2026-01-27<br />
</code></pre></p>
<ul>
<li><code>Dropped support for win_arm64 wheels</code>_.</li>
<li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL
3.5.5.</li>
</ul>
<p>.. _v46-0-3:</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad"><code>06e120e</code></a>
bump version for 46.0.5 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14289">#14289</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"><code>0eebb9d</code></a>
EC check key on cofactor &gt; 1 (<a
href="https://redirect.github.com/pyca/cryptography/issues/14287">#14287</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e"><code>bedf6e1</code></a>
fix openssl version on 46 branch (<a
href="https://redirect.github.com/pyca/cryptography/issues/14220">#14220</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471"><code>e6f44fc</code></a>
bump for 46.0.4 and drop win arm64 due to CI issues (<a
href="https://redirect.github.com/pyca/cryptography/issues/14217">#14217</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.3...46.0.5">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/NHSDigital/validated-relationships-service-api/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Knapp <tomknapp@users.noreply.github.com>

v1.0.545-alpha

npm (deps): bump minimatch (#311)

Bumps and [minimatch](https://github.com/isaacs/minimatch). These
dependencies needed to be updated together.
Updates `minimatch` from 8.0.4 to 8.0.7
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/isaacs/minimatch/commit/c11bafe35cc776ae605a6f4159b2d996617d9a8c"><code>c11bafe</code></a>
8.0.7</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/abf190066b4c52778727bbe8b97d15520e51dcc4"><code>abf1900</code></a>
docs: add warning about ReDoS</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/be84a30c946bccc484d487d00abab34e43bd4214"><code>be84a30</code></a>
fix partial matching of globstar patterns</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/a5f07f4b8de8a068e8fcafd44e7cafc2a8fe7be3"><code>a5f07f4</code></a>
8.0.6</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/c42643a37d6b2e8bfd19f0d0d0bb2bc1b54e4ddf"><code>c42643a</code></a>
lock node to v16 in dev</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/9bbb456075ed81dee339c195be3e6091147a55a9"><code>9bbb456</code></a>
limit nested extglob recursion, flatten extglobs</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/f4ce011fce4be95c6af74182a772c92df83e6722"><code>f4ce011</code></a>
8.0.5</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/50c739a7beea08a26a05508c36e9602f3348d32b"><code>50c739a</code></a>
update CI matrix and actions</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/e16b0f0ec4c2be9c27b136ceacc58b13cf05e450"><code>e16b0f0</code></a>
update test expectations for coalesced consecutive stars</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/5173367083a01c3892b29df8366ee6de44e76ef6"><code>5173367</code></a>
coalesce consecutive non-globstar * characters</li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/minimatch/compare/v8.0.4...v8.0.7">compare
view</a></li>
</ul>
</details>
<br />

Updates `minimatch` from 3.1.2 to 3.1.5
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/isaacs/minimatch/commit/c11bafe35cc776ae605a6f4159b2d996617d9a8c"><code>c11bafe</code></a>
8.0.7</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/abf190066b4c52778727bbe8b97d15520e51dcc4"><code>abf1900</code></a>
docs: add warning about ReDoS</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/be84a30c946bccc484d487d00abab34e43bd4214"><code>be84a30</code></a>
fix partial matching of globstar patterns</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/a5f07f4b8de8a068e8fcafd44e7cafc2a8fe7be3"><code>a5f07f4</code></a>
8.0.6</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/c42643a37d6b2e8bfd19f0d0d0bb2bc1b54e4ddf"><code>c42643a</code></a>
lock node to v16 in dev</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/9bbb456075ed81dee339c195be3e6091147a55a9"><code>9bbb456</code></a>
limit nested extglob recursion, flatten extglobs</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/f4ce011fce4be95c6af74182a772c92df83e6722"><code>f4ce011</code></a>
8.0.5</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/50c739a7beea08a26a05508c36e9602f3348d32b"><code>50c739a</code></a>
update CI matrix and actions</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/e16b0f0ec4c2be9c27b136ceacc58b13cf05e450"><code>e16b0f0</code></a>
update test expectations for coalesced consecutive stars</li>
<li><a
href="https://github.com/isaacs/minimatch/commit/5173367083a01c3892b29df8366ee6de44e76ef6"><code>5173367</code></a>
coalesce consecutive non-globstar * characters</li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/minimatch/compare/v8.0.4...v8.0.7">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/NHSDigital/validated-relationships-service-api/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

v1.0.544-alpha

npm (deps-dev): bump basic-ftp from 5.0.5 to 5.2.0 (#310)

Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.0.5
to 5.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/patrickjuchli/basic-ftp/releases">basic-ftp's
releases</a>.</em></p>
<blockquote>
<h2>5.2.0</h2>
<ul>
<li>Changed: Skip files with invalid name in downloadToDir.</li>
</ul>
<h2>5.1.0</h2>
<ul>
<li>Added: Add the option to prevent the use of separate transfer host
IPs when using PASV. (<a
href="https://redirect.github.com/patrickjuchli/basic-ftp/issues/259">#259</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md">basic-ftp's
changelog</a>.</em></p>
<blockquote>
<h2>5.2.0</h2>
<ul>
<li>Changed: Skip files with invalid name in downloadToDir.</li>
</ul>
<h2>5.1.0</h2>
<ul>
<li>Added: Add the option to prevent the use of separate transfer host
IPs when using PASV. (<a
href="https://redirect.github.com/patrickjuchli/basic-ftp/issues/259">#259</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/5d41e45073ed1a8a3b5e5a1bbfcd131e61295bf8"><code>5d41e45</code></a>
Bump version</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/49c2e73ed1cae4962ae38b33ab93a3548c2f5622"><code>49c2e73</code></a>
Update dependencies</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/2a2a0e6514357b9eda07c2f8afbd3f04727a7cd9"><code>2a2a0e6</code></a>
Skip invalid filenames</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/65c90d949c0f8a9709759dff9e76bbe07061812b"><code>65c90d9</code></a>
Fix permissions for workflows</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/593cb7831bec60d5590acc3eeb2e553f4a431167"><code>593cb78</code></a>
Set permissions for workflow jobs</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/36adf110beabc9acdcad122149a2ea795a2b1a6c"><code>36adf11</code></a>
Remove deprecated CodeQL check</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/9da4af0e1f82fe372bedc1b7820f55c6eaf012e5"><code>9da4af0</code></a>
Update changelog</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/699303975bea182b966f9f34a1ecbbebe92afcef"><code>6993039</code></a>
Improve naming</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/0b8f7560e11af817d70ff17f986b334ba2e99b81"><code>0b8f756</code></a>
Improve naming</li>
<li><a
href="https://github.com/patrickjuchli/basic-ftp/commit/67a53f21623e4047d28d7a6f98f539f1adc9d1d0"><code>67a53f2</code></a>
Bump version</li>
<li>Additional commits viewable in <a
href="https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp&package-manager=npm_and_yarn&previous-version=5.0.5&new-version=5.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/NHSDigital/validated-relationships-service-api/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: tomknapp <tomknapp@users.noreply.github.com>

v1.0.543-alpha

pip (deps): bump werkzeug from 3.1.4 to 3.1.6 in /sandbox (#308)

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.1.4 to
3.1.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/releases">werkzeug's
releases</a>.</em></p>
<blockquote>
<h2>3.1.6</h2>
<p>This is the Werkzeug 3.1.6 security fix release, which fixes a
security issue but does not otherwise change behavior and should not
result in breaking changes compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Werkzeug/3.1.6/">https://pypi.org/project/Werkzeug/3.1.6/</a>
Changes: <a
href="https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6">https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6</a></p>
<ul>
<li><code>safe_join</code> on Windows does not allow special devices
names in multi-segment paths. <a
href="https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x">GHSA-29vq-49wr-vm6x</a></li>
</ul>
<h2>3.1.5</h2>
<p>This is the Werkzeug 3.1.5 security fix release, which fixes security
issues and bugs but does not otherwise change behavior and should not
result in breaking changes compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Werkzeug/3.1.5/">https://pypi.org/project/Werkzeug/3.1.5/</a>
Changes: <a
href="https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5">https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5</a>
Milestone: <a
href="https://github.com/pallets/werkzeug/milestone/43?closed=1">https://github.com/pallets/werkzeug/milestone/43?closed=1</a></p>
<ul>
<li><code>safe_join</code> on Windows does not allow more special device
names, regardless of extension or surrounding spaces. <a
href="https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7">GHSA-87hc-h4r5-73f7</a></li>
<li>The multipart form parser handles a <code>\r\n</code> sequence at a
chunk boundary. This fixes the previous attempt, which caused incorrect
content lengths. <a
href="https://redirect.github.com/pallets/werkzeug/issues/3065">#3065</a>
<a
href="https://redirect.github.com/pallets/werkzeug/issues/3077">#3077</a></li>
<li>Fix <code>AttributeError</code> when initializing
<code>DebuggedApplication</code> with <code>pin_security=False</code>.
<a
href="https://redirect.github.com/pallets/werkzeug/issues/3075">#3075</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.6</h2>
<p>Released 2026-02-19</p>
<ul>
<li><code>safe_join</code> on Windows does not allow special devices
names in
multi-segment paths. :ghsa:<code>29vq-49wr-vm6x</code></li>
</ul>
<h2>Version 3.1.5</h2>
<p>Released 2026-01-08</p>
<ul>
<li><code>safe_join</code> on Windows does not allow more special device
names, regardless
of extension or surrounding spaces.
:ghsa:<code>87hc-h4r5-73f7</code></li>
<li>The multipart form parser handles a <code>\r\n</code> sequence at a
chunk boundary.
This fixes the previous attempt, which caused incorrect content lengths.
:issue:<code>3065</code> :issue:<code>3077</code></li>
<li>Fix <code>AttributeError</code> when initializing
<code>DebuggedApplication</code> with
<code>pin_security=False</code>. :issue:<code>3075</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56"><code>04da1b5</code></a>
release version 3.1.6</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d"><code>f407712</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03"><code>f54fe98</code></a>
safe_join prevents Windows special device names in multi-segment
paths</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b"><code>d005985</code></a>
start version 3.1.6</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7"><code>8565c2c</code></a>
document rule priority (<a
href="https://redirect.github.com/pallets/werkzeug/issues/3102">#3102</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df"><code>3febc7e</code></a>
document rule priority</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181"><code>2525b82</code></a>
remove state machine docs</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f"><code>4abfbd5</code></a>
rewrite build docstring (<a
href="https://redirect.github.com/pallets/werkzeug/issues/3097">#3097</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67"><code>161c18b</code></a>
rewrite build docstring</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d"><code>86e11c2</code></a>
release version 3.1.5 (<a
href="https://redirect.github.com/pallets/werkzeug/issues/3085">#3085</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/werkzeug/compare/3.1.4...3.1.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=werkzeug&package-manager=pip&previous-version=3.1.4&new-version=3.1.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/NHSDigital/validated-relationships-service-api/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

v1.0.542-alpha

pip (deps): bump flask from 3.0.3 to 3.1.3 in /sandbox (#306)

Bumps [flask](https://github.com/pallets/flask) from 3.0.3 to 3.1.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/releases">flask's
releases</a>.</em></p>
<blockquote>
<h2>3.1.3</h2>
<p>This is the Flask 3.1.3 security fix release, which fixes a security
issue but does not otherwise change behavior and should not result in
breaking changes compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Flask/3.1.3/">https://pypi.org/project/Flask/3.1.3/</a>
Changes: <a
href="https://flask.palletsprojects.com/page/changes/#version-3-1-3">https://flask.palletsprojects.com/page/changes/#version-3-1-3</a></p>
<ul>
<li>The session is marked as accessed for operations that only access
the keys but not the values, such as <code>in</code> and
<code>len</code>. <a
href="https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726">GHSA-68rp-wp8r-4726</a></li>
</ul>
<h2>3.1.2</h2>
<p>This is the Flask 3.1.2 fix release, which fixes bugs but does not
otherwise change behavior and should not result in breaking changes
compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Flask/3.1.2/">https://pypi.org/project/Flask/3.1.2/</a>
Changes: <a
href="https://flask.palletsprojects.com/page/changes/#version-3-1-2">https://flask.palletsprojects.com/page/changes/#version-3-1-2</a>
Milestone: <a
href="https://github.com/pallets/flask/milestone/38?closed=1">https://github.com/pallets/flask/milestone/38?closed=1</a></p>
<ul>
<li><code>stream_with_context</code> does not fail inside async views.
<a
href="https://redirect.github.com/pallets/flask/issues/5774">#5774</a></li>
<li>When using <code>follow_redirects</code> in the test client, the
final state of <code>session</code> is correct. <a
href="https://redirect.github.com/pallets/flask/issues/5786">#5786</a></li>
<li>Relax type hint for passing bytes IO to <code>send_file</code>. <a
href="https://redirect.github.com/pallets/flask/issues/5776">#5776</a></li>
</ul>
<h2>3.1.1</h2>
<p>This is the Flask 3.1.1 fix release, which fixes bugs but does not
otherwise change behavior and should not result in breaking changes
compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Flask/3.1.1/">https://pypi.org/project/Flask/3.1.1/</a>
Changes: <a
href="https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1">https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1</a>
Milestone <a
href="https://github.com/pallets/flask/milestone/36?closed=1">https://github.com/pallets/flask/milestone/36?closed=1</a></p>
<ul>
<li>Fix signing key selection order when key rotation is enabled via
<code>SECRET_KEY_FALLBACKS</code>. GHSA-4grg-w6v8-c28g</li>
<li>Fix type hint for <code>cli_runner.invoke</code>. <a
href="https://redirect.github.com/pallets/flask/issues/5645">#5645</a></li>
<li><code>flask --help</code> loads the app and plugins first to make
sure all commands are shown. <a
href="https://redirect.github.com/pallets/flask/issues/5673">#5673</a></li>
<li>Mark sans-io base class as being able to handle views that return
<code>AsyncIterable</code>. This is not accurate for Flask, but makes
typing easier for Quart. <a
href="https://redirect.github.com/pallets/flask/issues/5659">#5659</a></li>
</ul>
<h2>3.1.0</h2>
<p>This is the Flask 3.1.0 feature release. A feature release may
include new features, remove previously deprecated code, add new
deprecations, or introduce potentially breaking changes. We encourage
everyone to upgrade, and to use a tool such as <a
href="https://pypi.org/project/pip-tools/">pip-tools</a> to pin all
dependencies and control upgrades. Test with warnings treated as errors
to be able to adapt to deprecation warnings early.</p>
<p>PyPI: <a
href="https://pypi.org/project/Flask/3.1.0/">https://pypi.org/project/Flask/3.1.0/</a>
Changes: <a
href="https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0">https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0</a>
Milestone: <a
href="https://github.com/pallets/flask/milestone/33?closed=1">https://github.com/pallets/flask/milestone/33?closed=1</a></p>
<ul>
<li>Drop support for Python 3.8. <a
href="https://redirect.github.com/pallets/flask/issues/5623">#5623</a></li>
<li>Update minimum dependency versions to latest feature releases.
Werkzeug &gt;= 3.1, ItsDangerous &gt;= 2.2, Blinker &gt;= 1.9. <a
href="https://redirect.github.com/pallets/flask/issues/5624">#5624</a>,
<a
href="https://redirect.github.com/pallets/flask/issues/5633">#5633</a></li>
<li>Provide a configuration option to control automatic option
responses. <a
href="https://redirect.github.com/pallets/flask/issues/5496">#5496</a></li>

<li><code>Flask.open_resource</code>/<code>open_instance_resource</code>
and <code>Blueprint.open_resource</code> take an <code>encoding</code>
parameter to use when opening in text mode. It defaults to
<code>utf-8</code>. <a
href="https://redirect.github.com/pallets/flask/issues/5504">#5504</a></li>
<li><code>Request.max_content_length</code> can be customized
per-request instead of only through the <code>MAX_CONTENT_LENGTH</code>
config. Added <code>MAX_FORM_MEMORY_SIZE</code> and
<code>MAX_FORM_PARTS</code> config. Added documentation about resource
limits to the security page. <a
href="https://redirect.github.com/pallets/flask/issues/5625">#5625</a></li>
<li>Add support for the <code>Partitioned</code> cookie attribute
(CHIPS), with the <code>SESSION_COOKIE_PARTITIONED</code> config. <a
href="https://redirect.github.com/pallets/flask/issues/5472">#5472</a></li>
<li><code>-e path</code> takes precedence over default <code>.env</code>
and <code>.flaskenv</code> files. <code>load_dotenv</code> loads default
files in addition to a path unless <code>load_defaults=False</code> is
passed. <a
href="https://redirect.github.com/pallets/flask/issues/5628">#5628</a></li>
<li>Support key rotation with the <code>SECRET_KEY_FALLBACKS</code>
config, a list of old secret keys that can still be used for unsigning.
Extensions will need to add support. <a
href="https://redirect.github.com/pallets/flask/issues/5621">#5621</a></li>
<li>Fix how setting <code>host_matching=True</code> or
<code>subdomain_matching=False</code> interacts with
<code>SERVER_NAME</code>. Setting <code>SERVER_NAME</code> no longer
restricts requests to only that domain. <a
href="https://redirect.github.com/pallets/flask/issues/5553">#5553</a></li>
<li><code>Request.trusted_hosts</code> is checked during routing, and
can be set through the <code>TRUSTED_HOSTS</code> config. <a
href="https://redirect.github.com/pallets/flask/issues/5636">#5636</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/blob/main/CHANGES.rst">flask's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.3</h2>
<p>Released 2026-02-18</p>
<ul>
<li>The session is marked as accessed for operations that only access
the keys
but not the values, such as <code>in</code> and <code>len</code>.
:ghsa:<code>68rp-wp8r-4726</code></li>
</ul>
<h2>Version 3.1.2</h2>
<p>Released 2025-08-19</p>
<ul>
<li><code>stream_with_context</code> does not fail inside async views.
:issue:<code>5774</code></li>
<li>When using <code>follow_redirects</code> in the test client, the
final state
of <code>session</code> is correct. :issue:<code>5786</code></li>
<li>Relax type hint for passing bytes IO to <code>send_file</code>.
:issue:<code>5776</code></li>
</ul>
<h2>Version 3.1.1</h2>
<p>Released 2025-05-13</p>
<ul>
<li>Fix signing key selection order when key rotation is enabled via
<code>SECRET_KEY_FALLBACKS</code>.
:ghsa:<code>4grg-w6v8-c28g</code></li>
<li>Fix type hint for <code>cli_runner.invoke</code>.
:issue:<code>5645</code></li>
<li><code>flask --help</code> loads the app and plugins first to make
sure all commands
are shown. :issue:<code>5673</code></li>
<li>Mark sans-io base class as being able to handle views that return
<code>AsyncIterable</code>. This is not accurate for Flask, but makes
typing easier
for Quart. :pr:<code>5659</code></li>
</ul>
<h2>Version 3.1.0</h2>
<p>Released 2024-11-13</p>
<ul>
<li>Drop support for Python 3.8. :pr:<code>5623</code></li>
<li>Update minimum dependency versions to latest feature releases.
Werkzeug &gt;= 3.1, ItsDangerous &gt;= 2.2, Blinker &gt;= 1.9.
:pr:<code>5624,5633</code></li>
<li>Provide a configuration option to control automatic option
responses. :pr:<code>5496</code></li>

<li><code>Flask.open_resource</code>/<code>open_instance_resource</code>
and
<code>Blueprint.open_resource</code> take an <code>encoding</code>
parameter to use when
opening in text mode. It defaults to <code>utf-8</code>.
:issue:<code>5504</code></li>
<li><code>Request.max_content_length</code> can be customized
per-request instead of only
through the <code>MAX_CONTENT_LENGTH</code> config. Added</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65"><code>22d9247</code></a>
release version 3.1.3</li>
<li><a
href="https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4"><code>089cb86</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa"><code>c17f379</code></a>
request context tracks session access</li>
<li><a
href="https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602"><code>27be933</code></a>
start version 3.1.3</li>
<li><a
href="https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d"><code>4e652d3</code></a>
Abort if the instance folder cannot be created (<a
href="https://redirect.github.com/pallets/flask/issues/5903">#5903</a>)</li>
<li><a
href="https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a"><code>3d03098</code></a>
Abort if the instance folder cannot be created</li>
<li><a
href="https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4"><code>407eb76</code></a>
document using gevent for async (<a
href="https://redirect.github.com/pallets/flask/issues/5900">#5900</a>)</li>
<li><a
href="https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60"><code>ac5664d</code></a>
document using gevent for async</li>
<li><a
href="https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3"><code>4f79d5b</code></a>
Increase required flit_core version to 3.11 (<a
href="https://redirect.github.com/pallets/flask/issues/5865">#5865</a>)</li>
<li><a
href="https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f"><code>fe3b215</code></a>
Increase required flit_core version to 3.11</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/flask/compare/3.0.3...3.1.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=flask&package-manager=pip&previous-version=3.0.3&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/NHSDigital/validated-relationships-service-api/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Knapp <tomknapp@users.noreply.github.com>

v1.0.541-alpha

pip (deps-dev): bump the python-dependencies group across 1 directory…