NHSDigital · davidhallam4-nhs · Aug 5, 2025 · Jul 30, 2025 · Jul 30, 2025 · Aug 1, 2025
diff --git a/.github/workflows/merge-develop.yml b/.github/workflows/merge-develop.yml
@@ -18,12 +18,12 @@ jobs:
       - name: setup python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.8"
+          python-version-file: 'pyproject.toml'
 
       - name: setup poetry
         uses: abatilo/actions-poetry@v3
         with:
-          poetry-version: 1.8.3
+          poetry-version: 2.1.3
 
       - name: add poetry plugins
         run: |
@@ -34,7 +34,7 @@ jobs:
         with:
           path: |
             .venv
-          key: ${{ runner.os }}-v3-poetry-py3.8-${{ hashFiles('./poetry.lock') }}
+          key: ${{ runner.os }}-v3-poetry-py${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('./poetry.lock') }}
 
       - name: git reset
         run: git reset --hard
@@ -66,7 +66,7 @@ jobs:
       - name: provision sonar-scanner
         if: github.actor != 'dependabot[bot]' && (success() || failure())
         run: |
-          export SONAR_VERSION="4.7.0.2747"
+          export SONAR_VERSION="5.0.1.3006"
           wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
           unzip -q ./sonar-scanner.zip
           mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner
@@ -83,7 +83,7 @@ jobs:
 
       - name: publish junit reports
         if: success() || failure()
-        uses: mikepenz/action-junit-report@v4
+        uses: mikepenz/action-junit-report@v5
         with:
           check_name: junit reports
           report_paths: reports/junit/*.xml

diff --git a/.github/workflows/merge-release.yml b/.github/workflows/merge-release.yml
@@ -23,12 +23,12 @@ jobs:
       - name: setup python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.8"
+          python-version-file: 'pyproject.toml'
 
       - name: setup poetry
         uses: abatilo/actions-poetry@v3
         with:
-          poetry-version: 1.8.3
+          poetry-version: 2.1.3
 
       - name: add poetry plugins
         run: |

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -9,7 +9,7 @@ jobs:
   tox:
     strategy:
       matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
 
     runs-on: ubuntu-latest
     if: github.repository == 'NHSDigital/mesh-client'
@@ -95,12 +95,12 @@ jobs:
       - name: setup python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.8"
+          python-version-file: 'pyproject.toml'
 
       - name: setup poetry
         uses: abatilo/actions-poetry@v3
         with:
-          poetry-version: 1.8.3
+          poetry-version: 2.1.3
 
       - name: add poetry plugins
         run: |
@@ -111,7 +111,7 @@ jobs:
         with:
           path: |
             .venv
-          key: ${{ runner.os }}-v3-poetry-py3.8-${{ hashFiles('./poetry.lock') }}
+          key: ${{ runner.os }}-v3-poetry-py${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('./poetry.lock') }}
 
       - name: git reset
         run: git reset --hard
@@ -146,7 +146,7 @@ jobs:
       - name: provision sonar-scanner
         if: github.actor != 'dependabot[bot]' && (success() || failure())
         run: |
-          export SONAR_VERSION="4.7.0.2747"
+          export SONAR_VERSION="5.0.1.3006"
           wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
           unzip -q ./sonar-scanner.zip
           mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner
@@ -176,7 +176,7 @@ jobs:
 
       - name: publish junit reports
         if: success() || failure()
-        uses: mikepenz/action-junit-report@v4
+        uses: mikepenz/action-junit-report@v5
         with:
           check_name: junit reports
           report_paths: reports/junit/*.xml
@@ -213,12 +213,12 @@ jobs:
       - name: setup python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.8"
+          python-version-file: 'pyproject.toml'
 
       - name: setup poetry
         uses: abatilo/actions-poetry@v3
         with:
-          poetry-version: 1.8.3
+          poetry-version: 2.1.3
 
       - name: add poetry plugins
         run: |
@@ -229,7 +229,7 @@ jobs:
         with:
           path: |
             .venv
-          key: ${{ runner.os }}-v3-poetry-py3.8-${{ hashFiles('./poetry.lock') }}
+          key: ${{ runner.os }}-v3-poetry-py${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('./poetry.lock') }}
 
       - name: git reset
         run: git reset --hard
@@ -298,16 +298,17 @@ jobs:
       - name: setup python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.8"
+          python-version-file: 'pyproject.toml'
 
       - name: setup poetry
         uses: abatilo/actions-poetry@v3
         with:
-          poetry-version: 1.8.3
+          poetry-version: 2.1.3
 
       - name: add poetry plugins
         run: |
           poetry self add "poetry-dynamic-versioning[plugin]"
+          poetry self add poetry-plugin-export
 
       - name: build dist
         run: |

diff --git a/.github/workflows/scheduled-combine-dependabot-prs.yaml b/.github/workflows/scheduled-combine-dependabot-prs.yaml
@@ -25,7 +25,7 @@ jobs:
     steps:
       - name: combine-prs
         id: combine-prs
-        uses: github/combine-prs@v5.0.0
+        uses: github/combine-prs@v5
         with:
           ci_required: ${{ inputs.ci_required == 'YES' }}
           labels: dependencies

@@ -1,2 +1,2 @@
-poetry 1.8.3
-python 3.10.12 3.9.13 3.7.12 3.8.14 3.11.4
+poetry 2.1.3
+python 3.13.5 3.12.11 3.11.13 3.10.18 3.9.23
@@ -102,12 +102,4 @@ You can check for secrets / test patterns at any time though with
 
 ```shell
 make check-secrets-all
-```
-
-## Supporting multiple versions of dependencies
-
-Currently we still support version python 3.7 for the mesh-client but as some packages now have vulnerabilities that are only fixed in higher versions of python we must support multiple versions of the packages. As we use setuptools we have a defined way of doing this in `setup.py` which means packages in the `pyproject.toml` for multiple versions should be defined as a list of dictionaries with the keys of `version` and `markers` as so:
-
-```toml
-requests = [{version = ">=2.26.0", markers = "python_version<'3.8'"},{version = ">=2.32.0", markers = "python_version>='3.8'"}]
-```
+```
@@ -49,10 +49,10 @@ delete-hooks:
 refresh-hooks: delete-hooks .git/hooks/pre-commit .git/hooks/commit-msg
 
 install:
-	poetry install --sync
+	poetry sync
 
 install-ci:
-	poetry install --without local --sync
+	poetry sync --without local
 
 update:
 	poetry update
@@ -75,14 +75,18 @@ ruff-ci:
 
 lint: ruff mypy shellcheck
 
-clean:
+clean: down
 	rm -rf ./dist || true
+	rm -rf ./tox || true
+	rm -rf ./Mesh_Client.egg-info || true
+	rm -rf ./.venv || true
 	rm -rf ./reports || true
 	rm -f .docker.env || true
 	find . -type d -name '.mypy_cache' | xargs rm -rf || true
 	find . -type d -name '.pytest_cache' | xargs rm -rf || true
 	find . -type d -name '__pycache__' | xargs rm -rf || true
 	find . -type f -name '.coverage' | xargs rm -rf || true
+	find tests -type f -name '*.pem' | xargs rm -rf || true
 
 purge: clean
 	rm -rf .venv || true
@@ -93,7 +97,6 @@ black-check:
 black:
 	poetry run black .
 
-
 coverage-cleanup:
 	rm -f .coverage* || true
 
@@ -121,7 +124,7 @@ tox:
 down:
 	docker compose down --remove-orphans || true
 
-up:
+up: create-test-certs-keys
 	docker compose up -d --remove-orphans --build
 
 coverage-ci: coverage-cleanup coverage-ci-test coverage-report
@@ -134,3 +137,6 @@ check-secrets-all:
 
 export-requirements:
 	poetry export --only main -f requirements.txt --output ./requirements.txt
+
+create-test-certs-keys:
+	./scripts/create-test-certs-keys.sh
@@ -1,7 +1,7 @@
 MESH Client
 ===========
 
-A Python client for [NHS Digital's MESH API](https://digital.nhs.uk/developer/api-catalogue/message-exchange-for-social-care-and-health-api).
+A Python client for [NHS England's MESH API](https://digital.nhs.uk/developer/api-catalogue/message-exchange-for-social-care-and-health-api).
 
 Release Notes
 ------------

@@ -1,6 +1,6 @@
 # Security
 
-NHS Digital takes security and the protection of private data extremely
+NHS England takes security and the protection of private data extremely
 seriously. If you believe you have found a vulnerability or other issue which
 has compromised or could compromise the security of any of our systems and/or
 private data managed by our systems, please do not hesitate to contact us using
@@ -25,7 +25,7 @@ Programme, you can report directly to us at: https://hackerone.com/nhs
 
 ### NCSC
 You can send your report to the National Cyber Security Centre, who will assess
-your report and pass it on to NHS Digital if necessary.
+your report and pass it on to NHS England if necessary.
 
 You can report vulnerabilities here:
 https://www.ncsc.gov.uk/information/vulnerability-reporting

@@ -1,10 +1,9 @@
-version: '3.9'
 
 services:
 
   mesh_sandbox:
     build:
-      context: https://github.com/NHSDigital/mesh-sandbox.git#refs/tags/v1.0.13
+      context: https://github.com/NHSDigital/mesh-sandbox.git#refs/tags/v1.0.27
     ports:
       - "8701:443"
     deploy: