Merge pull request #3010 from guardian/mm/migrate-csrf

CSRF | Remove deprecated `csurf` libary and replace with simple implementation

cypress/integration/mocked/change_password.3.cy.ts

@@ -85,7 +85,7 @@ describe('Password change flow', () => {
 				url: 'https://api.pwnedpasswords.com/range/*',
 			}).as('breachCheck');
 			cy.visit(`/reset-password/fake_token`);
-			cy.clearCookie('_csrf');
+			cy.clearCookie('__Host-_csrf');
 			cy.get('input[name="password"]').type('thisisalongandunbreachedpassword');
 			cy.wait('@breachCheck');
 			cy.get('button[type="submit"]').click();

cypress/integration/mocked/registerController.1.cy.ts

@@ -122,7 +122,7 @@ userStatuses.forEach((status) => {
 							verifyInRegularEmailSentPage();
 						},
 					);
-					specify.only(
+					specify(
 						"Then I should be shown the 'Check your inbox' page for social user",
 						() => {
 							baseIdxPasscodeRegistrationMocks();

package.json

@@ -63,9 +63,9 @@
 		"@testing-library/react-hooks": "npm:@testing-library/preact-hooks",
 		"@types/compression": "^1.7.5",
 		"@types/cookie-parser": "^1.4.8",
-		"@types/csurf": "^1.11.5",
 		"@types/eslint__js": "^8.42.3",
 		"@types/express": "^4.17.21",
+		"@types/http-errors": "^2.0.4",
 		"@types/ioredis-mock": "^8.2.5",
 		"@types/jest": "^29.5.14",
 		"@types/mjml": "^4.7.4",
@@ -135,10 +135,10 @@
 		"bowser": "^2.11.0",
 		"compression": "^1.7.5",
 		"cookie-parser": "^1.4.7",
-		"csurf": "^1.11.0",
 		"deepmerge": "^4.3.1",
 		"express": "^4.21.2",
 		"helmet": "^8.0.0",
+		"http-errors": "^2.0.0",
 		"ioredis": "^5.4.1",
 		"mjml": "^4.15.3",
 		"mjml-browser": "^4.15.3",