Upgrade: [dependabot] - bump NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml from 6.0.2 to 6.0.6 (#2982)

dependabot[bot] · anthony-nhs · web-flow · commit c64d5d0b30b3 · 2026-04-18T12:38:45.000Z
Bumps [NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml](https://github.com/nhsdigital/eps-common-workflows) from 6.0.2 to 6.0.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nhsdigital/eps-common-workflows/releases">NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml's releases</a>.</em></p> <blockquote> <h2>v6.0.6</h2> <h2><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v6.0.5...v6.0.6">6.0.6</a> (2026-04-09)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump <code>@​aws-sdk/client-cloudformation</code> from 3.1018.0 to 3.1023.0 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/135">#135</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/e798d5aee897de6f7dc387dd5623fcd9ba4c8929">e798d5a</a>)</li> <li>[dependabot] - bump <code>@​aws-sdk/client-lambda</code> from 3.1018.0 to 3.1023.0 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/134">#134</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/169099a86cdc251e3c3649f1c0c54a5fd3432462">169099a</a>)</li> </ul> <h2>v6.0.5</h2> <h2><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v6.0.4...v6.0.5">6.0.5</a> (2026-04-09)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump requests from 2.33.0 to 2.33.1 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/133">#133</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/fada4bbad10bd1b75fceddbbc1c4175be00cea22">fada4bb</a>)</li> </ul> <h2>v6.0.4</h2> <h2><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v6.0.3...v6.0.4">6.0.4</a> (2026-04-09)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump docker/login-action from 4.0.0 to 4.1.0 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/130">#130</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/c5b887f5cc001c74cd6e139ffd73dd62750ef78c">c5b887f</a>)</li> <li>[dependabot] - bump NHSDigital/eps-copilot-instructions from 1.0.2 to 1.0.4 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/129">#129</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/e115e0082a2dc3d18e1ea67d3d9ce5b256ef58fa">e115e00</a>)</li> <li>[dependabot] - bump SonarSource/sonarqube-scan-action from 7.0.0 to 7.1.0 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/132">#132</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/ee2703fdd61cacfe6b8ad0c93ada3c19009c8531">ee2703f</a>)</li> </ul> <h2>v6.0.3</h2> <h2><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v6.0.2...v6.0.3">6.0.3</a> (2026-04-09)</h2> <h3>Fix</h3> <ul> <li>[AEA-0000] - Adds contents read to get_docker_images_to_scan to handle internal repos (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/128">#128</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/a194fd027617b4a45b42527af521746223874209">a194fd0</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/e798d5aee897de6f7dc387dd5623fcd9ba4c8929"><code>e798d5a</code></a> Upgrade: [dependabot] - bump <code>@​aws-sdk/client-cloudformation</code> from 3.1018.0 to ...</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/169099a86cdc251e3c3649f1c0c54a5fd3432462"><code>169099a</code></a> Upgrade: [dependabot] - bump <code>@​aws-sdk/client-lambda</code> from 3.1018.0 to 3.1023.0...</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/fada4bbad10bd1b75fceddbbc1c4175be00cea22"><code>fada4bb</code></a> Upgrade: [dependabot] - bump requests from 2.33.0 to 2.33.1 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/133">#133</a>)</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/ee2703fdd61cacfe6b8ad0c93ada3c19009c8531"><code>ee2703f</code></a> Upgrade: [dependabot] - bump SonarSource/sonarqube-scan-action from 7.0.0 to ...</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/c5b887f5cc001c74cd6e139ffd73dd62750ef78c"><code>c5b887f</code></a> Upgrade: [dependabot] - bump docker/login-action from 4.0.0 to 4.1.0 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/130">#130</a>)</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/e115e0082a2dc3d18e1ea67d3d9ce5b256ef58fa"><code>e115e00</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-copilot-instructions from 1.0.2 t...</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/a194fd027617b4a45b42527af521746223874209"><code>a194fd0</code></a> Fix: [AEA-0000] - Adds contents read to get_docker_images_to_scan to handle i...</li> <li>See full diff in <a href="https://github.com/nhsdigital/eps-common-workflows/compare/c8f899f30a6a726859b0277faa73cd9ff7f4de20...e798d5aee897de6f7dc387dd5623fcd9ba4c8929">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml&package-manager=github_actions&previous-version=6.0.2&new-version=6.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Brown <anthony.brown8@nhs.net>
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -9,7 +9,7 @@ permissions: {}
 jobs:
   dependabot-auto-approve-and-merge:
     needs: quality_checks
-    uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
+    uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929
     permissions:
       contents: write
       pull-requests: write
diff --git a/.grype.yaml b/.grype.yaml
@@ -1,3 +1,5 @@
 ignore:
   # path-to-regexp - dependency of aws-sdk-client-mock
   - vulnerability: GHSA-j3q9-mxjg-w52f
+  # protobufjs - dependency of @redocly/cli
+  - vulnerability: GHSA-xq3m-2v4x-88gg
