From 37b7a2ce280aa12d19ac6689b6a7af6e56b94e4a Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Thu, 16 Apr 2026 18:52:27 +0000
Subject: [PATCH] bump dev container version

---
 .devcontainer/devcontainer.json    | 2 +-
 .github/workflows/ci.yml           | 2 +-
 .github/workflows/pull_request.yml | 2 +-
 .github/workflows/release.yml      | 2 +-
 zizmor.yml                         | 6 +++---
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index f6fd2e7e9f..a6ae8833c2 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -6,7 +6,7 @@
     "args": {
       "DOCKER_GID": "${env:DOCKER_GID:}",
       "IMAGE_NAME": "node_24_python_3_12",
-      "IMAGE_VERSION": "v1.4.4",
+      "IMAGE_VERSION": "v1.4.8",
       "USER_UID": "${localEnv:USER_ID:}",
       "USER_GID": "${localEnv:GROUP_ID:}"
     },
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 527d56b536..b4891d5347 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,7 +17,7 @@ jobs:
       verify_published_from_main_image: true
 
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc
     needs: [get_config_values]
     permissions:
       contents: read
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 5dc6e7f020..60bedee2d0 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -27,7 +27,7 @@ jobs:
       verify_published_from_main_image: false
 
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc
     needs: [get_config_values]
     permissions:
       contents: read
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a8be96377c..184e3c547f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
     with:
       verify_published_from_main_image: true
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc
     needs: [get_config_values]
     permissions:
       contents: read
diff --git a/zizmor.yml b/zizmor.yml
index 6659946d6b..a77627f532 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -2,9 +2,9 @@ rules:
   unpinned-images:
     # these workflows use unpinned images because they are using a full image passed in that contains the tag
     ignore:
-      - run_release_code_and_api.yml:146:7
-      - run_regression_tests.yml:26:7
-      - run_package_code_and_api.yml:16:7
+      - run_release_code_and_api.yml:146:18
+      - run_regression_tests.yml:26:18
+      - run_package_code_and_api.yml:16:18
   secrets-outside-env:
     # these are ignored because they are using known secrets
     ignore: