From c6e0b51baa5dd2b5e400eb32ee64ff2e0b3b7208 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Apr 2026 20:05:18 +0000
Subject: [PATCH 1/2] Upgrade: [dependabot] - bump
 NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml

Bumps [NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml](https://github.com/nhsdigital/eps-common-workflows) from 6.0.2 to 6.0.6.
- [Release notes](https://github.com/nhsdigital/eps-common-workflows/releases)
- [Changelog](https://github.com/NHSDigital/eps-common-workflows/blob/main/release.config.cjs)
- [Commits](https://github.com/nhsdigital/eps-common-workflows/compare/c8f899f30a6a726859b0277faa73cd9ff7f4de20...e798d5aee897de6f7dc387dd5623fcd9ba4c8929)

---
updated-dependencies:
- dependency-name: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml
  dependency-version: 6.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/pull_request.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 60bedee2d0..3245f759a2 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -9,7 +9,7 @@ permissions: {}
 jobs:
   dependabot-auto-approve-and-merge:
     needs: quality_checks
-    uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
+    uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@e798d5aee897de6f7dc387dd5623fcd9ba4c8929
     permissions:
       contents: write
       pull-requests: write

From 12d2e4d5a3b051a6727e6b2ce6a45b42f1fccd00 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Sat, 18 Apr 2026 12:09:21 +0000
Subject: [PATCH 2/2] update grype

---
 .grype.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.grype.yaml b/.grype.yaml
index d07cef7c42..cd29dc4fe8 100644
--- a/.grype.yaml
+++ b/.grype.yaml
@@ -1,3 +1,5 @@
 ignore:
   # path-to-regexp - dependency of aws-sdk-client-mock
   - vulnerability: GHSA-j3q9-mxjg-w52f
+  # protobufjs - dependency of @redocly/cli
+  - vulnerability: GHSA-xq3m-2v4x-88gg