Tags: NHSDigital/eps-FHIR-validator-lambda
Tags
Upgrade: [dependabot] - bump requests from 2.32.5 to 2.33.0 in the pi… …p group across 1 directory (#488) Bumps the pip group with 1 update in the / directory: [requests](https://github.com/psf/requests). Updates `requests` from 2.32.5 to 2.33.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.33.0</h2> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/M0d3v1"><code>@M0d3v1</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6865">psf/requests#6865</a></li> <li><a href="https://github.com/aminvakil"><code>@aminvakil</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7220">psf/requests#7220</a></li> <li><a href="https://github.com/E8Price"><code>@E8Price</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6960">psf/requests#6960</a></li> <li><a href="https://github.com/mitre88"><code>@mitre88</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7244">psf/requests#7244</a></li> <li><a href="https://github.com/magsen"><code>@magsen</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6553">psf/requests#6553</a></li> <li><a href="https://github.com/Rohan5commit"><code>@Rohan5commit</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/7227">psf/requests#7227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25">https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.33.0 (2026-03-25)</h2> <p><strong>Announcements</strong></p> <ul> <li>📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at <a href="https://redirect.github.com/psf/requests/issues/7271">#7271</a>. Give it a try, and report any gaps or feedback you may have in the issue. 📣</li> </ul> <p><strong>Security</strong></p> <ul> <li>CVE-2026-25645 <code>requests.utils.extract_zipped_paths</code> now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.</li> </ul> <p><strong>Improvements</strong></p> <ul> <li>Migrated to a PEP 517 build system using setuptools. (<a href="https://redirect.github.com/psf/requests/issues/7012">#7012</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (<a href="https://redirect.github.com/psf/requests/issues/7205">#7205</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Dropped support for Python 3.9 following its end of support. (<a href="https://redirect.github.com/psf/requests/issues/7196">#7196</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761"><code>bc04dfd</code></a> v2.33.0</li> <li><a href="https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7"><code>66d21cb</code></a> Merge commit from fork</li> <li><a href="https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028"><code>8b9bc8f</code></a> Move badges to top of README (<a href="https://redirect.github.com/psf/requests/issues/7293">#7293</a>)</li> <li><a href="https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286"><code>e331a28</code></a> Remove unused extraction call (<a href="https://redirect.github.com/psf/requests/issues/7292">#7292</a>)</li> <li><a href="https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29"><code>753fd08</code></a> docs: fix FAQ grammar in httplib2 example</li> <li><a href="https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71"><code>774a0b8</code></a> docs(socks): same block as other sections</li> <li><a href="https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303"><code>9c72a41</code></a> Bump github/codeql-action from 4.33.0 to 4.34.1</li> <li><a href="https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be"><code>ebf7190</code></a> Bump github/codeql-action from 4.32.0 to 4.33.0</li> <li><a href="https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798"><code>0e4ae38</code></a> docs: exclude Response.is_permanent_redirect from API docs (<a href="https://redirect.github.com/psf/requests/issues/7244">#7244</a>)</li> <li><a href="https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a"><code>d568f47</code></a> docs: clarify Quickstart POST example (<a href="https://redirect.github.com/psf/requests/issues/6960">#6960</a>)</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.32.5...v2.33.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Chore: [AEA-0000] - trivy ignore fasterxml-core (#459) ## Summary - 🤖 Operational or Infrastructure Change ### Details Add GHSA-72hv-8253-57qq to the Trivy ignore list Note that there are 2 dependabots seeking to upgrade this fasterxml, but the patched version of fasterxml-core (2.21.1) does not have a matching fasterxml-annotations. Retaining fasterxml-annotations at the existing version gives unit test failures. Co-authored-by: Connor Avery <connor.avery2@nhs.net>
Upgrade: [dependabot] - bump org.junit:junit-bom from 6.0.2 to 6.0.3 (#… …445) Bumps [org.junit:junit-bom](https://github.com/junit-team/junit-framework) from 6.0.2 to 6.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/junit-team/junit-framework/releases">org.junit:junit-bom's releases</a>.</em></p> <blockquote> <p>JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3</p> <p>See <a href="https://docs.junit.org/6.0.3/release-notes.html">Release Notes</a>.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/junit-team/junit-framework/compare/r6.0.2...r6.0.3">https://github.com/junit-team/junit-framework/compare/r6.0.2...r6.0.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/junit-team/junit-framework/commit/36e3253b726fa13cb9a1d29e94b9119575078c4a"><code>36e3253</code></a> Release 6.0.3</li> <li><a href="https://github.com/junit-team/junit-framework/commit/295561f38592f1682feceb64d361987da1d0fc9b"><code>295561f</code></a> Finalize 6.0.3 release notes</li> <li><a href="https://github.com/junit-team/junit-framework/commit/ea18076da11599c1467929bf75bc260e13c611b9"><code>ea18076</code></a> Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (<a href="https://redirect.github.com/junit-team/junit-framework/issues/5348">#5348</a>)</li> <li><a href="https://github.com/junit-team/junit-framework/commit/869e232420f1c1c64ab9be29609fe3e241c3675e"><code>869e232</code></a> Add 5.14.3 release notes</li> <li><a href="https://github.com/junit-team/junit-framework/commit/d4b34c468ddb697ff3fe4096b3d67c28751ddab2"><code>d4b34c4</code></a> Fix links to User Guide</li> <li><a href="https://github.com/junit-team/junit-framework/commit/5c8fb0f2151fc277c3a0de7c3237d05c919439bb"><code>5c8fb0f</code></a> Reliably support JRE.OTHER with @EnabledOnJre and @DisabledOnJre</li> <li><a href="https://github.com/junit-team/junit-framework/commit/febb13f70272a243742ea63d0f85535f7c51a67c"><code>febb13f</code></a> Check out entire repo so switching to <code>main</code> branch works in last step</li> <li><a href="https://github.com/junit-team/junit-framework/commit/71fba9098655387c82d8ddbf137442bcb1fa56a0"><code>71fba90</code></a> Install <code>poppler-utils</code> for <code>pdfinfo</code></li> <li><a href="https://github.com/junit-team/junit-framework/commit/740e9e050964c66da7cb5386f89a450985d51941"><code>740e9e0</code></a> Update API baseline</li> <li><a href="https://github.com/junit-team/junit-framework/commit/2ba535f0c108ef5f8252578ee4c70547ff10d752"><code>2ba535f</code></a> Use release branch of examples repo</li> <li>Additional commits viewable in <a href="https://github.com/junit-team/junit-framework/compare/r6.0.2...r6.0.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com>
Upgrade: [dependabot] - bump NHSDigital/eps-common-workflows/.github/… …workflows/quality-checks.yml from 5.3.12 to 5.4.1 (#440) Bumps [NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml](https://github.com/nhsdigital/eps-common-workflows) from 5.3.12 to 5.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nhsdigital/eps-common-workflows/releases">NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml's releases</a>.</em></p> <blockquote> <h2>v5.4.1</h2> <h2><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.4.0...v5.4.1">5.4.1</a> (2026-02-12)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump <code>@semantic-release/github</code> from 12.0.3 to 12.0.5 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/64">#64</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/997a1946c83bb2a9eda418847ed640738af949ff">997a194</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/21958646435">Release workflow run</a> - Workflow ID: 21958646435</p> <p>It was initialized by <a href="https://github.com/apps/eps-autoapprove-dependabot">eps-autoapprove-dependabot[bot]</a></p> <h2>v5.4.0</h2> <h1><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.3.12...v5.4.0">5.4.0</a> (2026-02-12)</h1> <h3>New</h3> <ul> <li>[AEA-6028] - Updated actionlint to allow for yaml anchors (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/63">#63</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/ae3d6b307b3174b5724a31f63776ce4159639d20">ae3d6b3</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/21942413870">Release workflow run</a> - Workflow ID: 21942413870</p> <p>It was initialized by <a href="https://github.com/anthony-nhs">anthony-nhs</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/997a1946c83bb2a9eda418847ed640738af949ff"><code>997a194</code></a> Upgrade: [dependabot] - bump <code>@semantic-release/github</code> from 12.0.3 to 12.0.5 (...</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/ae3d6b307b3174b5724a31f63776ce4159639d20"><code>ae3d6b3</code></a> New: [AEA-6028] - Updated actionlint to allow for yaml anchors (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/63">#63</a>)</li> <li>See full diff in <a href="https://github.com/nhsdigital/eps-common-workflows/compare/5ccebbf821beef2de6abdce9e392b3cbeb4999e3...997a1946c83bb2a9eda418847ed640738af949ff">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Upgrade: [dependabot] - bump org.apache.maven.plugins:maven-compiler-… …plugin from 3.14.1 to 3.15.0 (#428) Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.14.1 to 3.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/maven-compiler-plugin/releases">org.apache.maven.plugins:maven-compiler-plugin's releases</a>.</em></p> <blockquote> <h2>3.15.0</h2> <!-- raw HTML omitted --> <h2>🐛 Bug Fixes</h2> <ul> <li>Fix Java 25 compatibility during integration tests (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1020">#1020</a>) <a href="https://github.com/desruisseaux"><code>@desruisseaux</code></a></li> <li><a href="https://issues.apache.org/jira/browse/MCOMPILER-540">[MCOMPILER-540]</a> - useIncrementalCompilation=false may add generated sources to the sources list (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/192">#192</a>) <a href="https://github.com/mensinda"><code>@mensinda</code></a></li> </ul> <h2>👻 Maintenance</h2> <ul> <li>Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1015">#1015</a>) <a href="https://github.com/slachiewicz"><code>@slachiewicz</code></a></li> <li>Remove declaration of "plexus-snapshots" repository (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1010">#1010</a>) <a href="https://github.com/desruisseaux"><code>@desruisseaux</code></a></li> <li>Works only with Maven 4.0.0 rc4 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/996">#996</a>) <a href="https://github.com/slachiewicz"><code>@slachiewicz</code></a></li> <li>Enable Java 25 and Maven 4 in CI (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/975">#975</a>) <a href="https://github.com/slachiewicz"><code>@slachiewicz</code></a></li> </ul> <h2>📦 Dependency updates</h2> <ul> <li>Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1016">#1016</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1021">#1021</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1019">#1019</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1008">#1008</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.ow2.asm:asm from 9.9 to 9.9.1 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1005">#1005</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump mavenVersion from 3.9.11 to 3.9.12 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1007">#1007</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump maven-plugin-testing-harness to 3.4.0 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/1001">#1001</a>) <a href="https://github.com/slawekjaranowski"><code>@slawekjaranowski</code></a></li> <li>Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/999">#999</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/993">#993</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/992">#992</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> <li>Bump org.ow2.asm:asm from 9.8 to 9.9 (<a href="https://redirect.github.com/apache/maven-compiler-plugin/pull/981">#981</a>) @<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/9290cb337f199673e02b6beac0fba37d8066d72c"><code>9290cb3</code></a> [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/3657d40307e88d760e00bce785ad9ec70db33f95"><code>3657d40</code></a> Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/7bbf805c330756ea2f79c467657e42b0d27503e2"><code>7bbf805</code></a> Bump plexusCompilerVersion from 2.16.1 to 2.16.2</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/57fa93829b58ea293e978d1233c2f4b3cda83c17"><code>57fa938</code></a> Bump org.apache.maven.plugins:maven-plugins from 46 to 47</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/385e3f2809802c6908a36e8c17ef35ed7c869168"><code>385e3f2</code></a> Fix Java 25 compatibility during integration tests (<a href="https://redirect.github.com/apache/maven-compiler-plugin/issues/1020">#1020</a>)</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/6b34423a7f1ad7db000fc5d64aa54052d5d88aa2"><code>6b34423</code></a> Bump org.apache.maven.plugins:maven-plugins from 45 to 46</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/aaeb9c6079c6ed012d71e660465d99ee1806a12b"><code>aaeb9c6</code></a> [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/6e3db9d2c13c7309f12e9dadc8eac985b4426554"><code>6e3db9d</code></a> Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/0fe9b843f9065fc40eebfddc7f5e0a479cc76c6d"><code>0fe9b84</code></a> Remove declaration of "plexus-snapshots" repository (<a href="https://redirect.github.com/apache/maven-compiler-plugin/issues/1010">#1010</a>)</li> <li><a href="https://github.com/apache/maven-compiler-plugin/commit/35f68008c4025f7b7eb669303d315197b03cd5b4"><code>35f6800</code></a> Bump org.ow2.asm:asm from 9.9 to 9.9.1</li> <li>Additional commits viewable in <a href="https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.14.1...maven-compiler-plugin-3.15.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com>
Upgrade: [dependabot] - bump actions/cache from 5.0.2 to 5.0.3 (#425) Bumps [actions/cache](https://github.com/actions/cache) from 5.0.2 to 5.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.3</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.3">https://github.com/actions/cache/compare/v5...v5.0.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h2>How to prepare a release</h2> <blockquote> <p>[!NOTE]<br /> Relevant for maintainers with write access only.</p> </blockquote> <ol> <li>Switch to a new branch from <code>main</code>.</li> <li>Run <code>npm test</code> to ensure all tests are passing.</li> <li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li> <li>Run <code>npm run build</code> to update the compiled files.</li> <li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li> <li>Run <code>licensed cache</code> to update the license report.</li> <li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li> <li>Commit your changes and push your branch upstream.</li> <li>Open a pull request against <code>main</code> and get it reviewed and merged.</li> <li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code> <ol> <li>Create a new tag with the version number.</li> <li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li> <li>Toggle the set as the latest release option.</li> <li>Publish the release.</li> </ol> </li> <li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a> <ol> <li>There should be a workflow run queued with the same version number.</li> <li>Approve the run to publish the new version and update the major tags for this action.</li> </ol> </li> </ol> <h2>Changelog</h2> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306"><code>cdf6c1f</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1695">#1695</a> from actions/Link-/prepare-5.0.3</li> <li><a href="https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d"><code>a1bee22</code></a> Add review for the <code>@actions/http-client</code> license</li> <li><a href="https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f"><code>4695763</code></a> Add licensed output</li> <li><a href="https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502"><code>dc73bb9</code></a> Upgrade dependencies and address security warnings</li> <li><a href="https://github.com/actions/cache/commit/345d5c2f761565bace4b6da356737147e9041e3a"><code>345d5c2</code></a> Add 5.0.3 builds</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/8b402f58fbc84540c8b491a91e594a4576fec3d7...cdf6c1fa76f9f475f3d7449005a359c84ca0f306">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Upgrade: [dependabot] - bump io.github.hakky54:logcaptor from 2.12.0 … …to 2.12.2 (#400) Bumps [io.github.hakky54:logcaptor](https://github.com/Hakky54/log-captor) from 2.12.0 to 2.12.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Hakky54/log-captor/blob/master/CHANGELOG.MD">io.github.hakky54:logcaptor's changelog</a>.</em></p> <blockquote> <h3>v2.12.2</h3> <ul> <li>Improve disabling console output</li> <li>Renamed module name</li> <li>Bumped dependencies</li> </ul> <h3>v2.12.1</h3> <ul> <li>Corrected module-info file</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Hakky54/log-captor/commit/3cab4611aef39e5239fb7fc869ddd7fbca1bc2be"><code>3cab461</code></a> [maven-release-plugin] prepare release v2.12.2</li> <li><a href="https://github.com/Hakky54/log-captor/commit/71e11263edc0e493f170b5626c32fccda1be230f"><code>71e1126</code></a> Updated docs</li> <li><a href="https://github.com/Hakky54/log-captor/commit/89ce919e65840f476662a380c4d61f8f5c3bbe6f"><code>89ce919</code></a> Properly disable and enable console output (<a href="https://redirect.github.com/Hakky54/log-captor/issues/209">#209</a>)</li> <li><a href="https://github.com/Hakky54/log-captor/commit/f09167199e5ec2faa995313f008df7022085e3c3"><code>f091671</code></a> Change dependabot schedule to monthly</li> <li><a href="https://github.com/Hakky54/log-captor/commit/0d33142c68741c0ca16179f22ec43763a571dfb1"><code>0d33142</code></a> Reformatted sonar secret</li> <li><a href="https://github.com/Hakky54/log-captor/commit/fb7269cfe017f450515fc1384c61e8f08de5cef8"><code>fb7269c</code></a> Reformatted sonar secret</li> <li><a href="https://github.com/Hakky54/log-captor/commit/4a4001b6ead7a48bd2f4a31a744d303aad245eea"><code>4a4001b</code></a> Fixed quality scan runner</li> <li><a href="https://github.com/Hakky54/log-captor/commit/af50ab820c91d7d8a836e8067859f1a258c73f76"><code>af50ab8</code></a> Bump version.log4j from 2.25.2 to 2.25.3 (<a href="https://redirect.github.com/Hakky54/log-captor/issues/207">#207</a>)</li> <li><a href="https://github.com/Hakky54/log-captor/commit/0529417fd9d5bd7c89a1d194cff9528a882c165a"><code>0529417</code></a> Bump net.bytebuddy:byte-buddy from 1.18.2 to 1.18.3 (<a href="https://redirect.github.com/Hakky54/log-captor/issues/206">#206</a>)</li> <li><a href="https://github.com/Hakky54/log-captor/commit/ba8b65b4c5972e3f9dcbe96e2aeac7753d1c15c9"><code>ba8b65b</code></a> Bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1 (<a href="https://redirect.github.com/Hakky54/log-captor/issues/205">#205</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Hakky54/log-captor/compare/v2.12.0...v2.12.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com>
Upgrade: [dependabot] - bump NHSDigital/eps-common-workflows/.github/… …workflows/tag-release.yml from 5.2.12 to 5.3.1 (#399) Bumps [NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml](https://github.com/nhsdigital/eps-common-workflows) from 5.2.12 to 5.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nhsdigital/eps-common-workflows/releases">NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml's releases</a>.</em></p> <blockquote> <h2>v5.3.1</h2> <h2><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.3.0...v5.3.1">5.3.1</a> (2026-01-16)</h2> <h3>Fix</h3> <ul> <li>[AEA-0000] - install asdf on iac check (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/48">#48</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/a2edde3fb0e9816a25a5ba4923b4d509db83f552">a2edde3</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-common-workflows/compare/b796becae6fe...a2edde3fb0e9">See code diff</a> <a href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/21074961877">Release workflow run</a> - Workflow ID: 21074961877</p> <p>It was initialized by <a href="https://github.com/anthony-nhs">anthony-nhs</a></p> <h2>v5.3.0</h2> <h1><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.2.14...v5.3.0">5.3.0</a> (2026-01-15)</h1> <h3>New</h3> <ul> <li>[AEA-6028] - Added option for publishing sub-packages (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/46">#46</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/b796becae6fece7d8d093e0aa976a05d3a5e5dbe">b796bec</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-common-workflows/compare/e5c6c80d4acb...b796becae6fe">See code diff</a> <a href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/21035383276">Release workflow run</a> - Workflow ID: 21035383276</p> <p>It was initialized by <a href="https://github.com/MatthewPopat-NHS">MatthewPopat-NHS</a></p> <h2>v5.2.14</h2> <h2><a href="https://github.com/NHSDigital/eps-common-workflows/compare/v5.2.13...v5.2.14">5.2.14</a> (2026-01-13)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump filelock from 3.20.1 to 3.20.3 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/45">#45</a>) (<a href="https://github.com/NHSDigital/eps-common-workflows/commit/e5c6c80d4acb09603dab4a0c8c69889d6e117f8e">e5c6c80</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-common-workflows/compare/d8d51745e7ff...e5c6c80d4acb">See code diff</a> <a href="https://github.com/NHSDigital/eps-common-workflows/actions/runs/20971142098">Release workflow run</a> - Workflow ID: 20971142098</p> <p>It was initialized by <a href="https://github.com/apps/eps-autoapprove-dependabot">eps-autoapprove-dependabot[bot]</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/a2edde3fb0e9816a25a5ba4923b4d509db83f552"><code>a2edde3</code></a> Fix: [AEA-0000] - install asdf on iac check (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/48">#48</a>)</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/b796becae6fece7d8d093e0aa976a05d3a5e5dbe"><code>b796bec</code></a> New: [AEA-6028] - Added option for publishing sub-packages (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/46">#46</a>)</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/e5c6c80d4acb09603dab4a0c8c69889d6e117f8e"><code>e5c6c80</code></a> Upgrade: [dependabot] - bump filelock from 3.20.1 to 3.20.3 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/45">#45</a>)</li> <li><a href="https://github.com/NHSDigital/eps-common-workflows/commit/d8d51745e7ffe610be80d3d594964576f69032d9"><code>d8d5174</code></a> Upgrade: [dependabot] - bump virtualenv from 20.35.3 to 20.36.1 (<a href="https://redirect.github.com/nhsdigital/eps-common-workflows/issues/44">#44</a>)</li> <li>See full diff in <a href="https://github.com/nhsdigital/eps-common-workflows/compare/9791a77de7b005056b4ddfb9789306f5179f53da...a2edde3fb0e9816a25a5ba4923b4d509db83f552">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com> Co-authored-by: Anthony Brown <anthony.brown8@nhs.net>
PreviousNext