From a5593947788c55eb5707f72f24ae622af2ed1568 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Mar 2026 18:04:54 +0000
Subject: [PATCH 1/2] Upgrade: [dependabot] - bump
 NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml

Bumps [NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml](https://github.com/nhsdigital/eps-common-workflows) from 5.5.1 to 5.6.3.
- [Release notes](https://github.com/nhsdigital/eps-common-workflows/releases)
- [Changelog](https://github.com/NHSDigital/eps-common-workflows/blob/main/release.config.cjs)
- [Commits](https://github.com/nhsdigital/eps-common-workflows/compare/d215f841eb18b803e339e4ed597ed1f30e086e17...141907b215220e95e3ed3811d0fe8fa18675dbed)

---
updated-dependencies:
- dependency-name: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml
  dependency-version: 5.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/pull_request.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 025dedea..fe2b3827 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -14,7 +14,7 @@ jobs:
       verify_published_from_main_image: false
   dependabot-auto-approve-and-merge:
     needs: quality_checks
-    uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@d215f841eb18b803e339e4ed597ed1f30e086e17
+    uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@141907b215220e95e3ed3811d0fe8fa18675dbed
     secrets:
       AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
       AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}

From 213185eb06e2592ff7d675cd1710f61cc9337e90 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Wed, 11 Mar 2026 13:43:26 +0000
Subject: [PATCH 2/2] more vulns

---
 .trivyignore.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index 3efb7308..0eb58b01 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -62,3 +62,12 @@ vulnerabilities:
   - id: CVE-2026-29786
     statement: node-tar requrired dependency, and not a relelveant attack vector
     expired_at: 2026-06-01
+  - id: CVE-2026-31802
+    statement: node-tar requrired dependency, and not a relelveant attack vector
+    expired_at: 2026-06-01
+  - id: CVE-2026-25679
+    statement: asdf go stdlib
+    expired_at: 2026-06-01
+  - id: CVE-2026-27142
+    statement: asdf go stdlib
+    expired_at: 2026-06-01