Upgrade: [dependabot] - bump NHSDigital/eps-action-sbom from 1.0.1 to 1.0.7 (#30)

dependabot[bot] · web-flow · commit 367b56364442 · 2025-10-31T18:09:39.000Z
Bumps [NHSDigital/eps-action-sbom](https://github.com/nhsdigital/eps-action-sbom) from 1.0.1 to 1.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nhsdigital/eps-action-sbom/releases">NHSDigital/eps-action-sbom's releases</a>.</em></p> <blockquote> <h2>v1.0.7</h2> <h2><a href="https://github.com/NHSDigital/eps-action-sbom/compare/v1.0.6...v1.0.7">1.0.7</a> (2025-10-31)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump NHSDigital/eps-workflow-dependabot from 1.0.10 to 1.0.11 (<a href="https://redirect.github.com/nhsdigital/eps-action-sbom/issues/57">#57</a>) (<a href="https://github.com/NHSDigital/eps-action-sbom/commit/a9649f5d8d4eb4147f1d2a85118f4310fb4810bd">a9649f5</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-action-sbom/compare/ddd3ecbc1886...a9649f5d8d4e">See code diff</a> <a href="https://github.com/NHSDigital/eps-action-sbom/actions/runs/18963743592">Release workflow run</a></p> <p>It was initialized by <a href="https://github.com/apps/eps-autoapprove-dependabot">eps-autoapprove-dependabot[bot]</a></p> <h2>v1.0.6</h2> <h2><a href="https://github.com/NHSDigital/eps-action-sbom/compare/v1.0.5...v1.0.6">1.0.6</a> (2025-10-31)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump NHSDigital/eps-workflow-semantic-release from 2.0.13 to 2.0.14 (<a href="https://redirect.github.com/nhsdigital/eps-action-sbom/issues/56">#56</a>) (<a href="https://github.com/NHSDigital/eps-action-sbom/commit/ddd3ecbc1886af9489b59c3ca1ab5f54561cc85a">ddd3ecb</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-action-sbom/compare/a14efe294813...ddd3ecbc1886">See code diff</a> <a href="https://github.com/NHSDigital/eps-action-sbom/actions/runs/18963643023">Release workflow run</a></p> <p>It was initialized by <a href="https://github.com/apps/eps-autoapprove-dependabot">eps-autoapprove-dependabot[bot]</a></p> <h2>v1.0.5</h2> <h2><a href="https://github.com/NHSDigital/eps-action-sbom/compare/v1.0.4...v1.0.5">1.0.5</a> (2025-10-30)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump NHSDigital/eps-workflow-semantic-release from 2.0.10 to 2.0.13 (<a href="https://redirect.github.com/nhsdigital/eps-action-sbom/issues/54">#54</a>) (<a href="https://github.com/NHSDigital/eps-action-sbom/commit/a14efe294813a54fa88317c8126eff581ad9e8fa">a14efe2</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-action-sbom/compare/0620c399ce96...a14efe294813">See code diff</a> <a href="https://github.com/NHSDigital/eps-action-sbom/actions/runs/18930990904">Release workflow run</a></p> <p>It was initialized by <a href="https://github.com/apps/eps-autoapprove-dependabot">eps-autoapprove-dependabot[bot]</a></p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/a9649f5d8d4eb4147f1d2a85118f4310fb4810bd"><code>a9649f5</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-workflow-dependabot from 1.0.10 t...</li> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/ddd3ecbc1886af9489b59c3ca1ab5f54561cc85a"><code>ddd3ecb</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-workflow-semantic-release from 2....</li> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/a14efe294813a54fa88317c8126eff581ad9e8fa"><code>a14efe2</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-workflow-semantic-release from 2....</li> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/0620c399ce9600dcca329add5d725f02d475912b"><code>0620c39</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-workflow-dependabot from 1.0.9 to...</li> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/e0ae9f1ccd7b7b99d679a85d3305b81e8444c565"><code>e0ae9f1</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-workflow-semantic-release from 2....</li> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/e34461ac7aac8b1bfa2a926c4581630448568771"><code>e34461a</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-workflow-quality-checks from 5.1....</li> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/63468ba2a81431b0626cc42c0fc250a6f625bf4e"><code>63468ba</code></a> Upgrade: [dependabot] - bump NHSDigital/eps-workflow-dependabot from 1.0.4 to...</li> <li>See full diff in <a href="https://github.com/nhsdigital/eps-action-sbom/compare/aaf8c4d1eca609b73ac625e0d5087beebb50de5a...a9649f5d8d4eb4147f1d2a85118f4310fb4810bd">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=NHSDigital/eps-action-sbom&package-manager=github_actions&previous-version=1.0.1&new-version=1.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
@@ -349,7 +349,7 @@ jobs:
           path: cfn_guard_output
 
       - name: Generate and check SBOMs
-        uses: NHSDigital/eps-action-sbom@aaf8c4d1eca609b73ac625e0d5087beebb50de5a
+        uses: NHSDigital/eps-action-sbom@a9649f5d8d4eb4147f1d2a85118f4310fb4810bd
 
       - name: "check is SONAR_TOKEN exists"
         env:
