Upgrade: [dependabot] - bump NHSDigital/eps-action-sbom from 1.0.0 to 1.0.1 (#28)

dependabot[bot] · anthony-nhs · web-flow · commit c8639bcd3a26 · 2025-10-28T16:34:40.000Z
Bumps [NHSDigital/eps-action-sbom](https://github.com/nhsdigital/eps-action-sbom) from 1.0.0 to 1.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nhsdigital/eps-action-sbom/releases">NHSDigital/eps-action-sbom's releases</a>.</em></p> <blockquote> <h2>v1.0.1</h2> <h2><a href="https://github.com/NHSDigital/eps-action-sbom/compare/v1.0.0...v1.0.1">1.0.1</a> (2025-10-28)</h2> <h3>Upgrade</h3> <ul> <li>[dependabot] - bump actions/upload-artifact from 4 to 5 (<a href="https://redirect.github.com/nhsdigital/eps-action-sbom/issues/50">#50</a>) (<a href="https://github.com/NHSDigital/eps-action-sbom/commit/aaf8c4d1eca609b73ac625e0d5087beebb50de5a">aaf8c4d</a>)</li> </ul> <h2>Info</h2> <p><a href="https://github.com/NHSDigital/eps-action-sbom/compare/efc65411a5d6...aaf8c4d1eca6">See code diff</a> <a href="https://github.com/NHSDigital/eps-action-sbom/actions/runs/18876831080">Release workflow run</a></p> <p>It was initialized by <a href="https://github.com/apps/eps-autoapprove-dependabot">eps-autoapprove-dependabot[bot]</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/NHSDigital/eps-action-sbom/commit/aaf8c4d1eca609b73ac625e0d5087beebb50de5a"><code>aaf8c4d</code></a> Upgrade: [dependabot] - bump actions/upload-artifact from 4 to 5 (<a href="https://redirect.github.com/nhsdigital/eps-action-sbom/issues/50">#50</a>)</li> <li>See full diff in <a href="https://github.com/nhsdigital/eps-action-sbom/compare/efc65411a5d69d617c9ba15d633a18f7b9896859...aaf8c4d1eca609b73ac625e0d5087beebb50de5a">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=NHSDigital/eps-action-sbom&package-manager=github_actions&previous-version=1.0.0&new-version=1.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Brown <121869075+anthony-nhs@users.noreply.github.com>
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -8,6 +8,12 @@ env:
   BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
 
 jobs:
+  dependabot-auto-approve-and-merge:
+    needs: quality_checks
+    uses: NHSDigital/eps-workflow-dependabot/.github/workflows/dependabot-auto-approve-and-merge.yml@7bc662bb5f6528a429920af5ba74bda99f1f5d2e
+    secrets:
+      AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
+      AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
   pr_title_format_check:
     uses: NHSDigital/eps-workflow-semantic-release/.github/workflows/pr_title_check.yml@f80157cecce288dd175e61b477a1d2dbe9c88b99
   get_asdf_version:
diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
@@ -349,7 +349,7 @@ jobs:
           path: cfn_guard_output
 
       - name: Generate and check SBOMs
-        uses: NHSDigital/eps-action-sbom@efc65411a5d69d617c9ba15d633a18f7b9896859
+        uses: NHSDigital/eps-action-sbom@aaf8c4d1eca609b73ac625e0d5087beebb50de5a
 
       - name: "check is SONAR_TOKEN exists"
         env:
