Combined Dependabot PRs (#13)

github-actions[bot] · dependabot[bot] · m-houston · web-flow · commit f62e951ea999 · 2025-03-27T15:25:15.000Z
* Bump peter-evans/create-pull-request from 7.0.1 to 7.0.8 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.1 to 7.0.8. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v7.0.1...v7.0.8) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump nhs-england-tools/notify-msteams-action from 0.0.4 to 1.0.0 Bumps [nhs-england-tools/notify-msteams-action](https://github.com/nhs-england-tools/notify-msteams-action) from 0.0.4 to 1.0.0. - [Release notes](https://github.com/nhs-england-tools/notify-msteams-action/releases) - [Changelog](https://github.com/nhs-england-tools/notify-msteams-action/blob/main/.releaserc) - [Commits](nhs-england-tools/notify-msteams-action@v0.0.4...v1.0.0) --- updated-dependencies: - dependency-name: nhs-england-tools/notify-msteams-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/net in /docs/adr/assets/ADR-003/examples/golang Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0. - [Commits](golang/net@v0.33.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ossf/scorecard-action from 2.3.1 to 2.4.1 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.4.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...f49aabe) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github/combine-prs from 5.1.0 to 5.2.0 Bumps [github/combine-prs](https://github.com/github/combine-prs) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/github/combine-prs/releases) - [Commits](github/combine-prs@v5.1.0...v5.2.0) --- updated-dependencies: - dependency-name: github/combine-prs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump cgi from 0.4.1 to 0.4.2 in /docs Bumps [cgi](https://github.com/ruby/cgi) from 0.4.1 to 0.4.2. - [Release notes](https://github.com/ruby/cgi/releases) - [Commits](ruby/cgi@v0.4.1...v0.4.2) --- updated-dependencies: - dependency-name: cgi dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump webrick from 1.8.1 to 1.8.2 in /docs Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/ruby/webrick/releases) - [Commits](ruby/webrick@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: webrick dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump nokogiri from 1.16.5 to 1.18.4 in /docs Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.5 to 1.18.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.16.5...v1.18.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump rexml from 3.3.6 to 3.3.9 in /docs Bumps [rexml](https://github.com/ruby/rexml) from 3.3.6 to 3.3.9. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.3.6...v3.3.9) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump jinja2 in /scripts/docker/examples/python/assets/hello_world Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.5...3.1.6) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Mike Houston <michael.houston4@nhs.net>
diff --git a/.github/workflows/manual-combine-dependabot-prs.yaml b/.github/workflows/manual-combine-dependabot-prs.yaml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - name: combine-prs
         id: combine-prs
-        uses: github/combine-prs@v5.1.0
+        uses: github/combine-prs@v5.2.0
         with:
           ci_required: false
           labels: dependencies
diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml
@@ -32,7 +32,7 @@ jobs:
 
     - name: Create Pull Request
       if: ${{ !env.ACT }}
-      uses: peter-evans/create-pull-request@v7.0.1
+      uses: peter-evans/create-pull-request@v7.0.8
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: Drift from template
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
diff --git a/.github/workflows/stage-5-publish.yaml b/.github/workflows/stage-5-publish.yaml
@@ -104,7 +104,7 @@ jobs:
         run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
       - name: "Notify on publishing packages"
         if: steps.check.outputs.secret_exist == 'true'
-        uses: nhs-england-tools/notify-msteams-action@v0.0.4
+        uses: nhs-england-tools/notify-msteams-action@v1.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           teams-webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL }}
diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
@@ -15,7 +15,7 @@ GEM
       public_suffix (>= 2.0.2, < 6.0)
     base64 (0.2.0)
     bigdecimal (3.1.8)
-    cgi (0.4.1)
+    cgi (0.4.2)
     colorator (1.1.0)
     concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
@@ -92,29 +92,27 @@ GEM
       jekyll-seo-tag (~> 2.1)
     minitest (5.24.1)
     mutex_m (0.2.0)
-    nokogiri (1.16.5-x86_64-linux)
+    nokogiri (1.18.4-x86_64-linux-gnu)
       racc (~> 1.4)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
     public_suffix (5.0.5)
-    racc (1.8.0)
+    racc (1.8.1)
     rake (13.2.1)
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rexml (3.3.6)
-      strscan
+    rexml (3.3.9)
     rouge (4.2.1)
     safe_yaml (1.0.5)
     sass-embedded (1.83.0-x86_64-linux-gnu)
       google-protobuf (~> 4.28)
-    strscan (3.1.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
-    webrick (1.8.1)
+    webrick (1.8.2)
 
 PLATFORMS
   x86_64-linux
