chore: Bump the testing-packages group with 1 update (#142)

dependabot[bot] · jeffcumpsty-tpx · web-flow · commit 6015777c3c4b · 2026-02-26T00:31:27.000Z
* Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Staging (#137) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Jeffcumpsty tpx patch 1 (#135) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * Enhance error message for non-staging merges Added echo statement to display current actor during merge error. * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 (#131) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Swashbuckle.AspNetCore from 10.1.2 to 10.1.3 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jeff Cumpsty <jeff.cumpsty@tpximpact.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 (#130) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jeff Cumpsty <jeff.cumpsty@tpximpact.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File (#129) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump Serilog.AspNetCore and Serilog.Sinks.File Bumps Serilog.AspNetCore from 8.0.3 to 10.0.0 Bumps Serilog.Sinks.File from 6.0.0 to 7.0.0 --- updated-dependencies: - dependency-name: Serilog.AspNetCore dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Serilog.Sinks.File dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jeff Cumpsty <jeff.cumpsty@tpximpact.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update (#128) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the testing-packages group with 1 update Bumps coverlet.collector from 6.0.4 to 8.0.0 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: testing-packages ... Signed-off-by: dependabot[bot] <support@github.com> * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jeff Cumpsty <jeff.cumpsty@tpximpact.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update .gitignore to ignore all log files in the logs directory (#136) * chore: Bump the microsoft-packages group with 1 update (#127) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * chore: Bump the microsoft-packages group with 1 update Bumps System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0 --- updated-dependencies: - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jeff Cumpsty <jeff.cumpsty@tpximpact.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge maion to staging (#139) * Staging (#118) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Staging (#125) * Update permissions in deploy.yml to allow writing for GitHub releases * Add job name to staging-to-main workflow for clarity * Sanitize URLs in logging for schema loading and error handling (#124) * Update staging-to-main workflow to allow dependabot merges and modify .gitignore to include log files (#132) * Update .gitignore to ignore all log files in the logs directory (#134) * ci: bump the github-actions-updates group with 2 updates (#126) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.2 to 4.32.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v4.32.2...v4.32.3) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.34.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: bump the github-actions-updates group with 2 updates (#141) Bumps the github-actions-updates group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `github/codeql-action` from 4.32.3 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v4.32.3...v4.32.4) Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.34.0...0.34.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the microsoft-packages group with 1 update (#145) Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump JsonSchema.Net from 9.1.0 to 9.1.1 (#143) --- updated-dependencies: - dependency-name: JsonSchema.Net dependency-version: 9.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump Swashbuckle.AspNetCore from 10.1.3 to 10.1.4 (#144) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Bump the testing-packages group with 1 update Bumps NUnit from 4.4.0 to 4.5.0 --- updated-dependencies: - dependency-name: NUnit dependency-version: 4.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: testing-packages ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Jeff Cumpsty <jeff.cumpsty@tpximpact.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -90,7 +90,7 @@ jobs:
           dotnet-version: ${{ env.DOTNET_VERSION }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4.32.3
+        uses: github/codeql-action/init@v4.32.4
         with:
           languages: ${{ matrix.language }}
           build-mode: manual
@@ -101,7 +101,7 @@ jobs:
           dotnet build OpenReferralApi.sln --configuration Release --no-restore --verbosity normal
       
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4.32.3
+        uses: github/codeql-action/analyze@v4.32.4
 
   security-scan-fs:
     name: Trivy Filesystem Scan
@@ -113,7 +113,7 @@ jobs:
         uses: actions/checkout@v6.0.2
 
       - name: Run Trivy (filesystem)
-        uses: aquasecurity/trivy-action@0.34.0
+        uses: aquasecurity/trivy-action@0.34.1
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -122,7 +122,7 @@ jobs:
           severity: 'CRITICAL,HIGH,MEDIUM,UNKNOWN'
 
       - name: Upload Trivy FS SARIF
-        uses: github/codeql-action/upload-sarif@v4.32.3
+        uses: github/codeql-action/upload-sarif@v4.32.4
         if: always()
         with:
           sarif_file: trivy-fs-results.sarif
@@ -199,7 +199,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Run Trivy on built image
-        uses: aquasecurity/trivy-action@0.34.0
+        uses: aquasecurity/trivy-action@0.34.1
         continue-on-error: true
         with:
           image-ref: ${{ needs.docker-build.outputs.image_ref }}
@@ -246,7 +246,7 @@ jobs:
           fi
 
       - name: Upload Trivy Image SARIF
-        uses: github/codeql-action/upload-sarif@v4.32.3
+        uses: github/codeql-action/upload-sarif@v4.32.4
         if: steps.trivy_sarif.outputs.present == 'true'
         with:
           sarif_file: trivy-image-results.sarif
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -27,7 +27,7 @@ jobs:
 
     # 2. Initialize CodeQL
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4.32.3
+      uses: github/codeql-action/init@v4.32.4
       with:
         languages: csharp
         queries: security-and-quality
@@ -41,4 +41,4 @@ jobs:
 
     # 4. Perform Analysis
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4.32.3
+      uses: github/codeql-action/analyze@v4.32.4
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -19,7 +19,7 @@ jobs:
         uses: actions/checkout@v6.0.2
 
       - name: Run Trivy vulnerability scanner (Config & Dependency)
-        uses: aquasecurity/trivy-action@0.34.0 # Use the latest version
+        uses: aquasecurity/trivy-action@0.34.1 # Use the latest version
         with:
           scan-type: 'fs' # Scans the file system
           scan-ref: '.'
@@ -29,7 +29,7 @@ jobs:
           # Trivy will ignore these checks if you have a .trivyignore file
 
       - name: Upload Trivy scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v4.32.3
+        uses: github/codeql-action/upload-sarif@v4.32.4
         if: always() # Upload results even if vulnerabilities are found
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj b/OpenReferralApi.Tests/OpenReferralApi.Tests.csproj
@@ -11,9 +11,9 @@
 
     <ItemGroup>
         <PackageReference Include="coverlet.collector" Version="8.0.0" />
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.3.0" />
         <PackageReference Include="Moq" Version="4.20.72" />
-        <PackageReference Include="NUnit" Version="4.4.0" />
+        <PackageReference Include="NUnit" Version="4.5.0" />
         <PackageReference Include="NUnit.Analyzers" Version="4.11.2" />
         <PackageReference Include="NUnit3TestAdapter" Version="6.1.0" />
     </ItemGroup>
diff --git a/OpenReferralApi/OpenReferralApi.csproj b/OpenReferralApi/OpenReferralApi.csproj
@@ -18,7 +18,7 @@
         <PackageReference Include="AspNetCore.HealthChecks.Uris" Version="9.0.0" />
         <PackageReference Include="FluentResults" Version="4.0.0" />
         <PackageReference Include="GitHubJwt" Version="0.0.6" />
-        <PackageReference Include="JsonSchema.Net" Version="9.1.0" />
+        <PackageReference Include="JsonSchema.Net" Version="9.1.1" />
         <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.3" />
         <PackageReference Include="MongoDB.Driver" Version="3.6.0" />
         <PackageReference Include="Newtonsoft.Json.Schema" Version="4.0.1" />
@@ -31,7 +31,7 @@
         <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.16.0" />
         <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
         <PackageReference Include="Serilog.Sinks.File" Version="7.0.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.3" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.4" />
     </ItemGroup>
 
     <ItemGroup>
