From 218d6502891f61d17a2f18936a0ad3936c4842f4 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Thu, 16 Apr 2026 18:55:37 +0000
Subject: [PATCH 1/2] bump dev container version

---
 .devcontainer/devcontainer.json    | 2 +-
 .github/workflows/ci.yml           | 2 +-
 .github/workflows/pull_request.yml | 2 +-
 .github/workflows/release.yml      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 8738d373..3aea4ed7 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -6,7 +6,7 @@
     "args": {
       "DOCKER_GID": "${env:DOCKER_GID:}",
       "IMAGE_NAME": "node_24_python_3_14",
-      "IMAGE_VERSION": "v1.4.4",
+      "IMAGE_VERSION": "v1.4.8",
       "USER_UID": "${localEnv:USER_ID:}",
       "USER_GID": "${localEnv:GROUP_ID:}"
     }
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d4f303f9..b29d957c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
       contents: read
       packages: read
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@6a7443adade993bcd35e70cf4b18f83f62ed5d13
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc
     needs: [get_config_values]
     permissions:
       contents: read
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 800bc2f0..2627a07a 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -28,7 +28,7 @@ jobs:
     permissions:
       pull-requests: write
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@6a7443adade993bcd35e70cf4b18f83f62ed5d13
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc
     needs: [get_config_values]
     permissions:
       contents: read
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d5c6420f..1bbd89fd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
       contents: read
       packages: read
   quality_checks:
-    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@6a7443adade993bcd35e70cf4b18f83f62ed5d13
+    uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8399c1f015c1304e40771cbd8ccc24c7ed48fdbc
     needs: [get_config_values]
     permissions:
       contents: read

From bc56f87e5269c9eb9f7ad93df105d7f7d0fb9c83 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Fri, 17 Apr 2026 07:06:18 +0000
Subject: [PATCH 2/2] fix

---
 zizmor.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zizmor.yml b/zizmor.yml
index f7bf6a98..ac396437 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -2,4 +2,4 @@ rules:
   unpinned-images:
     # these workflows use unpinned images because they are using a full image passed in that contains the tag
     ignore:
-      - package_npm_code.yml:14:13
+      - package_npm_code.yml:14:24