NHSDigital · anthony-nhs · Mar 20, 2026 · Mar 20, 2026 · Mar 20, 2026 · Mar 20, 2026
diff --git a/src/common/.trivyignore.yaml b/src/common/.trivyignore.yaml
@@ -432,3 +432,10 @@ vulnerabilities:
     purls:
       - "pkg:deb/ubuntu/linux-libc-dev@5.15.0-173.183?arch=amd64&distro=ubuntu-22.04"
     expired_at: 2026-09-16
+  - id: CVE-2026-33186
+    statement: "gRPC-Go has an authorization bypass via missing leading slash in :path"
+    purls:
+      - "pkg:golang/google.golang.org/grpc@v1.74.2"
+      - "pkg:golang/google.golang.org/grpc@v1.78.0"
+      - "pkg:golang/google.golang.org/grpc@v1.79.2"
+    expired_at: 2026-09-20
diff --git a/src/projects/eps-storage-terraform/.trivyignore.yaml b/src/projects/eps-storage-terraform/.trivyignore.yaml
@@ -110,3 +110,8 @@ vulnerabilities:
     purls:
       - "pkg:golang/go.opentelemetry.io/otel/sdk@v1.38.0"
     expired_at: 2026-09-10
+  - id: CVE-2026-33186
+    statement: "gRPC-Go has an authorization bypass via missing leading slash in :path"
+    purls:
+      - "pkg:golang/google.golang.org/grpc@v1.69.4"
+    expired_at: 2026-09-20
diff --git a/src/projects/regression_tests/.devcontainer/.tool-versions b/src/projects/regression_tests/.devcontainer/.tool-versions
@@ -1 +1 @@
-allure 2.37.0
+allure 2.38.0
diff --git a/src/projects/regression_tests/.devcontainer/scripts/root_install.sh b/src/projects/regression_tests/.devcontainer/scripts/root_install.sh
@@ -1,6 +1,13 @@
 #!/usr/bin/env bash
 
-set -e
+set -euo pipefail
+
+# install chrome
+mkdir -p /etc/apt/keyrings
+wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo tee /etc/apt/keyrings/google.asc >/dev/null
+sh -c 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.asc] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list'
+apt-get update 
+apt-get install -y google-chrome-stable
 
 # clean up
 apt-get clean