Combined Dependabot PRs (#19)

github-actions[bot] · dependabot[bot] · web-flow · commit 6145aab9e6ee · 2026-03-16T12:07:19.000Z
* Bump asdf-vm/actions from 4.0.0 to 4.0.1 Bumps [asdf-vm/actions](https://github.com/asdf-vm/actions) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/asdf-vm/actions/releases) - [Changelog](https://github.com/asdf-vm/actions/blob/master/CHANGELOG.md) - [Commits](asdf-vm/actions@1902764...b7bcd02) --- updated-dependencies: - dependency-name: asdf-vm/actions dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump actions/download-artifact from 4 to 8 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump eslint-plugin-unicorn from 59.0.1 to 63.0.0 Bumps [eslint-plugin-unicorn](https://github.com/sindresorhus/eslint-plugin-unicorn) from 59.0.1 to 63.0.0. - [Release notes](https://github.com/sindresorhus/eslint-plugin-unicorn/releases) - [Commits](sindresorhus/eslint-plugin-unicorn@v59.0.1...v63.0.0) --- updated-dependencies: - dependency-name: eslint-plugin-unicorn dependency-version: 63.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump peter-evans/create-pull-request from 7.0.8 to 8.1.0 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 8.1.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v7.0.8...v8.1.0) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ossf/scorecard-action from 2.4.1 to 2.4.3 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.1 to 2.4.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@f49aabe...4eaacf0) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump jest-environment-jsdom from 29.7.0 to 30.3.0 Bumps [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom) from 29.7.0 to 30.3.0. - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest-environment-jsdom) --- updated-dependencies: - dependency-name: jest-environment-jsdom dependency-version: 30.3.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump eslint from 9.39.4 to 10.0.3 Bumps [eslint](https://github.com/eslint/eslint) from 9.39.4 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.39.4...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump eslint-plugin-security from 3.0.1 to 4.0.0 Bumps [eslint-plugin-security](https://github.com/eslint-community/eslint-plugin-security) from 3.0.1 to 4.0.0. - [Release notes](https://github.com/eslint-community/eslint-plugin-security/releases) - [Changelog](https://github.com/eslint-community/eslint-plugin-security/blob/main/CHANGELOG.md) - [Commits](eslint-community/eslint-plugin-security@v3.0.1...eslint-plugin-security-v4.0.0) --- updated-dependencies: - dependency-name: eslint-plugin-security dependency-version: 4.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump flask in /scripts/docker/examples/python/assets/hello_world Bumps [flask](https://github.com/pallets/flask) from 2.3.3 to 3.1.3. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@2.3.3...3.1.3) --- updated-dependencies: - dependency-name: flask dependency-version: 3.1.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump nokogiri from 1.18.10 to 1.19.1 in /docs Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.18.10 to 1.19.1. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.18.10...v1.19.1) --- updated-dependencies: - dependency-name: nokogiri dependency-version: 1.19.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump werkzeug in /scripts/docker/examples/python/assets/hello_world Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.0.6 to 3.1.6. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.0.6...3.1.6) --- updated-dependencies: - dependency-name: werkzeug dependency-version: 3.1.6 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump jinja2 in /scripts/docker/examples/python/assets/hello_world Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.5...3.1.6) --- updated-dependencies: - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pip in /scripts/docker/examples/python/assets/hello_world Bumps [pip](https://github.com/pypa/pip) from 23.3 to 26.0. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@23.3...26.0) --- updated-dependencies: - dependency-name: pip dependency-version: '26.0' dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @tootallnate/once and jest-environment-jsdom Removes [@tootallnate/once](https://github.com/TooTallNate/once). It's no longer used after updating ancestor dependency [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom). These dependencies need to be updated together. Removes `@tootallnate/once` Updates `jest-environment-jsdom` from 29.7.0 to 30.3.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest-environment-jsdom) --- updated-dependencies: - dependency-name: "@tootallnate/once" dependency-version: dependency-type: indirect - dependency-name: jest-environment-jsdom dependency-version: 30.3.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pyjwt in /docs/adr/assets/ADR-003/examples/python Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.8.0 to 2.12.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.8.0...2.12.0) --- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
diff --git a/.github/workflows/scheduled-repository-template-sync.yaml b/.github/workflows/scheduled-repository-template-sync.yaml
@@ -32,7 +32,7 @@ jobs:
 
     - name: Create Pull Request
       if: ${{ !env.ACT }}
-      uses: peter-evans/create-pull-request@v7.0.8
+      uses: peter-evans/create-pull-request@v8.1.0
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: Drift from template
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml
@@ -149,7 +149,7 @@ jobs:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - name: "Setup ASDF"
-        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
+        uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47
       - name: "Lint Terraform"
         uses: ./.github/actions/lint-terraform
   trivy-iac:
@@ -164,7 +164,7 @@ jobs:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - name: "Setup ASDF"
-        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
+        uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47
       - name: "Trivy IaC Scan"
         uses: ./.github/actions/trivy-iac
   trivy-package:
@@ -178,7 +178,7 @@ jobs:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - name: "Setup ASDF"
-        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
+        uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47
       - name: "Trivy Package Scan"
         uses: ./.github/actions/trivy-package
   count-lines-of-code:
diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml
@@ -143,7 +143,7 @@ jobs:
         with:
           fetch-depth: 0 # Full history is needed to improving relevancy of reporting
       - name: "Download coverage report for SONAR"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           name: code-coverage-report
       - name: "Perform static analysis"
diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
@@ -105,9 +105,9 @@ GEM
       jekyll-seo-tag (~> 2.1)
     minitest (6.0.0)
       prism (~> 1.5)
-    nokogiri (1.18.10-arm64-darwin)
+    nokogiri (1.19.1-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.10-x86_64-linux-gnu)
+    nokogiri (1.19.1-x86_64-linux-gnu)
       racc (~> 1.4)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
diff --git a/docs/adr/assets/ADR-003/examples/python/requirements.txt b/docs/adr/assets/ADR-003/examples/python/requirements.txt
@@ -1,2 +1,2 @@
-PyJWT==2.8.0
+PyJWT==2.12.0
 requests==2.32.4
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/scripts/docker/examples/python/assets/hello_world/requirements.txt b/scripts/docker/examples/python/assets/hello_world/requirements.txt

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-PyJWT==2.8.0`
	`1`	`+PyJWT==2.12.0`
`2`	`2`	`requests==2.32.4`