From 7372a9a443877fd3a0280334276797a379fe496f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Apr 2026 18:07:27 +0000
Subject: [PATCH 1/3] Upgrade: [dependabot] - bump @devcontainers/cli from
 0.85.0 to 0.86.0

Bumps [@devcontainers/cli](https://github.com/devcontainers/cli) from 0.85.0 to 0.86.0.
- [Changelog](https://github.com/devcontainers/cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/devcontainers/cli/compare/v0.85.0...v0.86.0)

---
updated-dependencies:
- dependency-name: "@devcontainers/cli"
  dependency-version: 0.86.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9736f74..b648738 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "@devcontainers/cli": "^0.85.0"
+        "@devcontainers/cli": "^0.86.0"
       },
       "devDependencies": {
         "@types/node": "^25.6.0",
@@ -17,9 +17,9 @@
       }
     },
     "node_modules/@devcontainers/cli": {
-      "version": "0.85.0",
-      "resolved": "https://registry.npmjs.org/@devcontainers/cli/-/cli-0.85.0.tgz",
-      "integrity": "sha512-lRbTDtDuFPTxZ6tnVXz3CbrzAaLQQ4Ys9LIpFilIFmo6zD1iuhHssC/YXEmu5WBbGro9PlgcFOmgIUAWErfa3Q==",
+      "version": "0.86.0",
+      "resolved": "https://registry.npmjs.org/@devcontainers/cli/-/cli-0.86.0.tgz",
+      "integrity": "sha512-xfc1pc1wYrPkRpFi3bsYKz2F8VGiPVwISe11I6Tl2o0gqDB2LCMI6yT5mmZ+8v2e5ff+x/lbHIVCEThoLJJS8Q==",
       "license": "MIT",
       "bin": {
         "devcontainer": "devcontainer.js"
diff --git a/package.json b/package.json
index 48cbe48..e54c17c 100644
--- a/package.json
+++ b/package.json
@@ -9,7 +9,7 @@
   "license": "ISC",
   "description": "",
   "dependencies": {
-    "@devcontainers/cli": "^0.85.0"
+    "@devcontainers/cli": "^0.86.0"
   },
   "devDependencies": {
     "@types/node": "^25.6.0",

From b0bb2d833fdc05059c83bb46668ac2a711f75b24 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Wed, 6 May 2026 06:24:38 +0000
Subject: [PATCH 2/3] fix

---
 .grype.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.grype.yaml b/.grype.yaml
index 131db9e..480e2e4 100644
--- a/.grype.yaml
+++ b/.grype.yaml
@@ -77,3 +77,5 @@ ignore:
   - vulnerability: CVE-2026-21932
   - vulnerability: CVE-2026-27143
   - vulnerability: CVE-2026-27144
+  - vulnerability: CVE-2026-3298
+  

From 637c815e1f5d51ece7eb394b00235b4b53b7e89f Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Wed, 6 May 2026 07:08:57 +0000
Subject: [PATCH 3/3] another vuln

---
 .grype.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.grype.yaml b/.grype.yaml
index 1e6a5ed..2dca79b 100644
--- a/.grype.yaml
+++ b/.grype.yaml
@@ -118,6 +118,7 @@ ignore:
   - vulnerability: CVE-2026-27143
   - vulnerability: CVE-2026-27144
   - vulnerability: CVE-2026-3298
+  - vulnerability: GHSA-vcgp-9326-pqcp
   - vulnerability: CVE-2026-34282
     package:
       name: openjdk