From 7a7092bbdb94ed02745769b69e875bfb5f9897e5 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Mon, 13 Apr 2026 15:13:33 +0000
Subject: [PATCH 1/4] update syft, grype, poetry

---
 src/base/.devcontainer/Dockerfile.grype                        | 2 +-
 src/base/.devcontainer/Dockerfile.syft                         | 2 +-
 src/languages/node_24_python_3_12/.devcontainer/.tool-versions | 2 +-
 src/languages/node_24_python_3_13/.devcontainer/.tool-versions | 2 +-
 src/languages/node_24_python_3_14/.devcontainer/.tool-versions | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/base/.devcontainer/Dockerfile.grype b/src/base/.devcontainer/Dockerfile.grype
index a502379..072535f 100644
--- a/src/base/.devcontainer/Dockerfile.grype
+++ b/src/base/.devcontainer/Dockerfile.grype
@@ -1,6 +1,6 @@
 FROM alpine:3.23.3 AS build
 ARG TARGETARCH
-ARG GRYPE_VERSION="0.110.0"
+ARG GRYPE_VERSION="0.111.0"
 ENV GRYPE_VERSION=${GRYPE_VERSION}
 RUN apk add --no-cache cosign bash curl jq
 COPY --chmod=755 scripts/install_anchore_tool.sh /tmp/install_anchore_tool.sh
diff --git a/src/base/.devcontainer/Dockerfile.syft b/src/base/.devcontainer/Dockerfile.syft
index 7ad118f..de3a1be 100644
--- a/src/base/.devcontainer/Dockerfile.syft
+++ b/src/base/.devcontainer/Dockerfile.syft
@@ -1,6 +1,6 @@
 FROM alpine:3.23.3 AS build
 ARG TARGETARCH
-ARG SYFT_VERSION="1.42.3"
+ARG SYFT_VERSION="1.42.4"
 ENV SYFT_VERSION=${SYFT_VERSION}
 RUN apk add --no-cache cosign bash curl jq
 COPY --chmod=755 scripts/install_anchore_tool.sh /tmp/install_anchore_tool.sh
diff --git a/src/languages/node_24_python_3_12/.devcontainer/.tool-versions b/src/languages/node_24_python_3_12/.devcontainer/.tool-versions
index 32c2ed8..555df61 100644
--- a/src/languages/node_24_python_3_12/.devcontainer/.tool-versions
+++ b/src/languages/node_24_python_3_12/.devcontainer/.tool-versions
@@ -1,2 +1,2 @@
 python 3.12.13
-poetry 2.3.2
+poetry 2.3.4
diff --git a/src/languages/node_24_python_3_13/.devcontainer/.tool-versions b/src/languages/node_24_python_3_13/.devcontainer/.tool-versions
index 85e2d7a..46ca377 100644
--- a/src/languages/node_24_python_3_13/.devcontainer/.tool-versions
+++ b/src/languages/node_24_python_3_13/.devcontainer/.tool-versions
@@ -1,2 +1,2 @@
 python 3.13.12
-poetry 2.3.2
+poetry 2.3.4
diff --git a/src/languages/node_24_python_3_14/.devcontainer/.tool-versions b/src/languages/node_24_python_3_14/.devcontainer/.tool-versions
index 65e66b7..0de8a1b 100644
--- a/src/languages/node_24_python_3_14/.devcontainer/.tool-versions
+++ b/src/languages/node_24_python_3_14/.devcontainer/.tool-versions
@@ -1,2 +1,2 @@
 python 3.14.3
-poetry 2.3.2
+poetry 2.3.4

From d94de8f50ca0d697f1e221cfb9dc8cf4654cd5a4 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Mon, 13 Apr 2026 15:31:49 +0000
Subject: [PATCH 2/4] more vulns

---
 .grype.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.grype.yaml b/.grype.yaml
index 3d706b7..cf2eec2 100644
--- a/.grype.yaml
+++ b/.grype.yaml
@@ -27,6 +27,10 @@ ignore:
   - vulnerability: CVE-2025-58188
   - vulnerability: CVE-2025-4674
   - vulnerability: GHSA-x744-4wpc-v9h2
+  - vulnerability: GHSA-92mm-2pjq-r785
+  - vulnerability: GHSA-78h2-9frx-2jm8
+  - vulnerability: CVE-2026-32280
+  - vulnerability: GHSA-hfvc-g4fc-pqhx
 # node_24 vulnerabilities
   - vulnerability: GHSA-c2c7-rcm5-vvqj
   - vulnerability: GHSA-7r86-cg39-jmmj

From 6ce91958fb7a56e958053b8af2e03c7345dffc5e Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Mon, 13 Apr 2026 15:52:51 +0000
Subject: [PATCH 3/4] bump node

---
 src/base_node/node_24/.devcontainer/.tool-versions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/base_node/node_24/.devcontainer/.tool-versions b/src/base_node/node_24/.devcontainer/.tool-versions
index 01c1e7d..78dcfe6 100644
--- a/src/base_node/node_24/.devcontainer/.tool-versions
+++ b/src/base_node/node_24/.devcontainer/.tool-versions
@@ -1 +1 @@
-nodejs 24.14.0
+nodejs 24.14.1

From 8f6aea67c820cb81fb8097d81f4efe7ad84d42fa Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Mon, 13 Apr 2026 17:02:32 +0000
Subject: [PATCH 4/4] more vulns

---
 .grype.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.grype.yaml b/.grype.yaml
index cf2eec2..660a265 100644
--- a/.grype.yaml
+++ b/.grype.yaml
@@ -43,6 +43,7 @@ ignore:
   - vulnerability: GHSA-cx63-2mw6-8hw5
   - vulnerability: GHSA-r9hx-vwmv-q579
   - vulnerability: GHSA-5rjg-fvgr-3xxf
+  - vulnerability: GHSA-2599-h6xx-hpxp
 # eps-storage-terraform vulnerabilities
   - vulnerability: CVE-2025-68119
 # eps-data-extract vulnerabilities