From fc05656dce57ac8c536fb9c358ec99cb8ab468aa Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Thu, 12 Mar 2026 11:46:55 +0000
Subject: [PATCH 1/2] stagger dependabot

---
 .gitallowed             |  1 +
 .github/dependabot.yaml | 12 ++++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.gitallowed b/.gitallowed
index f6acbd8..ae9f2aa 100644
--- a/.gitallowed
+++ b/.gitallowed
@@ -7,3 +7,4 @@ self\.token = token
 token = os\.environ\.get\(\"GH_TOKEN\"\)
 poetry\.lock
 \-Dsonar\.token=\"\$SONAR_TOKEN\"
+token: "\${{ steps\.generate-token\.outputs\.token }}"
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 6310c0c..0903e4a 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -14,28 +14,28 @@ updates:
       prefix: "Upgrade: [dependabot] - "
 
   ###################################
-  # NPM workspace  ##################
+  # Poetry  #########################
   ###################################
-  - package-ecosystem: "npm"
+  - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "thursday"
-      time: "18:00" # UTC
+      time: "20:00" # UTC
     open-pull-requests-limit: 20
     versioning-strategy: increase
     commit-message:
       prefix: "Upgrade: [dependabot] - "
 
   ###################################
-  # Poetry  #########################
+  # NPM workspace  ##################
   ###################################
-  - package-ecosystem: "pip"
+  - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "thursday"
-      time: "18:00" # UTC
+      time: "22:00" # UTC
     open-pull-requests-limit: 20
     versioning-strategy: increase
     commit-message:

From f91b8872f169f118fa877e57bf4069732698c454 Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Thu, 12 Mar 2026 11:49:27 +0000
Subject: [PATCH 2/2] update trivyignore

---
 .trivyignore.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index 244c6bf..244a9b6 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -22,3 +22,6 @@ vulnerabilities:
   - id: CVE-2026-29786
     statement: tar vulnerability accepted as risk - dependency of npm (multiple)
     expired_at: 2026-06-01
+  - id: CVE-2026-31802
+    statement: tar vulnerability accepted as risk - dependency of npm (multiple)
+    expired_at: 2026-06-01