Merge branch 'develop' into dependabot/pip/starlette-0.49.1

james-bradley-nhs · web-flow · commit 077d787a3268 · 2026-01-16T09:07:53.000Z
diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml
@@ -26,7 +26,6 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Auto-approve Dependabot PR
-        if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
         uses: hmarr/auto-approve-action@v4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -312,3 +312,19 @@ jobs:
 
       - name: poetry test publish
         run: poetry publish -r testpypi
+
+  slack-notification:
+    runs-on: ubuntu-latest
+    needs:
+      - coverage
+      - lint
+      - publish
+    if: ${{ always() && github.repository == 'NHSDigital/mesh-sandbox' && github.actor == 'dependabot[bot]' && contains(needs.*.result, 'failure') }}
+    steps:
+      - name: Slack Notification
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a
+        with:
+          webhook: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
+          payload: |
+            text : "Dependabot PR checks failed for ${{ github.repository }}:${{ github.ref }} in PR #${{ github.event.number }}"
diff --git a/requirements.txt b/requirements.txt
@@ -530,9 +530,9 @@ typing-extensions==4.15.0 ; python_version >= "3.11" and python_full_version < "
 typing-inspection==0.4.2 ; python_version >= "3.11" and python_full_version < "3.14.0" \
     --hash=sha256:4ed1cacbdc298c220f1bd249ed5287caa16f34d44ef4e9c3d0cbad5b521545e7 \
     --hash=sha256:ba561c48a67c5958007083d386c3295464928b01faa735ab8547c5692e87f464
-urllib3==2.6.2 ; python_version >= "3.11" and python_full_version < "3.14.0" \
-    --hash=sha256:016f9c98bb7e98085cb2b4b17b87d2c702975664e4f060c6532e64d1c1a5e797 \
-    --hash=sha256:ec21cddfe7724fc7cb4ba4bea7aa8e2ef36f607a4bab81aa6ce42a13dc3f03dd
+urllib3==2.6.3 ; python_version >= "3.11" and python_full_version < "3.14.0" \
+    --hash=sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed \
+    --hash=sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4
 uvicorn==0.40.0 ; python_version >= "3.11" and python_full_version < "3.14.0" \
     --hash=sha256:839676675e87e73694518b5574fd0f24c9d97b46bea16df7b8c05ea1a51071ea \
     --hash=sha256:c6c8f55bc8bf13eb6fa9ff87ad62308bbbc33d0b67f84293151efe87e0d5f2ee
