From c226ce9b8b5ca5d2962c5e58fa17d788e89129bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 18:47:54 +0000
Subject: [PATCH 1/2] Upgrade: [dependabot] - Bump asdf-vm/actions from 3.0.2
 to 4.0.0

Bumps [asdf-vm/actions](https://github.com/asdf-vm/actions) from 3.0.2 to 4.0.0.
- [Release notes](https://github.com/asdf-vm/actions/releases)
- [Changelog](https://github.com/asdf-vm/actions/blob/master/CHANGELOG.md)
- [Commits](https://github.com/asdf-vm/actions/compare/v3.0.2...1902764435ca0dd2f3388eea723a4f92a4eb8302)

---
updated-dependencies:
- dependency-name: asdf-vm/actions
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yml      | 4 ++--
 .github/workflows/release.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 15c472e5..8fd716ab 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,7 +37,7 @@ jobs:
 
       # using git commit sha for version of action to ensure we have stable version
       - name: Install asdf
-        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
         with:
           asdf_branch: v0.14.1
   
@@ -51,7 +51,7 @@ jobs:
             ${{ runner.os }}-asdf-
 
       - name: Install asdf dependencies in .tool-versions
-        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302
         with:
           asdf_branch: v0.14.1
         env:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2bb7f13e..dd7eaf9a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,7 +36,7 @@ jobs:
 
       # using git commit sha for version of action to ensure we have stable version
       - name: Install asdf
-        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
         with:
           asdf_branch: v0.14.1
   
@@ -50,7 +50,7 @@ jobs:
             ${{ runner.os }}-asdf-
 
       - name: Install asdf dependencies in .tool-versions
-        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
+        uses: asdf-vm/actions/install@1902764435ca0dd2f3388eea723a4f92a4eb8302
         with:
           asdf_branch: v0.14.1
         env:

From 176627e41ae9c197721e0face7a56ab5f86a0ad5 Mon Sep 17 00:00:00 2001
From: Kris Szlapa <kris.szlapa1@nhs.net>
Date: Mon, 18 Aug 2025 05:32:47 +0000
Subject: [PATCH 2/2] Update resource pattern in Bedrock execution policy nag
 suppression

---
 packages/cdk/nagSuppressions.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/cdk/nagSuppressions.ts b/packages/cdk/nagSuppressions.ts
index ec0e7eac..9d5ac690 100644
--- a/packages/cdk/nagSuppressions.ts
+++ b/packages/cdk/nagSuppressions.ts
@@ -98,7 +98,7 @@ export const nagSuppressions = (stack: Stack) => {
         appliesTo: [
           "Action::bedrock:Delete*",
           "Resource::<StorageDocsBucketepsamDocsF25F63F1.Arn>/*",
-          "Resource::<StorageDocsBucketepsampr16Docs240CC945.Arn>/*",
+          "Resource::<StorageDocsBucketepsampr13Docs4288FB97.Arn>/*",
           `Resource::arn:aws:bedrock:eu-west-2:${account}:knowledge-base/*`,
           `Resource::arn:aws:aoss:eu-west-2:${account}:collection/*`,
           "Resource::*"