From 981838049ec285c395817c32e088e25f89ce61bf Mon Sep 17 00:00:00 2001
From: Murilo Dal Ri <murilo.dalri@digital.cabinet-office.gov.uk>
Date: Wed, 1 May 2024 15:13:58 +0100
Subject: [PATCH] Update dependencies

Add note about GOV.UK implementing RFC-167 which allows repos that meet certain criteria to auto-merge Dependabot PRs.
---
 source/standards/tracking-dependencies.html.md.erb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source/standards/tracking-dependencies.html.md.erb b/source/standards/tracking-dependencies.html.md.erb
index da24aa9f..65a85874 100644
--- a/source/standards/tracking-dependencies.html.md.erb
+++ b/source/standards/tracking-dependencies.html.md.erb
@@ -27,6 +27,8 @@ There are tools which scan GitHub repositories and raise pull requests (PRs) whe
 
     > Note: we have not enabled "Treat PR approval as a request to merge", as this would lead to a surprising behaviour at the point of approval.
 
+    > Note: GOV.UK has implemented [RFC-167][] which allows automatic patching of all dependencies in certain cases.
+
 * [PyUp][] - a Python dependency checker. Used by GOV.UK Notify, PyUp will monitor for updates and vulnerabilities
 
 All the above tools are free to use on public repositories.
@@ -100,3 +102,4 @@ Also consider managed solutions where possible. For example:
 [Snyk container vulnerability management tooling]: https://snyk.io/product/container-vulnerability-management/
 [GOV.UK PaaS buildpacks]: https://docs.cloud.service.gov.uk/deploying_apps.html#buildpacks
 [AWS Fargate]: https://aws.amazon.com/fargate/
+[RFC-167]: https://github.com/alphagov/govuk-rfcs/blob/main/rfc-167-auto-patch-dependencies.md