From d55d583a0909ea00b95e43e33be12d310ee35cbb Mon Sep 17 00:00:00 2001
From: Thomas Leplus <thomasleplus@users.noreply.github.com>
Date: Fri, 14 Nov 2025 18:28:46 +0100
Subject: [PATCH 1/2] ci(check-pr): no need for echo

---
 .github/workflows/check-pr.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/check-pr.yml b/.github/workflows/check-pr.yml
index 42907b74..c88c1483 100644
--- a/.github/workflows/check-pr.yml
+++ b/.github/workflows/check-pr.yml
@@ -19,11 +19,11 @@ jobs:
           # Check the commits
           commits_json=$(curl -fsSL -H "Authorization: token ${GITHUB_TOKEN}" "${PR_COMMITS_URL}")
           echo -n 'Commits: '
-          echo "${commits_json}" | jq '.'
-          commit_count="$(echo "${commits_json}" | jq -r 'length')"
+          jq '.' <<<"${commits_json}"
+          commit_count="$(jq -r 'length' <<<"${commits_json}")"
           # Check first commit message (except for dependabot who is inconsistent)
           if [ "${commit_count}" -eq 1 ] && [ "${GITHUB_ACTOR}" != 'dependabot[bot]' ] ; then
-            commit_title="$(echo "${commits_json}" | jq -r '.[0].commit.message' | head -n 1)"
+            commit_title="$(jq -r '.[0].commit.message' <<<"${commits_json}" | head -n 1)"
             echo "Commit title: ${commit_title}"
             if [[ "${commit_title}" != "${PR_TITLE}" ]] ; then
               >&2 echo 'Single commit must have same title as PR.'
@@ -32,8 +32,8 @@ jobs:
           fi
           # Check that all commits are signed
           for ((i = 0 ; i < commit_count ; i++ )); do
-            if [[ "$(echo "${commits_json}" | jq -r ".[${i}].commit.verification.verified")" == 'false' ]] ; then
-              >&2 echo "Commit $(echo "${commits_json}" | jq -r ".[${i}].sha") must be signed."
+            if [[ "$(jq -r ".[${i}].commit.verification.verified" <<<"${commits_json}")" == 'false' ]] ; then
+              >&2 echo "Commit $(jq -r ".[${i}].sha" <<<"${commits_json}") must be signed."
               exit 1
             fi
           done

From 2b75b9b1163078eb46f4aeb6a398a11cf9b4dba2 Mon Sep 17 00:00:00 2001
From: Thomas Leplus <thomasleplus@users.noreply.github.com>
Date: Sun, 16 Nov 2025 14:51:18 +0100
Subject: [PATCH 2/2] build(deps): bump checkov from 3.2.490 to 3.2.493

---
 aws-cli/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-cli/requirements.txt b/aws-cli/requirements.txt
index 247bbe7d..e96fdbe3 100644
--- a/aws-cli/requirements.txt
+++ b/aws-cli/requirements.txt
@@ -1,4 +1,4 @@
 cfn-lint==1.40.4
 cfn-policy-validator==0.0.36
-checkov==3.2.490
+checkov==3.2.493
 yamlpath==3.8.2