We had alerts today internally on defender due to a Notepad++ upgrade to 8.2.2. Note pad ++ is no longer able to sign their releases due to not being able to renew an expiring certificate due to changes in certificate authority policies as detailed at https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/ and https://notepad-plus-plus.org/news/v882-fix-security-issue/
The current work around is to whitelist the SHA 1 hash as trusted to not block the updates
179613870a9ffc646b77918701481c8ffdae1c82e06cbc7ea7d42af3d1c9e5e2 npp.8.8.2.Installer.exe
561a1656f8710cfd39a5dee3ae67b2c18916f792
which matches the digests (viewed over https) at https://notepad-plus-plus.org/downloads/v8.8.2/ and on their github releases page at https://github.com/notepad-plus-plus/notepad-plus-plus/releases/tag/v8.8.2