From 64069348fcbde4b7084cc806697ee24740ec1e7d Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 11:47:51 +0000 Subject: [PATCH 1/4] add initial dependabot configuration --- .github/dependabot.yml | 74 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..d3a9ed096a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,74 @@ +# See the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # + # Check for minor/patch versions only on a weekly basis - we are likely to be able to + # merge these routinely. Major versions we'll check for and update manually. + # + - package-ecosystem: 'npm' + directory: '/' + versioning-strategy: increase + schedule: + # interval: 'weekly' + # day: 'friday' + # time: '03:00' + interval: 'daily' + time: '12:05' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' + ignore: + # we'll do any major version updates manually + - dependency-name: '*' + update-types: ['version-update:semver-major'] + # packages we can't currently update + # see issue #2214 for rationale for each of these + - dependency-name: '@xmldom/xmldom' + versions: [ '>=0.9.0' ] + - dependnecy-name: 'bcryptjs' + versions: [ '>=3.0.0' ] + - dependency-name: 'bootstrap' + versions: [ '>=5.0.0' ] + - dependency-name: 'bson' + versions: [ '>=5.0.0' ] + - dependency-name: 'cbor' + versions: [ '>=10.0.0' ] + - dependency-name: 'cspell' + versions: [ '>=9.0.0' ] + - dependency-name: 'eslint' + versions: [ '>=10.0.0' ] + - dependency-name: 'eslint-plugin-jsdoc' + versions: [ '>=51.0.0' ] + - dependency-name: 'fernet' + versions: [ '>=0.4.0' ] + - dependency-name: 'geodesy' + versions: [ '>=2.0.0' ] + - dependency-name: 'otpauth' + versions: [ '>=9.4.0' ] + - dependency-name: 'webpack-dev-server' + versions: [ '>=5.1.0' ] + groups: + # + # Grouping so we don't get a seperate PR for every patch version. + # + patch-updates: + applies-to: version-updates + patterns: + - '*' + update-types: + - 'patch' + + - package-ecosystem: "github-actions" + # Workflow files stored in the default location of `.github/workflows`; no need to + # specify `/.github/workflows` for `directory` + directory: '/' + versioning-strategy: increase + schedule: + interval: 'weekly' + day: 'friday' + time: '03:00' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' From c323be8eedcb95516e68d45fe39a660805357394 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 12:38:58 +0000 Subject: [PATCH 2/4] Update time --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d3a9ed096a..0e6d9e6b9b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,7 +15,7 @@ updates: # day: 'friday' # time: '03:00' interval: 'daily' - time: '12:05' + time: '12:45' timezone: Europe/London commit-message: prefix: 'chore (deps): ' From f718540192cc368a3dedd788dca2ef67c34f53a8 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 13:47:11 +0000 Subject: [PATCH 3/4] Fix errors reported on dependency run, and update run time --- .github/dependabot.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0e6d9e6b9b..15afa5b680 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,7 +15,7 @@ updates: # day: 'friday' # time: '03:00' interval: 'daily' - time: '12:45' + time: '14:00' timezone: Europe/London commit-message: prefix: 'chore (deps): ' @@ -27,7 +27,7 @@ updates: # see issue #2214 for rationale for each of these - dependency-name: '@xmldom/xmldom' versions: [ '>=0.9.0' ] - - dependnecy-name: 'bcryptjs' + - dependency-name: 'bcryptjs' versions: [ '>=3.0.0' ] - dependency-name: 'bootstrap' versions: [ '>=5.0.0' ] @@ -64,7 +64,6 @@ updates: # Workflow files stored in the default location of `.github/workflows`; no need to # specify `/.github/workflows` for `directory` directory: '/' - versioning-strategy: increase schedule: interval: 'weekly' day: 'friday' From 9a14a507f0236299dded19802c8d531262db2ac7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Mar 2026 13:53:09 +0000 Subject: [PATCH 4/4] chore (deps): bump the patch-updates group with 6 updates Bumps the patch-updates group with 6 updates: | Package | From | To | | --- | --- | --- | | [moment-timezone](https://github.com/moment/moment-timezone) | `0.6.0` | `0.6.1` | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.0` | `7.29.2` | | [@codemirror/commands](https://github.com/codemirror/commands) | `6.10.2` | `6.10.3` | | [@codemirror/state](https://github.com/codemirror/state) | `6.5.4` | `6.6.0` | | [babel-loader](https://github.com/babel/babel-loader) | `10.1.0` | `10.1.1` | | [terser](https://github.com/terser/terser) | `5.46.0` | `5.46.1` | Updates `moment-timezone` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](https://github.com/moment/moment-timezone/compare/0.6.0...0.6.1) Updates `@babel/preset-env` from 7.29.0 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-preset-env) Updates `@codemirror/commands` from 6.10.2 to 6.10.3 - [Changelog](https://github.com/codemirror/commands/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/commands/compare/6.10.2...6.10.3) Updates `@codemirror/state` from 6.5.4 to 6.6.0 - [Changelog](https://github.com/codemirror/state/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/state/compare/6.5.4...6.6.0) Updates `babel-loader` from 10.1.0 to 10.1.1 - [Release notes](https://github.com/babel/babel-loader/releases) - [Changelog](https://github.com/babel/babel-loader/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel-loader/compare/v10.1.0...v10.1.1) Updates `terser` from 5.46.0 to 5.46.1 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](https://github.com/terser/terser/compare/v5.46.0...v5.46.1) --- updated-dependencies: - dependency-name: moment-timezone dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@babel/preset-env" dependency-version: 7.29.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@codemirror/commands" dependency-version: 6.10.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@codemirror/state" dependency-version: 6.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: patch-updates - dependency-name: babel-loader dependency-version: 10.1.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: terser dependency-version: 5.46.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] --- package-lock.json | 48 +++++++++++++++++++++++------------------------ package.json | 10 +++++----- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/package-lock.json b/package-lock.json index 88c8d5e1dd..d2ab7b47ed 100644 --- a/package-lock.json +++ b/package-lock.json @@ -73,7 +73,7 @@ "lz4js": "^0.2.0", "markdown-it": "^14.1.1", "moment": "^2.30.1", - "moment-timezone": "^0.6.0", + "moment-timezone": "^0.6.1", "ngeohash": "^0.6.3", "node-forge": "^1.3.3", "node-md6": "^0.1.0", @@ -111,15 +111,15 @@ "@babel/eslint-parser": "^7.28.6", "@babel/plugin-syntax-import-assertions": "^7.28.6", "@babel/plugin-transform-runtime": "^7.29.0", - "@babel/preset-env": "^7.29.0", + "@babel/preset-env": "^7.29.2", "@babel/runtime": "^7.28.6", - "@codemirror/commands": "^6.10.2", + "@codemirror/commands": "^6.10.3", "@codemirror/language": "^6.12.2", "@codemirror/search": "^6.6.0", "@codemirror/state": "^6.5.4", "@codemirror/view": "^6.39.17", "autoprefixer": "^10.4.27", - "babel-loader": "^10.0.0", + "babel-loader": "^10.1.1", "base64-loader": "^1.0.0", "chromedriver": "^130.0.4", "cli-progress": "^3.12.0", @@ -154,7 +154,7 @@ "postcss-loader": "^8.2.1", "prompt": "^1.3.0", "sitemap": "^8.0.3", - "terser": "^5.46.0", + "terser": "^5.46.1", "webpack": "^5.105.4", "webpack-bundle-analyzer": "^4.10.2", "webpack-dev-server": "5.0.4", @@ -1640,9 +1640,9 @@ } }, "node_modules/@babel/preset-env": { - "version": "7.29.0", - "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.29.0.tgz", - "integrity": "sha512-fNEdfc0yi16lt6IZo2Qxk3knHVdfMYX33czNb4v8yWhemoBhibCpQK/uYHtSKIiO+p/zd3+8fYVXhQdOVV608w==", + "version": "7.29.2", + "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.29.2.tgz", + "integrity": "sha512-DYD23veRYGvBFhcTY1iUvJnDNpuqNd/BzBwCvzOTKUnJjKg5kpUBh3/u9585Agdkgj+QuygG7jLfOPWMa2KVNw==", "dev": true, "license": "MIT", "dependencies": { @@ -1840,14 +1840,14 @@ } }, "node_modules/@codemirror/commands": { - "version": "6.10.2", - "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.2.tgz", - "integrity": "sha512-vvX1fsih9HledO1c9zdotZYUZnE4xV0m6i3m25s5DIfXofuprk6cRcLUZvSk3CASUbwjQX21tOGbkY2BH8TpnQ==", + "version": "6.10.3", + "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.3.tgz", + "integrity": "sha512-JFRiqhKu+bvSkDLI+rUhJwSxQxYb759W5GBezE8Uc8mHLqC9aV/9aTC7yJSqCtB3F00pylrLCwnyS91Ap5ej4Q==", "dev": true, "license": "MIT", "dependencies": { "@codemirror/language": "^6.0.0", - "@codemirror/state": "^6.4.0", + "@codemirror/state": "^6.6.0", "@codemirror/view": "^6.27.0", "@lezer/common": "^1.1.0" } @@ -1880,9 +1880,9 @@ } }, "node_modules/@codemirror/state": { - "version": "6.5.4", - "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.4.tgz", - "integrity": "sha512-8y7xqG/hpB53l25CIoit9/ngxdfoG+fx+V3SHBrinnhOtLvKHRyAJJuHzkWrR4YXXLX8eXBsejgAAxHUOdW1yw==", + "version": "6.6.0", + "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.6.0.tgz", + "integrity": "sha512-4nbvra5R5EtiCzr9BTHiTLc+MLXK2QGiAVYMyi8PkQd3SR+6ixar/Q/01Fa21TBIDOZXgeWV4WppsQolSreAPQ==", "dev": true, "license": "MIT", "dependencies": { @@ -5181,9 +5181,9 @@ } }, "node_modules/babel-loader": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-10.1.0.tgz", - "integrity": "sha512-5HTUZa013O4SWEYlJDHexrqSIYkWatfA9w/ZZQa7V2nMc0dRWkfu/0pmioC7XMYm8M7Z/3+q42NWj6e+fAT0MQ==", + "version": "10.1.1", + "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-10.1.1.tgz", + "integrity": "sha512-JwKSzk2kjIe7mgPK+/lyZ2QAaJcpahNAdM+hgR2HI8D0OJVkdj8Rl6J3kaLYki9pwF7P2iWnD8qVv80Lq1ABtg==", "dev": true, "license": "MIT", "dependencies": { @@ -13300,9 +13300,9 @@ } }, "node_modules/moment-timezone": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.6.0.tgz", - "integrity": "sha512-ldA5lRNm3iJCWZcBCab4pnNL3HSZYXVb/3TYr75/1WCTWYuTqYUb5f/S384pncYjJ88lbO8Z4uPDvmoluHJc8Q==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.6.1.tgz", + "integrity": "sha512-1B9lmAhB9D9/sHaPC1N7wLFEVUoFldxOpOO96lOD1PvJ43vCd0ozDPbu0FEL3++VvawOlDkq8YD373tJmP5JHw==", "license": "MIT", "dependencies": { "moment": "^2.29.4" @@ -17033,9 +17033,9 @@ "license": "MIT" }, "node_modules/terser": { - "version": "5.46.0", - "resolved": "https://registry.npmjs.org/terser/-/terser-5.46.0.tgz", - "integrity": "sha512-jTwoImyr/QbOWFFso3YoU3ik0jBBDJ6JTOQiy/J2YxVJdZCc+5u7skhNwiOR3FQIygFqVUPHl7qbbxtjW2K3Qg==", + "version": "5.46.1", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.46.1.tgz", + "integrity": "sha512-vzCjQO/rgUuK9sf8VJZvjqiqiHFaZLnOiimmUuOKODxWL8mm/xua7viT7aqX7dgPY60otQjUotzFMmCB4VdmqQ==", "dev": true, "license": "BSD-2-Clause", "dependencies": { diff --git a/package.json b/package.json index bcbcd48b71..df039c2142 100644 --- a/package.json +++ b/package.json @@ -42,15 +42,15 @@ "@babel/eslint-parser": "^7.28.6", "@babel/plugin-syntax-import-assertions": "^7.28.6", "@babel/plugin-transform-runtime": "^7.29.0", - "@babel/preset-env": "^7.29.0", + "@babel/preset-env": "^7.29.2", "@babel/runtime": "^7.28.6", - "@codemirror/commands": "^6.10.2", + "@codemirror/commands": "^6.10.3", "@codemirror/language": "^6.12.2", "@codemirror/search": "^6.6.0", "@codemirror/state": "^6.5.4", "@codemirror/view": "^6.39.17", "autoprefixer": "^10.4.27", - "babel-loader": "^10.0.0", + "babel-loader": "^10.1.1", "base64-loader": "^1.0.0", "chromedriver": "^130.0.4", "cli-progress": "^3.12.0", @@ -85,7 +85,7 @@ "postcss-loader": "^8.2.1", "prompt": "^1.3.0", "sitemap": "^8.0.3", - "terser": "^5.46.0", + "terser": "^5.46.1", "webpack": "^5.105.4", "webpack-bundle-analyzer": "^4.10.2", "webpack-dev-server": "5.0.4", @@ -156,7 +156,7 @@ "lz4js": "^0.2.0", "markdown-it": "^14.1.1", "moment": "^2.30.1", - "moment-timezone": "^0.6.0", + "moment-timezone": "^0.6.1", "ngeohash": "^0.6.3", "node-forge": "^1.3.3", "node-md6": "^0.1.0",