diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..15afa5b680 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,73 @@ +# See the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # + # Check for minor/patch versions only on a weekly basis - we are likely to be able to + # merge these routinely. Major versions we'll check for and update manually. + # + - package-ecosystem: 'npm' + directory: '/' + versioning-strategy: increase + schedule: + # interval: 'weekly' + # day: 'friday' + # time: '03:00' + interval: 'daily' + time: '14:00' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' + ignore: + # we'll do any major version updates manually + - dependency-name: '*' + update-types: ['version-update:semver-major'] + # packages we can't currently update + # see issue #2214 for rationale for each of these + - dependency-name: '@xmldom/xmldom' + versions: [ '>=0.9.0' ] + - dependency-name: 'bcryptjs' + versions: [ '>=3.0.0' ] + - dependency-name: 'bootstrap' + versions: [ '>=5.0.0' ] + - dependency-name: 'bson' + versions: [ '>=5.0.0' ] + - dependency-name: 'cbor' + versions: [ '>=10.0.0' ] + - dependency-name: 'cspell' + versions: [ '>=9.0.0' ] + - dependency-name: 'eslint' + versions: [ '>=10.0.0' ] + - dependency-name: 'eslint-plugin-jsdoc' + versions: [ '>=51.0.0' ] + - dependency-name: 'fernet' + versions: [ '>=0.4.0' ] + - dependency-name: 'geodesy' + versions: [ '>=2.0.0' ] + - dependency-name: 'otpauth' + versions: [ '>=9.4.0' ] + - dependency-name: 'webpack-dev-server' + versions: [ '>=5.1.0' ] + groups: + # + # Grouping so we don't get a seperate PR for every patch version. + # + patch-updates: + applies-to: version-updates + patterns: + - '*' + update-types: + - 'patch' + + - package-ecosystem: "github-actions" + # Workflow files stored in the default location of `.github/workflows`; no need to + # specify `/.github/workflows` for `directory` + directory: '/' + schedule: + interval: 'weekly' + day: 'friday' + time: '03:00' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' diff --git a/package-lock.json b/package-lock.json index 88c8d5e1dd..81fe72e891 100644 --- a/package-lock.json +++ b/package-lock.json @@ -112,7 +112,7 @@ "@babel/plugin-syntax-import-assertions": "^7.28.6", "@babel/plugin-transform-runtime": "^7.29.0", "@babel/preset-env": "^7.29.0", - "@babel/runtime": "^7.28.6", + "@babel/runtime": "^7.29.2", "@codemirror/commands": "^6.10.2", "@codemirror/language": "^6.12.2", "@codemirror/search": "^6.6.0", @@ -1754,9 +1754,9 @@ } }, "node_modules/@babel/runtime": { - "version": "7.28.6", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.6.tgz", - "integrity": "sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA==", + "version": "7.29.2", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz", + "integrity": "sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==", "dev": true, "license": "MIT", "engines": { diff --git a/package.json b/package.json index bcbcd48b71..d481b2953a 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "@babel/plugin-syntax-import-assertions": "^7.28.6", "@babel/plugin-transform-runtime": "^7.29.0", "@babel/preset-env": "^7.29.0", - "@babel/runtime": "^7.28.6", + "@babel/runtime": "^7.29.2", "@codemirror/commands": "^6.10.2", "@codemirror/language": "^6.12.2", "@codemirror/search": "^6.6.0",