From 64069348fcbde4b7084cc806697ee24740ec1e7d Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Wed, 18 Mar 2026 11:47:51 +0000
Subject: [PATCH 1/4] add initial dependabot configuration

---
 .github/dependabot.yml | 74 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..d3a9ed096a
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,74 @@
+# See the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  #
+  # Check for minor/patch versions only on a weekly basis - we are likely to be able to
+  # merge these routinely. Major versions we'll check for and update manually.
+  #
+  - package-ecosystem: 'npm'
+    directory: '/'
+    versioning-strategy: increase
+    schedule:
+      # interval: 'weekly'
+      # day: 'friday'
+      # time: '03:00'
+      interval: 'daily'
+      time: '12:05'
+      timezone: Europe/London
+    commit-message:
+      prefix: 'chore (deps): '
+    ignore:
+      # we'll do any major version updates manually
+      - dependency-name: '*'
+        update-types: ['version-update:semver-major']
+      # packages we can't currently update
+      # see issue #2214 for rationale for each of these
+      - dependency-name: '@xmldom/xmldom'
+        versions: [ '>=0.9.0' ]
+      - dependnecy-name: 'bcryptjs'
+        versions: [ '>=3.0.0' ]
+      - dependency-name: 'bootstrap'
+        versions: [ '>=5.0.0' ]
+      - dependency-name: 'bson'
+        versions: [ '>=5.0.0' ]
+      - dependency-name: 'cbor'
+        versions: [ '>=10.0.0' ]
+      - dependency-name: 'cspell'
+        versions: [ '>=9.0.0' ]
+      - dependency-name: 'eslint'
+        versions: [ '>=10.0.0' ]
+      - dependency-name: 'eslint-plugin-jsdoc'
+        versions: [ '>=51.0.0' ]
+      - dependency-name: 'fernet'
+        versions: [ '>=0.4.0' ]
+      - dependency-name: 'geodesy'
+        versions: [ '>=2.0.0' ]
+      - dependency-name: 'otpauth'
+        versions: [ '>=9.4.0' ]
+      - dependency-name: 'webpack-dev-server'
+        versions: [ '>=5.1.0' ]
+    groups:
+      #
+      # Grouping so we don't get a seperate PR for every patch version.
+      #
+      patch-updates:
+        applies-to: version-updates
+        patterns:
+          - '*'
+        update-types:
+          - 'patch'
+
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the default location of `.github/workflows`; no need to
+    # specify `/.github/workflows` for `directory`
+    directory: '/'
+    versioning-strategy: increase
+    schedule:
+      interval: 'weekly'
+      day: 'friday'
+      time: '03:00'
+      timezone: Europe/London
+    commit-message:
+      prefix: 'chore (deps): '

From c323be8eedcb95516e68d45fe39a660805357394 Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Wed, 18 Mar 2026 12:38:58 +0000
Subject: [PATCH 2/4] Update time

---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d3a9ed096a..0e6d9e6b9b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -15,7 +15,7 @@ updates:
       # day: 'friday'
       # time: '03:00'
       interval: 'daily'
-      time: '12:05'
+      time: '12:45'
       timezone: Europe/London
     commit-message:
       prefix: 'chore (deps): '

From f718540192cc368a3dedd788dca2ef67c34f53a8 Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Wed, 18 Mar 2026 13:47:11 +0000
Subject: [PATCH 3/4] Fix errors reported on dependency run, and update run
 time

---
 .github/dependabot.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0e6d9e6b9b..15afa5b680 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -15,7 +15,7 @@ updates:
       # day: 'friday'
       # time: '03:00'
       interval: 'daily'
-      time: '12:45'
+      time: '14:00'
       timezone: Europe/London
     commit-message:
       prefix: 'chore (deps): '
@@ -27,7 +27,7 @@ updates:
       # see issue #2214 for rationale for each of these
       - dependency-name: '@xmldom/xmldom'
         versions: [ '>=0.9.0' ]
-      - dependnecy-name: 'bcryptjs'
+      - dependency-name: 'bcryptjs'
         versions: [ '>=3.0.0' ]
       - dependency-name: 'bootstrap'
         versions: [ '>=5.0.0' ]
@@ -64,7 +64,6 @@ updates:
     # Workflow files stored in the default location of `.github/workflows`; no need to
     # specify `/.github/workflows` for `directory`
     directory: '/'
-    versioning-strategy: increase
     schedule:
       interval: 'weekly'
       day: 'friday'

From 2330d295c88a85dceae6d42147a944ebdb889a6c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Mar 2026 13:53:56 +0000
Subject: [PATCH 4/4] chore (deps): bump @babel/runtime from 7.28.6 to 7.29.2

Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.28.6 to 7.29.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-version: 7.29.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 88c8d5e1dd..81fe72e891 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -112,7 +112,7 @@
         "@babel/plugin-syntax-import-assertions": "^7.28.6",
         "@babel/plugin-transform-runtime": "^7.29.0",
         "@babel/preset-env": "^7.29.0",
-        "@babel/runtime": "^7.28.6",
+        "@babel/runtime": "^7.29.2",
         "@codemirror/commands": "^6.10.2",
         "@codemirror/language": "^6.12.2",
         "@codemirror/search": "^6.6.0",
@@ -1754,9 +1754,9 @@
       }
     },
     "node_modules/@babel/runtime": {
-      "version": "7.28.6",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.6.tgz",
-      "integrity": "sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA==",
+      "version": "7.29.2",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz",
+      "integrity": "sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index bcbcd48b71..d481b2953a 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,7 @@
     "@babel/plugin-syntax-import-assertions": "^7.28.6",
     "@babel/plugin-transform-runtime": "^7.29.0",
     "@babel/preset-env": "^7.29.0",
-    "@babel/runtime": "^7.28.6",
+    "@babel/runtime": "^7.29.2",
     "@codemirror/commands": "^6.10.2",
     "@codemirror/language": "^6.12.2",
     "@codemirror/search": "^6.6.0",