From 64069348fcbde4b7084cc806697ee24740ec1e7d Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Wed, 18 Mar 2026 11:47:51 +0000
Subject: [PATCH 1/4] add initial dependabot configuration

---
 .github/dependabot.yml | 74 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..d3a9ed096a
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,74 @@
+# See the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  #
+  # Check for minor/patch versions only on a weekly basis - we are likely to be able to
+  # merge these routinely. Major versions we'll check for and update manually.
+  #
+  - package-ecosystem: 'npm'
+    directory: '/'
+    versioning-strategy: increase
+    schedule:
+      # interval: 'weekly'
+      # day: 'friday'
+      # time: '03:00'
+      interval: 'daily'
+      time: '12:05'
+      timezone: Europe/London
+    commit-message:
+      prefix: 'chore (deps): '
+    ignore:
+      # we'll do any major version updates manually
+      - dependency-name: '*'
+        update-types: ['version-update:semver-major']
+      # packages we can't currently update
+      # see issue #2214 for rationale for each of these
+      - dependency-name: '@xmldom/xmldom'
+        versions: [ '>=0.9.0' ]
+      - dependnecy-name: 'bcryptjs'
+        versions: [ '>=3.0.0' ]
+      - dependency-name: 'bootstrap'
+        versions: [ '>=5.0.0' ]
+      - dependency-name: 'bson'
+        versions: [ '>=5.0.0' ]
+      - dependency-name: 'cbor'
+        versions: [ '>=10.0.0' ]
+      - dependency-name: 'cspell'
+        versions: [ '>=9.0.0' ]
+      - dependency-name: 'eslint'
+        versions: [ '>=10.0.0' ]
+      - dependency-name: 'eslint-plugin-jsdoc'
+        versions: [ '>=51.0.0' ]
+      - dependency-name: 'fernet'
+        versions: [ '>=0.4.0' ]
+      - dependency-name: 'geodesy'
+        versions: [ '>=2.0.0' ]
+      - dependency-name: 'otpauth'
+        versions: [ '>=9.4.0' ]
+      - dependency-name: 'webpack-dev-server'
+        versions: [ '>=5.1.0' ]
+    groups:
+      #
+      # Grouping so we don't get a seperate PR for every patch version.
+      #
+      patch-updates:
+        applies-to: version-updates
+        patterns:
+          - '*'
+        update-types:
+          - 'patch'
+
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the default location of `.github/workflows`; no need to
+    # specify `/.github/workflows` for `directory`
+    directory: '/'
+    versioning-strategy: increase
+    schedule:
+      interval: 'weekly'
+      day: 'friday'
+      time: '03:00'
+      timezone: Europe/London
+    commit-message:
+      prefix: 'chore (deps): '

From c323be8eedcb95516e68d45fe39a660805357394 Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Wed, 18 Mar 2026 12:38:58 +0000
Subject: [PATCH 2/4] Update time

---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d3a9ed096a..0e6d9e6b9b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -15,7 +15,7 @@ updates:
       # day: 'friday'
       # time: '03:00'
       interval: 'daily'
-      time: '12:05'
+      time: '12:45'
       timezone: Europe/London
     commit-message:
       prefix: 'chore (deps): '

From f718540192cc368a3dedd788dca2ef67c34f53a8 Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Wed, 18 Mar 2026 13:47:11 +0000
Subject: [PATCH 3/4] Fix errors reported on dependency run, and update run
 time

---
 .github/dependabot.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0e6d9e6b9b..15afa5b680 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -15,7 +15,7 @@ updates:
       # day: 'friday'
       # time: '03:00'
       interval: 'daily'
-      time: '12:45'
+      time: '14:00'
       timezone: Europe/London
     commit-message:
       prefix: 'chore (deps): '
@@ -27,7 +27,7 @@ updates:
       # see issue #2214 for rationale for each of these
       - dependency-name: '@xmldom/xmldom'
         versions: [ '>=0.9.0' ]
-      - dependnecy-name: 'bcryptjs'
+      - dependency-name: 'bcryptjs'
         versions: [ '>=3.0.0' ]
       - dependency-name: 'bootstrap'
         versions: [ '>=5.0.0' ]
@@ -64,7 +64,6 @@ updates:
     # Workflow files stored in the default location of `.github/workflows`; no need to
     # specify `/.github/workflows` for `directory`
     directory: '/'
-    versioning-strategy: increase
     schedule:
       interval: 'weekly'
       day: 'friday'

From 0b946da4b1a26562260ebb12a50c12ff68a8abe9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Mar 2026 13:54:14 +0000
Subject: [PATCH 4/4] chore (deps): bump core-js from 3.48.0 to 3.49.0

Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.48.0 to 3.49.0.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.49.0/packages/core-js)

---
updated-dependencies:
- dependency-name: core-js
  dependency-version: 3.49.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 88c8d5e1dd..61a010b3a4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -126,7 +126,7 @@
         "colors": "^1.4.0",
         "compression-webpack-plugin": "^11.1.0",
         "copy-webpack-plugin": "^13.0.1",
-        "core-js": "^3.48.0",
+        "core-js": "^3.49.0",
         "cspell": "^8.19.4",
         "css-loader": "7.1.4",
         "eslint": "^9.39.4",
@@ -6813,9 +6813,9 @@
       }
     },
     "node_modules/core-js": {
-      "version": "3.48.0",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.48.0.tgz",
-      "integrity": "sha512-zpEHTy1fjTMZCKLHUZoVeylt9XrzaIN2rbPXEt0k+q7JE5CkCZdo6bNq55bn24a69CH7ErAVLKijxJja4fw+UQ==",
+      "version": "3.49.0",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.49.0.tgz",
+      "integrity": "sha512-es1U2+YTtzpwkxVLwAFdSpaIMyQaq0PBgm3YD1W3Qpsn1NAmO3KSgZfu+oGSWVu6NvLHoHCV/aYcsE5wiB7ALg==",
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
diff --git a/package.json b/package.json
index bcbcd48b71..13fc5b8f72 100644
--- a/package.json
+++ b/package.json
@@ -57,7 +57,7 @@
     "colors": "^1.4.0",
     "compression-webpack-plugin": "^11.1.0",
     "copy-webpack-plugin": "^13.0.1",
-    "core-js": "^3.48.0",
+    "core-js": "^3.49.0",
     "cspell": "^8.19.4",
     "css-loader": "7.1.4",
     "eslint": "^9.39.4",