From 64069348fcbde4b7084cc806697ee24740ec1e7d Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 11:47:51 +0000 Subject: [PATCH 1/4] add initial dependabot configuration --- .github/dependabot.yml | 74 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..d3a9ed096a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,74 @@ +# See the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # + # Check for minor/patch versions only on a weekly basis - we are likely to be able to + # merge these routinely. Major versions we'll check for and update manually. + # + - package-ecosystem: 'npm' + directory: '/' + versioning-strategy: increase + schedule: + # interval: 'weekly' + # day: 'friday' + # time: '03:00' + interval: 'daily' + time: '12:05' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' + ignore: + # we'll do any major version updates manually + - dependency-name: '*' + update-types: ['version-update:semver-major'] + # packages we can't currently update + # see issue #2214 for rationale for each of these + - dependency-name: '@xmldom/xmldom' + versions: [ '>=0.9.0' ] + - dependnecy-name: 'bcryptjs' + versions: [ '>=3.0.0' ] + - dependency-name: 'bootstrap' + versions: [ '>=5.0.0' ] + - dependency-name: 'bson' + versions: [ '>=5.0.0' ] + - dependency-name: 'cbor' + versions: [ '>=10.0.0' ] + - dependency-name: 'cspell' + versions: [ '>=9.0.0' ] + - dependency-name: 'eslint' + versions: [ '>=10.0.0' ] + - dependency-name: 'eslint-plugin-jsdoc' + versions: [ '>=51.0.0' ] + - dependency-name: 'fernet' + versions: [ '>=0.4.0' ] + - dependency-name: 'geodesy' + versions: [ '>=2.0.0' ] + - dependency-name: 'otpauth' + versions: [ '>=9.4.0' ] + - dependency-name: 'webpack-dev-server' + versions: [ '>=5.1.0' ] + groups: + # + # Grouping so we don't get a seperate PR for every patch version. + # + patch-updates: + applies-to: version-updates + patterns: + - '*' + update-types: + - 'patch' + + - package-ecosystem: "github-actions" + # Workflow files stored in the default location of `.github/workflows`; no need to + # specify `/.github/workflows` for `directory` + directory: '/' + versioning-strategy: increase + schedule: + interval: 'weekly' + day: 'friday' + time: '03:00' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' From c323be8eedcb95516e68d45fe39a660805357394 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 12:38:58 +0000 Subject: [PATCH 2/4] Update time --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d3a9ed096a..0e6d9e6b9b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,7 +15,7 @@ updates: # day: 'friday' # time: '03:00' interval: 'daily' - time: '12:05' + time: '12:45' timezone: Europe/London commit-message: prefix: 'chore (deps): ' From f718540192cc368a3dedd788dca2ef67c34f53a8 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 13:47:11 +0000 Subject: [PATCH 3/4] Fix errors reported on dependency run, and update run time --- .github/dependabot.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0e6d9e6b9b..15afa5b680 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,7 +15,7 @@ updates: # day: 'friday' # time: '03:00' interval: 'daily' - time: '12:45' + time: '14:00' timezone: Europe/London commit-message: prefix: 'chore (deps): ' @@ -27,7 +27,7 @@ updates: # see issue #2214 for rationale for each of these - dependency-name: '@xmldom/xmldom' versions: [ '>=0.9.0' ] - - dependnecy-name: 'bcryptjs' + - dependency-name: 'bcryptjs' versions: [ '>=3.0.0' ] - dependency-name: 'bootstrap' versions: [ '>=5.0.0' ] @@ -64,7 +64,6 @@ updates: # Workflow files stored in the default location of `.github/workflows`; no need to # specify `/.github/workflows` for `directory` directory: '/' - versioning-strategy: increase schedule: interval: 'weekly' day: 'friday' From b6cb51a2a1e7b9239e65d9677b1946e22da80f8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Mar 2026 13:48:48 +0000 Subject: [PATCH 4/4] chore (deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/pull_requests.yml | 2 +- .github/workflows/releases.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 8f04df72c9..c0ab5627d1 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -47,7 +47,7 @@ jobs: - name: Production Image Build if: success() id: build-image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: platforms: linux/amd64,linux/arm64 - name: UI Tests diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index ef397a1667..06e47dd41e 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -76,7 +76,7 @@ jobs: password: ${{ env.REGISTRY_PASSWORD }} - name: Publish to GHCR - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: . push: true