From 64069348fcbde4b7084cc806697ee24740ec1e7d Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 11:47:51 +0000 Subject: [PATCH 1/4] add initial dependabot configuration --- .github/dependabot.yml | 74 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..d3a9ed096a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,74 @@ +# See the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # + # Check for minor/patch versions only on a weekly basis - we are likely to be able to + # merge these routinely. Major versions we'll check for and update manually. + # + - package-ecosystem: 'npm' + directory: '/' + versioning-strategy: increase + schedule: + # interval: 'weekly' + # day: 'friday' + # time: '03:00' + interval: 'daily' + time: '12:05' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' + ignore: + # we'll do any major version updates manually + - dependency-name: '*' + update-types: ['version-update:semver-major'] + # packages we can't currently update + # see issue #2214 for rationale for each of these + - dependency-name: '@xmldom/xmldom' + versions: [ '>=0.9.0' ] + - dependnecy-name: 'bcryptjs' + versions: [ '>=3.0.0' ] + - dependency-name: 'bootstrap' + versions: [ '>=5.0.0' ] + - dependency-name: 'bson' + versions: [ '>=5.0.0' ] + - dependency-name: 'cbor' + versions: [ '>=10.0.0' ] + - dependency-name: 'cspell' + versions: [ '>=9.0.0' ] + - dependency-name: 'eslint' + versions: [ '>=10.0.0' ] + - dependency-name: 'eslint-plugin-jsdoc' + versions: [ '>=51.0.0' ] + - dependency-name: 'fernet' + versions: [ '>=0.4.0' ] + - dependency-name: 'geodesy' + versions: [ '>=2.0.0' ] + - dependency-name: 'otpauth' + versions: [ '>=9.4.0' ] + - dependency-name: 'webpack-dev-server' + versions: [ '>=5.1.0' ] + groups: + # + # Grouping so we don't get a seperate PR for every patch version. + # + patch-updates: + applies-to: version-updates + patterns: + - '*' + update-types: + - 'patch' + + - package-ecosystem: "github-actions" + # Workflow files stored in the default location of `.github/workflows`; no need to + # specify `/.github/workflows` for `directory` + directory: '/' + versioning-strategy: increase + schedule: + interval: 'weekly' + day: 'friday' + time: '03:00' + timezone: Europe/London + commit-message: + prefix: 'chore (deps): ' From c323be8eedcb95516e68d45fe39a660805357394 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 12:38:58 +0000 Subject: [PATCH 2/4] Update time --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d3a9ed096a..0e6d9e6b9b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,7 +15,7 @@ updates: # day: 'friday' # time: '03:00' interval: 'daily' - time: '12:05' + time: '12:45' timezone: Europe/London commit-message: prefix: 'chore (deps): ' From f718540192cc368a3dedd788dca2ef67c34f53a8 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 18 Mar 2026 13:47:11 +0000 Subject: [PATCH 3/4] Fix errors reported on dependency run, and update run time --- .github/dependabot.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0e6d9e6b9b..15afa5b680 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,7 +15,7 @@ updates: # day: 'friday' # time: '03:00' interval: 'daily' - time: '12:45' + time: '14:00' timezone: Europe/London commit-message: prefix: 'chore (deps): ' @@ -27,7 +27,7 @@ updates: # see issue #2214 for rationale for each of these - dependency-name: '@xmldom/xmldom' versions: [ '>=0.9.0' ] - - dependnecy-name: 'bcryptjs' + - dependency-name: 'bcryptjs' versions: [ '>=3.0.0' ] - dependency-name: 'bootstrap' versions: [ '>=5.0.0' ] @@ -64,7 +64,6 @@ updates: # Workflow files stored in the default location of `.github/workflows`; no need to # specify `/.github/workflows` for `directory` directory: '/' - versioning-strategy: increase schedule: interval: 'weekly' day: 'friday' From 0ac31cd42f1180b3c60c94833681c1a162e46835 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Mar 2026 13:53:38 +0000 Subject: [PATCH 4/4] chore (deps): bump @codemirror/view from 6.39.17 to 6.40.0 Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.39.17 to 6.40.0. - [Changelog](https://github.com/codemirror/view/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/view/compare/6.39.17...6.40.0) --- updated-dependencies: - dependency-name: "@codemirror/view" dependency-version: 6.40.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 16 ++++++++-------- package.json | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 88c8d5e1dd..36f9eac7ef 100644 --- a/package-lock.json +++ b/package-lock.json @@ -117,7 +117,7 @@ "@codemirror/language": "^6.12.2", "@codemirror/search": "^6.6.0", "@codemirror/state": "^6.5.4", - "@codemirror/view": "^6.39.17", + "@codemirror/view": "^6.40.0", "autoprefixer": "^10.4.27", "babel-loader": "^10.0.0", "base64-loader": "^1.0.0", @@ -1880,9 +1880,9 @@ } }, "node_modules/@codemirror/state": { - "version": "6.5.4", - "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.4.tgz", - "integrity": "sha512-8y7xqG/hpB53l25CIoit9/ngxdfoG+fx+V3SHBrinnhOtLvKHRyAJJuHzkWrR4YXXLX8eXBsejgAAxHUOdW1yw==", + "version": "6.6.0", + "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.6.0.tgz", + "integrity": "sha512-4nbvra5R5EtiCzr9BTHiTLc+MLXK2QGiAVYMyi8PkQd3SR+6ixar/Q/01Fa21TBIDOZXgeWV4WppsQolSreAPQ==", "dev": true, "license": "MIT", "dependencies": { @@ -1890,13 +1890,13 @@ } }, "node_modules/@codemirror/view": { - "version": "6.39.17", - "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.17.tgz", - "integrity": "sha512-Aim4lFqhbijnchl83RLfABWueSGs1oUCSv0mru91QdhpXQeNKprIdRO9LWA4cYkJvuYTKGJN7++9MXx8XW43ag==", + "version": "6.40.0", + "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.40.0.tgz", + "integrity": "sha512-WA0zdU7xfF10+5I3HhUUq3kqOx3KjqmtQ9lqZjfK7jtYk4G72YW9rezcSywpaUMCWOMlq+6E0pO1IWg1TNIhtg==", "dev": true, "license": "MIT", "dependencies": { - "@codemirror/state": "^6.5.0", + "@codemirror/state": "^6.6.0", "crelt": "^1.0.6", "style-mod": "^4.1.0", "w3c-keyname": "^2.2.4" diff --git a/package.json b/package.json index bcbcd48b71..b240bc4fe7 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "@codemirror/language": "^6.12.2", "@codemirror/search": "^6.6.0", "@codemirror/state": "^6.5.4", - "@codemirror/view": "^6.39.17", + "@codemirror/view": "^6.40.0", "autoprefixer": "^10.4.27", "babel-loader": "^10.0.0", "base64-loader": "^1.0.0",