diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cd18dfde..1932898a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,11 +4,25 @@ updates: directory: "/" schedule: interval: "daily" + # Dependency quarantine: only adopt releases that are at least 7 days old. cooldown: default-days: 7 + # Restrict version updates to the current major version. Security updates are + # exempt (update-types does not affect security updates), so Dependabot may + # still bump a major version when required to resolve a vulnerability. + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] - package-ecosystem: "npm" directory: "/" schedule: interval: "daily" + # Dependency quarantine: only adopt releases that are at least 7 days old. cooldown: default-days: 7 + # Restrict version updates to the current major version. Security updates are + # exempt (update-types does not affect security updates), so Dependabot may + # still bump a major version when required to resolve a vulnerability. + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] diff --git a/package.json b/package.json index 423883cf..d2c63de4 100644 --- a/package.json +++ b/package.json @@ -63,7 +63,7 @@ "@types/react": "^18.0.3", "@types/react-dom": "^18.0.0", "@types/react-test-renderer": "^18.0.0", - "esbuild": "^0.24.0", + "esbuild": "^0.28.1", "eslint": "^9.8.0", "jest": "^29.7.0", "jest-environment-jsdom": "^29.7.0",