From 5e88822329323be3cb1287437eed1f7081d07485 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 20:09:45 +0000 Subject: [PATCH 1/2] chore(deps): bump esbuild to ^0.28.1 to resolve GHSA-67mh-4wv8-2f99 Co-Authored-By: rlamb@launchdarkly.com <4955475+kinyoklion@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 423883cf..d2c63de4 100644 --- a/package.json +++ b/package.json @@ -63,7 +63,7 @@ "@types/react": "^18.0.3", "@types/react-dom": "^18.0.0", "@types/react-test-renderer": "^18.0.0", - "esbuild": "^0.24.0", + "esbuild": "^0.28.1", "eslint": "^9.8.0", "jest": "^29.7.0", "jest-environment-jsdom": "^29.7.0", From 503cc1f60ea121d454c114f431ef1e4aa049d70d Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 20:09:45 +0000 Subject: [PATCH 2/2] ci: restrict dependabot to same-major updates with 7-day cooldown Co-Authored-By: rlamb@launchdarkly.com <4955475+kinyoklion@users.noreply.github.com> --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cd18dfde..1932898a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,11 +4,25 @@ updates: directory: "/" schedule: interval: "daily" + # Dependency quarantine: only adopt releases that are at least 7 days old. cooldown: default-days: 7 + # Restrict version updates to the current major version. Security updates are + # exempt (update-types does not affect security updates), so Dependabot may + # still bump a major version when required to resolve a vulnerability. + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] - package-ecosystem: "npm" directory: "/" schedule: interval: "daily" + # Dependency quarantine: only adopt releases that are at least 7 days old. cooldown: default-days: 7 + # Restrict version updates to the current major version. Security updates are + # exempt (update-types does not affect security updates), so Dependabot may + # still bump a major version when required to resolve a vulnerability. + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"]