chore: add dependabot.yml with ignored type packages

Adds a dependabot.yml configuration that: - Ignores @types/react and @types/node (need to match supported versions) - Ignores packages with licensing issues (@elastic/elasticsearch, event-source-polyfill) - Disables version update PRs (we use Renovate for that) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Fredrik Adelöw <freben@gmail.com>
2026-02-17 15:37:21 +01:00
parent ca7e0d5ac2
commit 0c8f236aa7
1 changed files with 15 additions and 0 deletions
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    ignore:
+      # These need to stay pinned to match the React/Node versions we support
+      - dependency-name: '@types/react'
+      - dependency-name: '@types/node'
+      # Ignored due to licensing issues. See #10992
+      - dependency-name: '@elastic/elasticsearch'
+      - dependency-name: 'event-source-polyfill'
+    # Disable version updates since we use Renovate for that
+    open-pull-requests-limit: 0