From 0c8f236aa737a15e7ebd273cb3d7dddfdb4fdc8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fredrik=20Adel=C3=B6w?= <freben@gmail.com>
Date: Tue, 17 Feb 2026 15:37:21 +0100
Subject: [PATCH] chore: add dependabot.yml with ignored type packages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a dependabot.yml configuration that:
- Ignores @types/react and @types/node (need to match supported versions)
- Ignores packages with licensing issues (@elastic/elasticsearch, event-source-polyfill)
- Disables version update PRs (we use Renovate for that)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
---
 .github/dependabot.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..1fb8ca3ca3
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    ignore:
+      # These need to stay pinned to match the React/Node versions we support
+      - dependency-name: '@types/react'
+      - dependency-name: '@types/node'
+      # Ignored due to licensing issues. See #10992
+      - dependency-name: '@elastic/elasticsearch'
+      - dependency-name: 'event-source-polyfill'
+    # Disable version updates since we use Renovate for that
+    open-pull-requests-limit: 0