Dependabot (2024-07-08) (#595)

* Bump @sentry/node from 8.14.0 to 8.15.0 (#594)

Bumps [@sentry/node](https://github.com/getsentry/sentry-javascript) from 8.14.0 to 8.15.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@8.14.0...8.15.0)

---
updated-dependencies:
- dependency-name: "@sentry/node"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump @sentry/profiling-node from 8.14.0 to 8.15.0 (#591)

Bumps [@sentry/profiling-node](https://github.com/getsentry/sentry-javascript) from 8.14.0 to 8.15.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@8.14.0...8.15.0)

---
updated-dependencies:
- dependency-name: "@sentry/profiling-node"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christopher Sunkel <christopher.sunkel@digital.trade.gov.uk>

* Bump webpack-merge from 5.10.0 to 6.0.1 (#592)

Bumps [webpack-merge](https://github.com/survivejs/webpack-merge) from 5.10.0 to 6.0.1.
- [Changelog](https://github.com/survivejs/webpack-merge/blob/develop/CHANGELOG.md)
- [Commits](survivejs/webpack-merge@v5.10.0...v6.0.1)

---
updated-dependencies:
- dependency-name: webpack-merge
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump cypress from 13.12.0 to 13.13.0 (#593)

Bumps [cypress](https://github.com/cypress-io/cypress) from 13.12.0 to 13.13.0.
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](cypress-io/cypress@v13.12.0...v13.13.0)

---
updated-dependencies:
- dependency-name: cypress
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump eslint-plugin-promise from 6.2.0 to 6.4.0 (#589)

Bumps [eslint-plugin-promise](https://github.com/eslint-community/eslint-plugin-promise) from 6.2.0 to 6.4.0.
- [Release notes](https://github.com/eslint-community/eslint-plugin-promise/releases)
- [Changelog](https://github.com/eslint-community/eslint-plugin-promise/blob/main/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-promise@v6.2.0...v6.4.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-promise
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Rebuild lockfile

* Add bulk Sentry upgrade script for Dependabot

* Build new dependency image

* Disable Dependabot

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -1,19 +1,18 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
   - package-ecosystem: 'npm'
     directory: '/'
     schedule:
       interval: 'weekly'
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 0
     ignore:
       - dependency-name: date-fns
         versions:
           - '> 2.3.0'
       - dependency-name: imagemin-svgo
         versions:
           - '> 10.0.1'
+      # These are part of dependency groups and should be updated via the relevant script.
+      - dependency-name: "@sentry/profiling-node"
+        versions:
+          - ">= 0"

Dockerfile

@@ -1,4 +1,4 @@
-FROM gcr.io/sre-docker-registry/omis-dependencies:1.0.2
+FROM gcr.io/sre-docker-registry/omis-dependencies:1.0.3
 
 ARG CURRENT_UID
 ARG CURRENT_GID

Dockerfile.dependencies

@@ -53,7 +53,7 @@ COPY --chown=node:node package*.json "$HOME/"
 WORKDIR $HOME
 
 # Install specific version of cypress
-RUN npm install -g cypress@13.12.0 \
+RUN npm install -g cypress@13.13.0 \
   && npx cypress verify \
   && npx cypress cache path \
   && npx cypress cache list \

docs/Dependabot.md

@@ -44,7 +44,7 @@ docker build -f Dockerfile.dependencies -t omis-dependencies . --platform linux/
 Tag the dependencies image with the incremented version.
 
 ```bash
-export VERSION=1.0.2 # Increment this version each time when you edit Dockerfile.
+export VERSION=1.0.3 # Increment this version each time when you edit Dockerfile.
 docker tag omis-dependencies:latest gcr.io/sre-docker-registry/omis-dependencies:${VERSION}
 docker tag omis-dependencies:latest gcr.io/sre-docker-registry/omis-dependencies:latest
 ```
@@ -66,4 +66,9 @@ FROM gcr.io/sre-docker-registry/omis-dependencies:{INSERT_VERSION_HERE}
 ...
 ```
 
-Commit the new changes to the `chore/dependencies` before raising the main Dependabot PR.
+Commit the new changes to the `chore/dependencies` branch before raising the main Dependabot PR.
+
+### Bulk upgrade of dependency groups
+
+As with the Data Hub frontend, this project has some dependencies that need to be updated together:
+- Sentry (`dependabot:update-sentry`)