From 01cf70df1305948d8b8ae248f2b80d13aa236a22 Mon Sep 17 00:00:00 2001
From: Romaric Pascal <romaric.pascal@digital.cabinet-office.gov.uk>
Date: Fri, 9 Aug 2024 14:20:44 +0100
Subject: [PATCH] Make dependabot ignore major bumps for iframe-resizer

It seems to have done it so far, but with the update popping up on the Design System site, better be safe than inadvertentnly use a GPL dependency which would make us have to change our licence as well
---
 .github/dependabot.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d0f6bac7da..c5c87fc3fb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -65,6 +65,10 @@ updates:
     ignore:
       - dependency-name: 'eslint-*'
       - dependency-name: 'eslint'
+      # iframe-resizer has switched to GPL licence in v5
+      # so we need to avoid upgrading to their next major version
+      - dependency-name: 'iframe-resizer'
+        update-types: ['version-update:semver-major']
 
     reviewers:
       - alphagov/design-system-developers