From d2aaf43d4e95e1d6505ba5d582fd4b500b0f5c94 Mon Sep 17 00:00:00 2001
From: James Bacon <james@baconi.co.uk>
Date: Sat, 28 Feb 2026 17:08:16 +0000
Subject: [PATCH] Adding dumy package.json for test-consumers/compose

In the theory that it will allow Dependabot to generate security patches to the lock file

Removed mention of the npm element for test-consumers/compose because we don't want normal dependency bumps
---
 .github/dependabot.yml                              | 10 ----------
 test-consumers/compose/kotlin-js-store/package.json |  5 +++++
 2 files changed, 5 insertions(+), 10 deletions(-)
 create mode 100644 test-consumers/compose/kotlin-js-store/package.json

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index efb8e6c7..7018a9ca 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -28,16 +28,6 @@ updates:
       - "test-consumer-compose"
       - "dependencies"
 
-  # Disable because its all controlled by Kotlin MPP via Gradle, and its waisting Action runs.
-  - package-ecosystem: "npm"
-    directory: "/test-consumers/compose"
-    open-pull-requests-limit: 0
-    schedule:
-      interval: "monthly"
-    labels:
-      - "test-consumer-compose"
-      - "dependencies"
-
   # Maintain React bundles
   - package-ecosystem: "npm"
     directory: "/user-interface/authentication"
diff --git a/test-consumers/compose/kotlin-js-store/package.json b/test-consumers/compose/kotlin-js-store/package.json
new file mode 100644
index 00000000..7857b8fd
--- /dev/null
+++ b/test-consumers/compose/kotlin-js-store/package.json
@@ -0,0 +1,5 @@
+{
+  "name": "kotlin-js-store",
+  "private": true,
+  "description": "Auto-managed by Kotlin/JS Gradle plugin"
+}
\ No newline at end of file