diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d5cd4e9..c9bebb4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -30,19 +30,43 @@ updates:
       interval: "weekly"
 
   # Node.js/npm
+    ignore:
+      # Estate policy standards#301 / docs/DEPENDABOT-POLICY.adoc:
+      # ignore semver-major bumps so they land via author-supplied PRs
+      # paired with call-site updates. Minor + patch flow normally.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "weekly"
 
   # Python/pip
+    ignore:
+      # Estate policy standards#301 / docs/DEPENDABOT-POLICY.adoc:
+      # ignore semver-major bumps so they land via author-supplied PRs
+      # paired with call-site updates. Minor + patch flow normally.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
 
   # Nix flakes
+    ignore:
+      # Estate policy standards#301 / docs/DEPENDABOT-POLICY.adoc:
+      # ignore semver-major bumps so they land via author-supplied PRs
+      # paired with call-site updates. Minor + patch flow normally.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
   - package-ecosystem: "nix"
     directory: "/"
     schedule:
       interval: "weekly"
+    ignore:
+      # Estate policy standards#301 / docs/DEPENDABOT-POLICY.adoc:
+      # ignore semver-major bumps so they land via author-supplied PRs
+      # paired with call-site updates. Minor + patch flow normally.
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]