Skip to content

chore: add dependabot config for automated dependency updates#155

Open
madjin wants to merge 1 commit into
hyperfy-xyz:devfrom
madjin:chore/deps-audit-update-2026-02-05
Open

chore: add dependabot config for automated dependency updates#155
madjin wants to merge 1 commit into
hyperfy-xyz:devfrom
madjin:chore/deps-audit-update-2026-02-05

Conversation

@madjin

@madjin madjin commented Feb 5, 2026

Copy link
Copy Markdown
Contributor

Adds dependabot config for automated dependency maintenance.

What it does

  • Targets dev branch (matches our merge flow)
  • Covers npm + github-actions ecosystems
  • Weekly schedule on Mondays
  • Groups related packages to reduce PR noise: fastify, react, livekit, @firebolt-dev/*, three family, lint tooling (eslint/prettier/babel), plus a minor-and-patch catchall for everything else

Supply chain hardening

  • cooldown.default-days: 7 — waits a week before pulling new releases. Mitigates the "publish malicious version → CI auto-merges before npm catches it" pattern. Security advisories bypass cooldown so real vuln fixes still come fast.
  • cooldown.semver-major-days: 14 — extra scrutiny window for major bumps.

@madjin madjin force-pushed the chore/deps-audit-update-2026-02-05 branch from 807240b to 8fe36bd Compare February 5, 2026 20:48
@madjin madjin changed the base branch from main to dev February 5, 2026 20:49
@madjin madjin force-pushed the chore/deps-audit-update-2026-02-05 branch from 8fe36bd to 1d6c77d Compare May 6, 2026 20:43
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@madjin madjin force-pushed the chore/deps-audit-update-2026-02-05 branch from 1d6c77d to 88f41db Compare May 6, 2026 20:54
@madjin madjin changed the title Chore/deps audit update 2026 02 05 chore: add dependabot config for automated dependency updates May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant