From 56e320a457ace8c579042b1e91666b58b4639269 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 5 Aug 2025 05:39:49 +0000 Subject: [PATCH 1/2] Initial plan From 5ab9b05a4f483147403ac2c2d2d12e7ae571b42d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 5 Aug 2025 05:51:35 +0000 Subject: [PATCH 2/2] Configure Dependabot for critical dependencies with monthly schedule Co-authored-by: rvagg <495647+rvagg@users.noreply.github.com> --- .github/dependabot.yml | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e6da971ac..2e4dd498b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,6 +3,32 @@ updates: - package-ecosystem: "cargo" directory: "/" schedule: - interval: "weekly" + interval: "monthly" allow: - - dependency-name: "wasmtime" \ No newline at end of file + # Critical wasmtime dependencies - require careful review for security and performance + - dependency-name: "wasmtime" + - dependency-name: "wasmtime-environ" + + # Core serialization and encoding dependencies + - dependency-name: "serde" + - dependency-name: "cid" + - dependency-name: "ipld-core" + - dependency-name: "multihash-codetable" + - dependency-name: "multihash-derive" + + # Cryptographic dependencies - important for security updates + - dependency-name: "blake2b_simd" + - dependency-name: "k256" + - dependency-name: "bls-signatures" + + # Protocol and utilities + - dependency-name: "unsigned-varint" + + # Filecoin-specific dependencies + - dependency-name: "filecoin-proofs-api" + - dependency-name: "fvm-wasm-instrument" + + # IPLD encoding dependencies + - dependency-name: "serde_ipld_dagcbor" + - dependency-name: "serde_repr" + - dependency-name: "serde_tuple" \ No newline at end of file