- Disable routine Dependabot PR creation while keeping grouped security update handling for npm and GitHub Actions. - Add dependency-review workflow for dependency manifest and lockfile pull requests. - Checked current upstream action majors before committing: actions/checkout v6 and dependency-review-action v5.
Update package manager metadata, dependency overrides, landing and MCP package versions, Dependabot configuration, and CI audit/store handling for safer dependency maintenance.