From 9245fb767fa10864414bcc8aec0326104112fa9e Mon Sep 17 00:00:00 2001
From: digitallysavvy <hermes.frangoudis@gmail.com>
Date: Wed, 13 May 2026 10:15:10 -0400
Subject: [PATCH 1/4] added cooldown delays for dependancy updates

---
 .github/dependabot.yml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dcf3a96..27246cd 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,20 +1,33 @@
+# Delay version-update PRs so compromised releases are more likely to be caught or yanked.
+# Cooldown does not apply to Dependabot security updates (those still open immediately).
 version: 2
 updates:
   - package-ecosystem: gomod
     directory: /
     schedule:
       interval: weekly
+    cooldown:
+      semver-patch-days: 7
+      semver-minor-days: 14
+      semver-major-days: 30
     open-pull-requests-limit: 5
 
   - package-ecosystem: npm
     directory: /packaging/npm/agoraio-cli
     schedule:
       interval: weekly
+    cooldown:
+      semver-patch-days: 7
+      semver-minor-days: 14
+      semver-major-days: 30
     open-pull-requests-limit: 5
 
   - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: weekly
+    cooldown:
+      semver-patch-days: 7
+      semver-minor-days: 14
+      semver-major-days: 30
     open-pull-requests-limit: 5
-

From edbb7923460df7bed1e82d7b893bca4c71a7ed00 Mon Sep 17 00:00:00 2001
From: digitallysavvy <hermes.frangoudis@gmail.com>
Date: Fri, 15 May 2026 07:10:04 -0400
Subject: [PATCH 2/4] updated go to 1.26.3

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index d195427..4a8e8d6 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/agora/cli-workspace/agora-cli-go
 
-go 1.26.2
+go 1.26.3
 
 require (
 	github.com/spf13/cobra v1.9.1

From 237f3db97074866b28108f5f56b9b8f0704b92ab Mon Sep 17 00:00:00 2001
From: digitallysavvy <hermes.frangoudis@gmail.com>
Date: Fri, 15 May 2026 07:10:31 -0400
Subject: [PATCH 3/4] added min wait time before updating deps

---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 27246cd..65aa3b5 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -20,6 +20,9 @@ updates:
       semver-patch-days: 7
       semver-minor-days: 14
       semver-major-days: 30
+    # optionalDependencies stay 0.0.0-dev in git; release workflow stamps versions.
+    ignore:
+      - dependency-name: "agoraio-cli-*"
     open-pull-requests-limit: 5
 
   - package-ecosystem: github-actions

From 58ec151435664791abbd86bb2e054caced904e72 Mon Sep 17 00:00:00 2001
From: digitallysavvy <hermes.frangoudis@gmail.com>
Date: Fri, 15 May 2026 07:16:52 -0400
Subject: [PATCH 4/4] updated deps

---
 go.mod |  8 ++++----
 go.sum | 19 ++++++++++---------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/go.mod b/go.mod
index 4a8e8d6..c300eda 100644
--- a/go.mod
+++ b/go.mod
@@ -3,12 +3,12 @@ module github.com/agora/cli-workspace/agora-cli-go
 go 1.26.3
 
 require (
-	github.com/spf13/cobra v1.9.1
-	github.com/spf13/pflag v1.0.6
-	golang.org/x/term v0.42.0
+	github.com/spf13/cobra v1.10.2
+	github.com/spf13/pflag v1.0.10
+	golang.org/x/term v0.43.0
 )
 
 require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/sys v0.44.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 310f6da..64e9340 100644
--- a/go.sum
+++ b/go.sum
@@ -2,13 +2,14 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6N
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
-github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
-github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
-golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
-golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
+github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
+github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
+golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
+golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=