chore(deps-policy): block dotenv major bumps while Stagehand peer-pins to ^16

wayne · claude · wayne · commit ad48925451f0 · 2026-05-02T23:50:27.000+08:00
@browserbasehq/stagehand@2.5.8 peer-depends on `dotenv@^16.4.5` and imports it at runtime (`require("dotenv")` in dist/index.js:482). Letting dependabot keep proposing dotenv 17 PRs (most recent: PR #6) creates review churn for an upgrade with no user value — dotenv 17's only behavioural change vs 16 is the new `quiet` default, which would just get silenced. Revisit when T-NEW-1 (Stagehand v3 migration) lands. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -54,6 +54,13 @@ updates:
       # @types/node major bumps follow Node LTS upgrades (rare + manual)
       - dependency-name: "@types/node"
         update-types: ["version-update:semver-major"]
+      # dotenv major bumps blocked while @browserbasehq/stagehand@^2.x peer-
+      # depends on dotenv@^16.4.5. dotenv 17's only behavioural change vs 16
+      # is the new `quiet` default, which we'd silence anyway — no user
+      # value to upgrading until Stagehand bumps its peer. Revisit when the
+      # T-NEW-1 Stagehand v3 migration lands.
+      - dependency-name: "dotenv"
+        update-types: ["version-update:semver-major"]
     commit-message:
       prefix: "chore(deps)"
       include: "scope"
