evolution-foundation · jeandgardany · Feb 26, 2026 · Feb 26, 2026 · Feb 26, 2026 · Feb 26, 2026
diff --git a/.github/ISSUE_TEMPLATE/-en--bug-report.yaml b/.github/ISSUE_TEMPLATE/-en--bug-report.yaml
@@ -13,15 +13,11 @@ body:
       label: Welcome!
       description: |
         The issue tracker is only for reporting bugs and feature requests.
-        For user-related support questions, please visit:
-          - [Discord](https://evolution-api.com/discord)
-          - [WhatsApp Group](https://evolution-api.com/whatsapp)
-          <br/>
 
         **DO NOT OPEN AN ISSUE FOR GENERAL SUPPORT QUESTIONS.**
 
       options:
-        - label: Yes, I have searched for similar issues on [GitHub](https://github.com/EvolutionAPI/evolution-api/issues) and found none.
+        - label: Yes, I have searched for similar issues on [GitHub](https://github.com/jeandgardany/evolution-api/issues) and found none.
           required: true
 
   - type: textarea

diff --git a/.github/ISSUE_TEMPLATE/-pt--reportar-bug.yaml b/.github/ISSUE_TEMPLATE/-pt--reportar-bug.yaml
@@ -13,15 +13,11 @@ body:
       label: Bem-vido!
       description: |
         O rastreador de problemas é apenas para relatar bugs e solicitações de recursos.
-        Para perguntas de suporte relacionadas ao usuário final, acesse:
-          - [Discord](https://evolution-api.com/discord)
-          - [Grupo do WhatsApp](https://evolution-api.com/whatsapp)
-          <br/>
 
         **NÃO ABRA UM PROBLEMA PARA PERGUNTAS GERAIS DE SUPORTE.**
 
       options:
-        - label: Sim, pesquisei problemas semelhantes no [GitHub](https://github.com/EvolutionAPI/evolution-api/issues) e não encontrei nenhum.
+        - label: Sim, pesquisei problemas semelhantes no [GitHub](https://github.com/jeandgardany/evolution-api/issues) e não encontrei nenhum.
           required: true
 
   - type: textarea

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,68 @@
+# Dependabot config — Evolution API (self-maintained fork)
+# Docs: https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # ----------------------------------------------------------------------
+  # npm — application dependencies
+  # ----------------------------------------------------------------------
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "America/Fortaleza"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps)"
+      prefix-development: "chore(deps-dev)"
+      include: "scope"
+    groups:
+      # Group all non-security minor/patch updates into one PR per week
+      minor-and-patch:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
+        exclude-patterns:
+          - "baileys"
+          - "@whiskeysockets/baileys"
+      # Security updates always come as individual PRs (no grouping)
+    ignore:
+      # Baileys: manual control — protocol-sensitive, never auto-bump
+      - dependency-name: "baileys"
+      - dependency-name: "@whiskeysockets/baileys"
+      # Prisma: major bumps require schema migration review
+      - dependency-name: "@prisma/client"
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "prisma"
+        update-types: ["version-update:semver-major"]
+
+  # ----------------------------------------------------------------------
+  # GitHub Actions — keep workflow actions current (security)
+  # ----------------------------------------------------------------------
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+
+  # ----------------------------------------------------------------------
+  # Docker — base image updates for the Dockerfile
+  # ----------------------------------------------------------------------
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    labels:
+      - "dependencies"
+      - "docker"
+    commit-message:
+      prefix: "chore(docker)"
diff --git a/.github/workflows/check_code_quality.yml b/.github/workflows/check_code_quality.yml
@@ -31,7 +31,14 @@ jobs:
 
     - name: Install packages
       run: npm ci
-
+
+    # Fails CI only on CRITICAL CVEs. High/moderate are surfaced in logs but
+    # do not block the build — most remaining items are pinned by Baileys and
+    # resolve only when Baileys upgrades. Tighten to --audit-level=high after
+    # next major Baileys upgrade.
+    - name: Security audit
+      run: npm audit --audit-level=critical --omit=dev
+
     - name: Check linting
       run: npm run lint:check
 

diff --git a/.github/workflows/publish_docker_image.yml b/.github/workflows/publish_docker_image.yml
diff --git a/.github/workflows/publish_docker_image_homolog.yml b/.github/workflows/publish_docker_image_homolog.yml
diff --git a/.github/workflows/publish_docker_image_latest.yml b/.github/workflows/publish_docker_image_latest.yml
diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+20
diff --git a/AGENTS.md b/AGENTS.md
@@ -317,7 +317,7 @@ export DATABASE_PROVIDER=postgresql  # or mysql
 
 ### Vulnerability Reporting
 - See `SECURITY.md` for security vulnerability reporting process
-- Contact: `contato@evolution-api.com`
+- Contact: `jeandgardany@hotmail.com`
 
 ## Communication Standards