From a043da967006bba46150d31b7d473d3b01ca764d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 19 Jan 2026 11:04:47 +0000
Subject: [PATCH 1/7] Initial plan


From f281ce308b58c5e7fff9598e29f60e71e465e79e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 19 Jan 2026 11:07:28 +0000
Subject: [PATCH 2/7] feat: Add Cocoapods iOS support to Dependabot

Co-authored-by: jamespepper81 <84083764+jamespepper81@users.noreply.github.com>
---
 .github/dependabot.yml                     | 16 +++++
 .github/workflows/dependabot-cocoapods.yml | 80 ++++++++++++++++++++++
 2 files changed, 96 insertions(+)
 create mode 100644 .github/workflows/dependabot-cocoapods.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c9a4f85..8c64951 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -110,3 +110,19 @@ updates:
     commit-message:
       prefix: "chore(deps-android)"
       include: "scope"
+
+  # Enable version updates for iOS Cocoapods dependencies
+  - package-ecosystem: "cocoapods"
+    directory: "/ios"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+      time: "09:00"
+    open-pull-requests-limit: 3
+    labels:
+      - "dependencies"
+      - "ios"
+      - "native"
+    commit-message:
+      prefix: "chore(deps-ios)"
+      include: "scope"
diff --git a/.github/workflows/dependabot-cocoapods.yml b/.github/workflows/dependabot-cocoapods.yml
new file mode 100644
index 0000000..e31e960
--- /dev/null
+++ b/.github/workflows/dependabot-cocoapods.yml
@@ -0,0 +1,80 @@
+# This workflow adds React Native support to Dependabot by automatically running pod install
+# after Dependabot upgrades an npm package.
+# 
+# Background: When npm packages are updated (especially React Native or Expo packages),
+# the iOS Podfile.lock may need to be regenerated to ensure Cocoapods dependencies are in sync.
+# This workflow automates that process.
+#
+# Related Dependabot issue: https://github.com/dependabot/dependabot-core/issues/935
+
+name: Update Cocoapods after Dependabot npm upgrade
+
+on:
+  push:
+    branches:
+      - 'dependabot/npm_and_yarn/**'
+  pull_request:
+    branches:
+      - 'dependabot/npm_and_yarn/**'
+
+jobs:
+  update-pods:
+    name: Run pod install
+    runs-on: macos-latest
+    timeout-minutes: 15
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          # Use a token that can trigger workflows
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: 'package.json'
+          cache: 'npm'
+
+      - name: Install npm packages
+        run: npm ci
+
+      - name: Cache CocoaPods
+        uses: actions/cache@v4
+        with:
+          path: ios/Pods
+          key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pods-
+
+      - name: Install CocoaPods dependencies
+        run: |
+          cd ios
+          pod install --verbose
+          cd ..
+
+      - name: Generate commit message
+        id: commit_message
+        run: |
+          # Extract package name from branch (e.g., dependabot/npm_and_yarn/package-name-1.2.3)
+          branch=${GITHUB_REF#refs/heads/}
+          package_info=${branch#dependabot/npm_and_yarn/}
+          
+          # Create commit message
+          # Add [dependabot skip] prefix so Dependabot doesn't rebase over our changes
+          commit_message="chore(deps-ios): Update Podfile.lock for ${package_info}
+
+[dependabot skip]"
+          
+          # Use proper output syntax for GitHub Actions
+          echo "message<<EOF" >> $GITHUB_OUTPUT
+          echo "$commit_message" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Commit and push Podfile.lock changes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: ${{ steps.commit_message.outputs.message }}
+          file_pattern: 'ios/Podfile.lock'
+          commit_user_name: 'github-actions[bot]'
+          commit_user_email: 'github-actions[bot]@users.noreply.github.com'

From 9349bc6bbfdc913e41cc8b59046e8bafc0f6e390 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 19 Jan 2026 11:08:23 +0000
Subject: [PATCH 3/7] fix: Fix YAML syntax in dependabot-cocoapods workflow

Co-authored-by: jamespepper81 <84083764+jamespepper81@users.noreply.github.com>
---
 .github/workflows/dependabot-cocoapods.yml | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/dependabot-cocoapods.yml b/.github/workflows/dependabot-cocoapods.yml
index e31e960..2420a52 100644
--- a/.github/workflows/dependabot-cocoapods.yml
+++ b/.github/workflows/dependabot-cocoapods.yml
@@ -60,16 +60,15 @@ jobs:
           branch=${GITHUB_REF#refs/heads/}
           package_info=${branch#dependabot/npm_and_yarn/}
           
-          # Create commit message
+          # Create commit message using heredoc
           # Add [dependabot skip] prefix so Dependabot doesn't rebase over our changes
-          commit_message="chore(deps-ios): Update Podfile.lock for ${package_info}
-
-[dependabot skip]"
-          
-          # Use proper output syntax for GitHub Actions
-          echo "message<<EOF" >> $GITHUB_OUTPUT
-          echo "$commit_message" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
+          {
+            echo "message<<EOF"
+            echo "chore(deps-ios): Update Podfile.lock for ${package_info}"
+            echo ""
+            echo "[dependabot skip]"
+            echo "EOF"
+          } >> $GITHUB_OUTPUT
 
       - name: Commit and push Podfile.lock changes
         uses: stefanzweifel/git-auto-commit-action@v5

From 2fd7a469e512a8ccdd7cb90e5bfb342959faad8f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 19 Jan 2026 11:10:20 +0000
Subject: [PATCH 4/7] fix: Address code review feedback for cocoapods workflow

Co-authored-by: jamespepper81 <84083764+jamespepper81@users.noreply.github.com>
---
 .github/workflows/dependabot-cocoapods.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/dependabot-cocoapods.yml b/.github/workflows/dependabot-cocoapods.yml
index 2420a52..63ae8fa 100644
--- a/.github/workflows/dependabot-cocoapods.yml
+++ b/.github/workflows/dependabot-cocoapods.yml
@@ -13,9 +13,6 @@ on:
   push:
     branches:
       - 'dependabot/npm_and_yarn/**'
-  pull_request:
-    branches:
-      - 'dependabot/npm_and_yarn/**'
 
 jobs:
   update-pods:
@@ -33,7 +30,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version-file: 'package.json'
+          node-version: '20'
           cache: 'npm'
 
       - name: Install npm packages

From 0a0bfeaba1b2e4033cfb7930bc3670985b9ce92e Mon Sep 17 00:00:00 2001
From: James Pepper <james@bitsleuth.ai>
Date: Mon, 19 Jan 2026 11:38:54 +0000
Subject: [PATCH 5/7] chore(deps): add dependabot updates for github actions

---
 .github/dependabot.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8c64951..b86b20b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -126,3 +126,19 @@ updates:
     commit-message:
       prefix: "chore(deps-ios)"
       include: "scope"
+
+  # Enable version updates for GitHub Actions workflows
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      day: "monday"
+      time: "09:00"
+      timezone: "Etc/UTC"
+    open-pull-requests-limit: 3
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"

From 44a7e1771a517607e70a946c8a7a841791f2c48d Mon Sep 17 00:00:00 2001
From: James Pepper <james@bitsleuth.ai>
Date: Mon, 19 Jan 2026 11:41:26 +0000
Subject: [PATCH 6/7] Potential fix for code scanning alert no. 4: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/dependabot-cocoapods.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/dependabot-cocoapods.yml b/.github/workflows/dependabot-cocoapods.yml
index 63ae8fa..eb55f38 100644
--- a/.github/workflows/dependabot-cocoapods.yml
+++ b/.github/workflows/dependabot-cocoapods.yml
@@ -18,6 +18,8 @@ jobs:
   update-pods:
     name: Run pod install
     runs-on: macos-latest
+    permissions:
+      contents: write
     timeout-minutes: 15
     
     steps:

From 71aba5fdc7a559ee6e73499ceec40eb8bfa3c180 Mon Sep 17 00:00:00 2001
From: James Pepper <james@bitsleuth.ai>
Date: Mon, 19 Jan 2026 11:43:14 +0000
Subject: [PATCH 7/7] Change Dependabot schedule day from Tuesday to Monday

---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b86b20b..1c32a65 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -100,7 +100,7 @@ updates:
     directory: "/android"
     schedule:
       interval: "weekly"
-      day: "tuesday"
+      day: "monday"
       time: "09:00"
     open-pull-requests-limit: 3
     labels: