chore: promote latest CI/security hardening from dev to canary

[iap]

Summary

• promote latest CI reliability fixes and workflow hardening from dev to canary
• include Dependabot policy on default branch line

Included areas

• contracts CI reliability (anvil readiness wait)
• workflow runtime compatibility hardening (Node/action updates)
• frontend Node matrix CI checks
• Dependabot policy for actions + npm

Why

• keep stabilization branch aligned with hardened development baseline
• validate release/staging flow on the intended promotion path (dev -> canary)

Validation

• Contracts CI latest head: success
• Frontend CI latest stable run: success
• Contracts Slither, env/evidence/governance guards: passing on recent heads

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 5269cc98-9d97-4a53-83b4-20515ca218f3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}