From ce72b9fa5a1339ba782d3ce2765c7972263503b3 Mon Sep 17 00:00:00 2001
From: thephez <thephez@users.noreply.github.com>
Date: Wed, 11 Mar 2026 09:28:19 -0400
Subject: [PATCH 1/4] ci: update dependency workflow for @dashevo/evo-sdk

---
 .github/workflows/dependency-update.yml | 34 ++++++++++++-------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml
index 779fdf9..57cfae1 100644
--- a/.github/workflows/dependency-update.yml
+++ b/.github/workflows/dependency-update.yml
@@ -1,4 +1,4 @@
-name: Update Dash Dependency and Package Version
+name: Update @dashevo/evo-sdk Dependency and Package Version
 
 on:
   schedule:
@@ -10,7 +10,7 @@ permissions:
   pull-requests: write
 
 jobs:
-  update-dash-package:
+  update-evo-sdk-package:
     runs-on: ubuntu-latest
 
     steps:
@@ -28,29 +28,29 @@ jobs:
       - name: Install Dependencies
         run: npm install
 
-      # Step 4: Check and Update Dash Dependency and Version
-      - name: Check and Update Dash Dependency
-        id: update_dash
+      # Step 4: Check and Update @dashevo/evo-sdk Dependency and Version
+      - name: Check and Update @dashevo/evo-sdk Dependency
+        id: update_evo_sdk
         run: |
           set -e  # Stop execution on any error
 
           # Get the current version of Dash in package.json
-          CURRENT_DASH_VERSION=$(jq -r '.dependencies.dash // .devDependencies.dash' package.json)
+          CURRENT_DASH_VERSION=$(jq -r '.dependencies["@dashevo/evo-sdk"] // .devDependencies["@dashevo/evo-sdk"]' package.json)
           
           # Extract the version prefix (e.g., ^, ~, or empty)
           DASH_PREFIX=$(echo "$CURRENT_DASH_VERSION" | grep -o '^[^0-9]*')
           DASH_VERSION_NUMBER=$(echo "$CURRENT_DASH_VERSION" | grep -o '[0-9].*')
 
           # Get the latest version of Dash
-          LATEST_DASH_VERSION=$(npm show dash version)
+          LATEST_DASH_VERSION=$(npm show @dashevo/evo-sdk version)
           LATEST_MINOR_PATCH=$(echo "$LATEST_DASH_VERSION" | cut -d. -f2,3)
 
-          echo "Current Dash version: $CURRENT_DASH_VERSION"
-          echo "Latest Dash version: $LATEST_DASH_VERSION"
+          echo "Current @dashevo/evo-sdk version: $CURRENT_DASH_VERSION"
+          echo "Latest @dashevo/evo-sdk version: $LATEST_DASH_VERSION"
 
           # Update dash dependency if needed
           if [ "$DASH_VERSION_NUMBER" != "$LATEST_DASH_VERSION" ]; then
-            jq '.dependencies.dash = "'"$DASH_PREFIX$LATEST_DASH_VERSION"'"' package.json > package.json.tmp && mv package.json.tmp package.json
+            jq '.dependencies["@dashevo/evo-sdk"] = "'"$DASH_PREFIX$LATEST_DASH_VERSION"'"' package.json > package.json.tmp && mv package.json.tmp package.json
 
             # Update package version in package.json (keep major version, sync minor and patch)
             CURRENT_PACKAGE_VERSION=$(jq -r '.version' package.json)
@@ -60,24 +60,24 @@ jobs:
             jq '.version = "'"$NEW_PACKAGE_VERSION"'"' package.json > package.json.tmp && mv package.json.tmp package.json
             echo "Updated package.json version to $NEW_PACKAGE_VERSION"
 
-            npm install dash
+            npm install @dashevo/evo-sdk
 
             echo "needs_update=true" >> $GITHUB_ENV
           else
-            echo "Dash dependency is up-to-date"
+            echo "@dashevo/evo-sdk dependency is up-to-date"
             echo "needs_update=false" >> $GITHUB_ENV
           fi
 
       # Step 5: Create Pull Request
       - name: Create Pull Request
         if: env.needs_update == 'true'
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v7
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          branch: update-dash-and-version
+          branch: update-evo-sdk-and-version
           base: main
-          title: "chore: update Dash dependency and sync version"
+          title: "chore: update @dashevo/evo-sdk dependency and sync version"
           body: |
-            This pull request updates the `dash` dependency to the latest version and syncs the package version, aligning the minor and patch versions with `dash`.
-          commit-message: "chore: update Dash dependency and sync version"
+            This pull request updates the `@dashevo/evo-sdk` dependency to the latest version and syncs the package version, aligning the minor and patch versions with `@dashevo/evo-sdk`.
+          commit-message: "chore: update @dashevo/evo-sdk dependency and sync version"
           reviewers: "thephez"

From 535d6c0b5dabfca0ba2d655c32b29e223268158a Mon Sep 17 00:00:00 2001
From: thephez <thephez@users.noreply.github.com>
Date: Wed, 11 Mar 2026 09:36:29 -0400
Subject: [PATCH 2/4] ci: prevent dependency workflow from downgrading to older
 stable versions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/dependency-update.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml
index 57cfae1..748fe9e 100644
--- a/.github/workflows/dependency-update.yml
+++ b/.github/workflows/dependency-update.yml
@@ -48,8 +48,11 @@ jobs:
           echo "Current @dashevo/evo-sdk version: $CURRENT_DASH_VERSION"
           echo "Latest @dashevo/evo-sdk version: $LATEST_DASH_VERSION"
 
-          # Update dash dependency if needed
-          if [ "$DASH_VERSION_NUMBER" != "$LATEST_DASH_VERSION" ]; then
+          # Only update if the latest stable version is strictly higher than current
+          # npx semver returns the version if it satisfies the range, empty otherwise
+          IS_HIGHER=$(npx -y semver "$LATEST_DASH_VERSION" -r ">$DASH_VERSION_NUMBER" || true)
+
+          if [ -n "$IS_HIGHER" ]; then
             jq '.dependencies["@dashevo/evo-sdk"] = "'"$DASH_PREFIX$LATEST_DASH_VERSION"'"' package.json > package.json.tmp && mv package.json.tmp package.json
 
             # Update package version in package.json (keep major version, sync minor and patch)

From 3fe8cb203aa1793ca583f4171781d404959d3e90 Mon Sep 17 00:00:00 2001
From: thephez <thephez@users.noreply.github.com>
Date: Wed, 11 Mar 2026 09:51:25 -0400
Subject: [PATCH 3/4] ci: pin actions

---
 .github/workflows/dependency-update.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml
index 748fe9e..b04a1e8 100644
--- a/.github/workflows/dependency-update.yml
+++ b/.github/workflows/dependency-update.yml
@@ -16,11 +16,11 @@ jobs:
     steps:
       # Step 1: Checkout the repository
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       # Step 2: Set up Node.js
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: '20'
 
@@ -74,7 +74,7 @@ jobs:
       # Step 5: Create Pull Request
       - name: Create Pull Request
         if: env.needs_update == 'true'
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           branch: update-evo-sdk-and-version

From 438e720a7e474b2f54d8a5cf10fdee06a0ff8820 Mon Sep 17 00:00:00 2001
From: thephez <thephez@users.noreply.github.com>
Date: Wed, 11 Mar 2026 10:17:03 -0400
Subject: [PATCH 4/4] ci: check installed version instead of package.json

---
 .github/workflows/dependency-update.yml | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml
index b04a1e8..4956661 100644
--- a/.github/workflows/dependency-update.yml
+++ b/.github/workflows/dependency-update.yml
@@ -34,23 +34,21 @@ jobs:
         run: |
           set -e  # Stop execution on any error
 
-          # Get the current version of Dash in package.json
+          # Get the installed version from the lockfile (not the declared specifier)
+          INSTALLED_VERSION=$(npm ls @dashevo/evo-sdk --json | jq -r '.dependencies["@dashevo/evo-sdk"].version')
           CURRENT_DASH_VERSION=$(jq -r '.dependencies["@dashevo/evo-sdk"] // .devDependencies["@dashevo/evo-sdk"]' package.json)
-          
-          # Extract the version prefix (e.g., ^, ~, or empty)
           DASH_PREFIX=$(echo "$CURRENT_DASH_VERSION" | grep -o '^[^0-9]*')
-          DASH_VERSION_NUMBER=$(echo "$CURRENT_DASH_VERSION" | grep -o '[0-9].*')
 
           # Get the latest version of Dash
           LATEST_DASH_VERSION=$(npm show @dashevo/evo-sdk version)
           LATEST_MINOR_PATCH=$(echo "$LATEST_DASH_VERSION" | cut -d. -f2,3)
 
-          echo "Current @dashevo/evo-sdk version: $CURRENT_DASH_VERSION"
+          echo "Installed @dashevo/evo-sdk version: $INSTALLED_VERSION"
           echo "Latest @dashevo/evo-sdk version: $LATEST_DASH_VERSION"
 
-          # Only update if the latest stable version is strictly higher than current
+          # Only update if the latest stable version is strictly higher than installed
           # npx semver returns the version if it satisfies the range, empty otherwise
-          IS_HIGHER=$(npx -y semver "$LATEST_DASH_VERSION" -r ">$DASH_VERSION_NUMBER" || true)
+          IS_HIGHER=$(npx -y semver "$LATEST_DASH_VERSION" -r ">$INSTALLED_VERSION" || true)
 
           if [ -n "$IS_HIGHER" ]; then
             jq '.dependencies["@dashevo/evo-sdk"] = "'"$DASH_PREFIX$LATEST_DASH_VERSION"'"' package.json > package.json.tmp && mv package.json.tmp package.json