Feat/dependabot daily updates

[Spiev]

No description provided.

[Copilot]

Pull request overview

This pull request updates the Dependabot configuration to check for updates daily instead of weekly, and adds comprehensive Matter Hub migration documentation.

Changes:

• Changed Dependabot Docker Compose update interval from weekly (Sunday) to daily for all service directories (homeassistant, paperless, immich, pihole, freshrss, teslamate)
• Added a Matter Hub deprecation notice in README.md with a link to migration documentation
• Added a new 280-line migration guide (in German) for migrating from home-assistant-matter-hub to Matterbridge

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/dependabot.yml	Updated all service update schedules from weekly to daily intervals
README.md	Added deprecation warning for Matter Hub with link to migration documentation
homeassistant/matter-migration.md	New comprehensive migration guide from matter-hub to Matterbridge (contains critical YAML syntax errors)

Comments suppressed due to low confidence (3)

homeassistant/matter-migration.md:133

• Inconsistent directory naming: Line 122 references ./Matterbridge (capital M) while line 133 creates matterbridge (lowercase m). Additionally, line 124 references ./mattercert but this directory is not created in line 133. Either update line 133 to create all three directories with matching case (Matterbridge, matterbridge-data, mattercert), or update lines 122 and 124 to match the lowercase convention.

docker compose up -d matterbridge

homeassistant/matter-migration.md:1

• The PR title "Feat/dependabot daily updates" suggests the primary focus is updating Dependabot configuration, but this PR also includes a complete 280-line Matter migration documentation file (homeassistant/matter-migration.md). Consider splitting this into two separate PRs: one for the Dependabot configuration change and another for the Matter migration documentation. This would make the changes easier to review and maintain a clearer git history.

# Migration: home-assistant-matter-hub → Matterbridge

homeassistant/matter-migration.md:117

• The Docker image reference for Matterbridge uses the mutable latest tag (image: luligu/matterbridge:latest), which creates a supply-chain risk because future image updates (or a compromised registry/publisher) can silently change the code you run with access to your Home Assistant token and host network. An attacker who gains control over that tag could ship a malicious image that is automatically pulled and executed with your configured volumes and privileges, leading to compromise of your home automation environment. Pin this dependency to an immutable identifier (such as a specific image digest or at least a concrete, audited version) instead of latest to ensure only trusted builds are deployed.

    image: luligu/matterbridge:latest
    container_name: matterbridge

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Changing Dependabot update frequency from weekly to daily will significantly increase the number of pull requests (potentially 7x more PRs per week). This could create maintenance overhead and noise in the repository. Consider whether daily updates are truly necessary for all services, or if a weekly schedule is sufficient for most while keeping daily updates only for internet-facing services like the proxy.

[Spiev]

@copilot Ja, das ist richtig. Aber auf der anderen Seite enthalten die Versionen immer auch Bug und Security Fixes, die ich gerne Zeitnahe einspielen möchte.

[Copilot]

The volumes: key is duplicated on lines 120 and 121. This will cause a YAML syntax error when used in docker-compose. Remove the first occurrence on line 120.

Suggested change

volumes:

[Copilot]

@Spiev I've opened a new pull request, #39, to work on those changes. Once the pull request is ready, I'll request review from you.