diff --git a/.DS_Store b/.DS_Store
deleted file mode 100644
index 5008ddf..0000000
Binary files a/.DS_Store and /dev/null differ
diff --git a/.gitignore b/.gitignore
index 49715df..784e66e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,6 @@ basic
 .claude/
 .codegraph/
 coverage.out
+
+# macOS
+.DS_Store
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c400432..8194ccd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -36,8 +36,6 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 - `.editorconfig` — UTF-8, LF, final newline, trim trailing whitespace,
   tabs for Go + Makefile, 2-space indent for YAML/JSON/TOML, no-trim
   for Markdown.
-- `.github/dependabot.yml` — weekly `gomod` (root + `browser/`
-  sub-module) + `github-actions` updates.
 - `.github/PULL_REQUEST_TEMPLATE.md` — Summary / Changes / Scan-
   quality impact / SARIF compatibility / SSRF & egress safety /
   Testing / Checklist.
diff --git a/SECURITY.md b/SECURITY.md
index 43320e1..ac7b4fc 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -44,8 +44,8 @@ We follow [coordinated vulnerability disclosure](https://en.wikipedia.org/wiki/C
 
 ## Security practices in this repo
 
-- **Dependency monitoring:** automated via Dependabot (see
-  `.github/dependabot.yml`).
+- **Dependency monitoring:** vulnerable dependencies are detected by
+  `govulncheck`, which runs on every CI build (see "Vulnerability scanning").
 - **Static analysis:** `golangci-lint` / `ruff` / `mypy` enforced in CI.
 - **Vulnerability scanning:** `govulncheck` (Go) / `pip-audit` (Python) run
   on every CI build.