docs: add governance documentation for SEP-1730

[felixweinberger]

Add governance documentation required for SEP-1730 tier compliance.

Motivation and Context

SEP-1730 requires published dependency update policy, versioning policy, and roadmap for Tier 1/2 SDKs. This PR adds all four files.

How Has This Been Tested?

Documentation-only change. Verified against SEP-1730 tier-check requirements.

Breaking Changes

None.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

Files added:

• DEPENDENCY_POLICY.md — conservative update policy (no scheduled npm bumps, security-driven updates only)
• VERSIONING.md — SemVer policy with breaking/non-breaking definitions and communication practices
• ROADMAP.md — spec tracking via GitHub Projects, v2 timeline (alpha ~mid-March, beta ~May 2026)
• .github/dependabot.yml — monthly GitHub Actions updates (grouped)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 304f539

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/sdk@1547

commit: 304f539