Add Dependabot configuration for automated dependency updates #2378
Description
The problem
The repository currently does not include a .github/dependabot.yml configuration file. As a result, GitHub Actions versions and Python dependencies can become outdated silently, requiring manual discovery and maintenance.
For example, actions/checkout is currently pinned to v3, which runs on Node.js 16 (now EOL). This issue would have been automatically detected and addressed if Dependabot were enabled.
Requested Solution
Add a .github/dependabot.yml file with the following configurations:
-
github-actions
Enable weekly automatic updates for GitHub Actions used in workflow files. -
pip
Enable weekly automatic updates for Python dependencies defined inpyproject.toml.
Alternatives
Renovate Bot is a possible alternative; however, Dependabot is natively integrated with GitHub and requires no additional setup. Additionally, pre-commit.ci already manages pre-commit hook updates, so Dependabot would cover the remaining dependency categories.
Additional context
New file to be added:
.github/dependabot.yml