github: add dependabot configuration

[marcospereira]

Requirements

Depends on #340.

This requires a change in the repo settings:

=> Settings => Code security and analysis => Dependabot => Dependabot version updates, and then click the enable button.

What?

Add dependabot configuration. For now, this configuration only:

• Updates GitHub Actions
• Runs weekly (to avoid noise)

We can later add configuration to update Maven dependencies.

References:

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.31%. Comparing base (e8fca09) to head (c5885e1).

Additional details and impacted files

@@            Coverage Diff            @@
##               main     #342   +/-   ##
=========================================
  Coverage     91.31%   91.31%           
  Complexity     1218     1218           
=========================================
  Files            76       76           
  Lines          3168     3168           
  Branches        493      493           
=========================================
  Hits           2893     2893           
  Misses          164      164           
  Partials        111      111           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[casid]

Hi @marcospereira, I've enabled dependabot for version updates.

To do that I had to commit a dependabot.yml file. I just copied the one from your Pull Request.

I think you will just need to rebase your branch onto main and this will be good to merge.

[marcospereira]

Thank you! I will later do some work to add Maven updates here (it should be easy since jte only has a couple of test deps). :-)