Dependabot for plugin template and child plugins

.github/dependabot.yml

@@ -0,0 +1,13 @@
+# Dependabot configuration
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-github-dependabot-version-updates
+# https://til.simonwillison.net/github/dependabot-python-setup
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: weekly
+  groups:
+    python-packages:
+      patterns:
+        - "*"

README.md

@@ -107,6 +107,12 @@ git commit -m 'initial commit'
    git push -u origin main
    ```
 
+### Enable Dependabot security updates
+
+You can use [Dependabot](https://docs.github.com/en/code-security/dependabot) security updates to easily update vulnerable dependencies.
+
+[Here's how to enable Dependabot in your github settings](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories). Your Dependabot configuration file is located at `.github/dependabot.yml`.
+
 ### Monitor testing and coverage
 
 The repository should already be setup to run your tests each time you push an

{{cookiecutter.plugin_name}}/.github/dependabot.yml

@@ -0,0 +1,15 @@
+# Dependabot configuration
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-github-dependabot-version-updates
+# https://til.simonwillison.net/github/dependabot-python-setup
+{% raw %}
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: weekly
+  groups:
+    python-packages:
+      patterns:
+        - "*"
+{% endraw %}