Enable dependabot

[alexey-yarmosh]

Need to configure and enable dependabot (or Renovate?) to automatically migrate to the latest versions of the packages.

[MartinKolarik]

I'm usually strongly against these bots, as the amount of spam they generate with the PRs is more annoying than occasionally running npm update in the terminal and committing the updated files.

[jimaek]

Maybe just configure them to run once per month?

[alexey-yarmosh]

Need to check if that is doable, but I want to configure it to create a single PR with all the new versions once a week, for example. That shouldn't do spam.

[alpha14]

@alexey-yarmosh grouping and long intervals are doable with dependabot :

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "monthly"
    versioning-strategy: increase
    groups:
       # Specify a name for the group, which will be used in PR titles and branch names
       dev-dependencies:
          patterns:
            - "*"  

[MartinKolarik]

Let's include updating dependencies in GH Actions here.