Get off deprecated GitHub Actions action styfle/cancel-workflow-action@0.9.1

[hartwork]

GitHub Actions was complaining:

I can add another pull request introducing GitHub Dependabot if you would like to be safe from future issues like this.

[evverx]

Dependabot was removed in df0e13e because it wasn't ready for prime-time back in 2022 due to issues like dependabot/dependabot-core#2198. That is, it spammed forks and I complained here about it. That being said that bug was fixed: https://github.blog/changelog/2022-11-07-dependabot-pull-requests-off-by-default-for-forks/ so I'm not going to complain about it any more.

Edit: maybe instead of bumping this action https://docs.github.com/en/actions/using-jobs/using-concurrency should be used instead now that GitHub supports it natively. Actions canceling stuff look like https://github.com/systemd/systemd/blob/2efddcb24551521b75542043d033e39338207de8/.github/workflows/linter.yml#L20-L22 and https://github.com/systemd/systemd/blob/2efddcb24551521b75542043d033e39338207de8/.github/workflows/cifuzz.yml#L27-L29.

[jonathanmetzman]

Thanks both.
I think this PR is no longer relevant due to #10518

[hartwork]

@jonathanmetzman okay nice, that's even better. How do you feel about bringing back GitHub Dependabot?

[jonathanmetzman]

I'm glad they fixed the previous issue we had. Umm...I'm not sure. It seems like dependabot is already sending us (useless PRs) such as #10517. Intuitively I don't like it so much and want to avoid it. But I guess I could try it again and get rid of it if it still has too many issues for us (oss-fuzz is not a normal project).

[hartwork]

It seems like dependabot is already sending us (useless PRs) such as #10517.

@jonathanmetzman interesting. I believe it should be easy to make Dependabot only make that mistake once per dependency at most. i think that's not too bad.

Intuitively I don't like it so much and want to avoid it.

Interesting. If you want to elaborate here or via e-mail I'd be curious. (Personally I love Dependabot, use it everywhere I can: full pinning and auto-update pull requests is a dream combo to me in terms of security, stable CI, and staying up to date with bugfixes. For the things that Dependabot cannot yet auto-bump I'm adding manual CI to send pull requests for those (e.g. hartwork/git-delete-merged-branches#56 or more recent hartwork/rust-for-it#21). It works great for me so far.)

But I guess I could try it again and get rid of it if it still has too many issues for us (oss-fuzz is not a normal project).

Should I make a pull request or would you like to go for it yourself? I guess reverting commit df0e13e and replacing "daily" by "weekly" would be good?