add Dependabot for automated dependency updates #207
Description
The project doesn't currently have Dependabot configured, so dependency updates (including security patches) require manual tracking. This led me to create PRs such as: #175 and #87, I quite like this project though so decided to investigate more haha.
Adding a .github/dependabot.yml would enable weekly automated PRs for:
- Root npm dependencies (
/) - Docs npm dependencies (
/docs) - GitHub Actions workflow versions
This is a low-effort way to stay on top of security vulnerabilities and keep dependencies current.