Add dependabot

[StefMa]

This goes a bit further of #52 and adds dependabot to make sure we are always using the latest versions of dependencies 🙃.

I copied the config from here and removed the dummy auth (because this is not required).

[StefMa]

@ov7a could may have a look? 🙃

[ov7a]

@StefMa I'm not sure about this. While having updates is good, I don't feel that the test coverage is strong enough to blindly merge them. And reviewing/testing/managing dependabot PRs usually is annoying.

[StefMa]

What types of /more tests would be required to feel save for the current dependencies (gson)? 🤔 I could also write a few for that. Beside of that... Gson doesn't get too many updates anymore. The last update happen a year ago, the one before that 2 years ago 😁 But nevermind, I could also close this PR if you're not interested in it 👍

…

On Wed, Jan 24, 2024, 8:28 AM Vlad Chesnokov ***@***.***> wrote: @StefMa <https://github.com/StefMa> I'm not sure about this. While having updates is good, I don't feel that the test coverage is strong enough to blindly merge them. And reviewing/testing/managing dependabot PRs usually is annoying. — Reply to this email directly, view it on GitHub <#54 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACOBQ6ZSSYFRXF562ADNI6TYQCZY7AVCNFSM6AAAAABAE7B4K2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBXGU2DIMZXGI> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[ov7a]

@StefMa It's not like I'm against it, I just don't feel it's worth it. Let's hear other opinions.