feat: dependabot workflow automation for updating dependency

[Rajpratik71]

Signed-off-by: Pratik Raj [email protected]

[kaplanelad]

Hey @Rajpratik71,
Can you please elaborate on what your motivation for adding is dependabot?

[Rajpratik71]

Hey @Rajpratik71,
Can you please elaborate on what your motivation for adding is dependabot?

Hi @kaplanelad ,

Manual control of dependency is fine but with a growing no. of distributed upstream dependencies, it becomes hard to manage. So, for that automation should be there to update dependencies. Further, CI Pipeline is there to test those changes.

Further, this will not update the dependencies automatically, instead, a PR will be opened with changes that can be reviewed and tested with CI.

i.e why this automation will help here.

[kaplanelad]

I'm trying to understand the pain of adding the dependencies updates. It means that we need 100% test coverage to ensure that nothing breaks and more things to cover.
Are you worried about vulnerable/malicious packages?

[Rajpratik71]

I'm trying to understand the pain of adding the dependencies updates. It means that we need 100% test coverage to ensure that nothing breaks and more things to cover. Are you worried about vulnerable/malicious packages?

A PR will be opened with changes that can be reviewed and tested with CI.

If some dependencies updates break the CI then those dependencies can be skipped