Proposal: use github dependabot instead of Snyk

[dengliming]

See: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates

[filipecosta90]

Hi there @dengliming , I was checking the main differences among them and I see that for js/ts based projects they are +- the same correct? WDYT @gkorland ? I see benefits on moving towards dependabot if we apply it across the entire python/go/js,etc.... clients.

# Basic set up for three package managers

version: 2
updates:

  # Maintain dependencies for GitHub Actions ( to keep our actions up to date )
  - package-ecosystem: "github-actions" 
    directory: "/"
    schedule:
      interval: "daily"

  # Maintain dependencies for js/ts
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"

  # Maintain dependencies for go 
  - package-ecosystem: "go:modules"
    directory: "/"
    schedule:
      interval: "daily"

  # Maintain dependencies for python
  - package-ecosystem: "python"
    directory: "/"
    schedule:
      interval: "daily"

  # Maintain dependencies for dotnet 
  - package-ecosystem: "dotnet:nuget"
    directory: "/"
    schedule:
      interval: "daily"

  # Maintain dependencies for java
  - package-ecosystem: "java:maven"
    directory: "/"
    schedule:
      interval: "daily"

[dengliming]

@filipecosta90 Thanks for quick reply. Just a suggestion. They both good. like travis ci and github workflow actions . I recommend doing this because you can configure it directly on Github. Snyk can only be logged to the https://snyk.io/ to be configured.(Not sure).