[Feat]: Show how to setup Dependabot

[michaelachrisco]

Is your feature request related to a problem? Please describe.

We want to be able to check for vulnerabilities within dependencies without breaking ongoing pull requests. npm audit was our first thought but has a number of downsides:

1. Failed on ongoing Pull Requests
2. Recommends npm audit --fix which will update all dependencies that have a vulnerabilities but will also cause breakages within frameworks like react and angular.
3. Can only be used with javascript solutions.

Describe the solution you'd like.

dependabot seems to be a good solution that is recommended by Github itself. If anyone else has a good process or tool to update products and protect against vulnerabilities, I would love to hear from you!

Describe alternatives you've considered

No response

Additional context

No response

[T145]

Simply navigate to the "Security" tab in a repository and enable desired features. You can also create a .github/dependabot.yml configuration file and give it these contents:

# Set update schedule for GitHub Actions
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
  - package-ecosystem: "npm"
      directory: "/"
      schedule:
        interval: "daily"