Discuss how to keep dependent repos up to date

[plocket]

• Add workflow to make PR with latest package version?

[plocket]

Surely there's a bot that lets you send out a suggested update?

[plocket]

We can now at least see the dependents that use our repo: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#dependents-view

[BryceStevenWilley]

To expand more on this:

• we can see our Github Action dependents now!
• If I understand correctly, dependabot should work automatically for GitHub actions, without us having to do anything else? We'd have to check from dependency, going to the insights/dependabot tab.

I think dependabot is the right way to go about it, even though there's some config all of our users have to set up.