Set up automated dependency updates

[SanchithHegde]

As of writing this, Dependabot has been set up to only update GitHub Actions, and Rust dependency updates are done manually. The motivation to manually update Rust dependencies has been to prevent notifications noise from Dependabot PRs.

Requirements

1. Reduce the human intervention required for dependency updates. As much as possible, this should not create notification noise for the project maintainer(s).
2. Set up scheduled updates. Updates should run at a set interval, say, every 2 weeks or once a month (confirm the specifics with the project maintainers before picking up this task).

Available Options

Dependabot

• As of writing this, Dependabot does support auto-merging PRs with the help of GitHub Actions. However, Dependabot would still open PRs first, run CI tests and then merge the PR if all tests pass.
• As for scheduling, Dependabot supports daily, weekly and monthly intervals. See also: schedule.interval, schedule.day, schedule.time and schedule.timezone configuration options.

Renovate

• Renovate supports auto-merging PRs once tests pass. Additionally, with automergeType=branch, Renovate will try to create a branch, run tests and merge it if all tests pass. If tests fail, however, Renovate will raise a PR for manual review. See also: Automerging and scheduling, Frequent problems and how to resolve them.
• As for scheduling, Renovate provides a good number of scheduling presets. As per the schedule option docs, Renovate also supports using Cron syntax and Later syntax.
• Renovate also supports updating GitHub Actions automatically. See: github-actions module docs.

[chshersh]

@SanchithHegde Thanks a lot for writing such a detailed issue with thorough description! 🙏🏻

This helps to make an informed decision much easier 🙂