Add dependabot.yml

[ddugovic]

Title

Manage dependencies using Dependabot.

Description

Dependabot Core is a collection of packages for automating dependency updating in Ruby, JavaScript, Python, PHP, Elixir, Elm, Go, Rust, Java and .NET. It can also update git submodules, Docker files, and Terraform files. https://github.com/apps/dependabot

Related Issue

None

Motivation and Context

You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies. https://docs.github.com/en/code-security/supply-chain-security/configuring-dependabot-security-updates

How Has This Been Tested

Committing this file to my master branch has created two pull requests at https://github.com/ddugovic/Caster/pulls

Types of changes

• [x] Docs change / refactoring / dependency upgrade

Checklist

• [x] I have read the CONTRIBUTING document.
• [ ] My code follows the code style of this project.
• [ ] I have checked that my code does not duplicate functionality elsewhere in Caster.
• [ ] I have checked for and utilized existing command phrases from within Caster (delete if not applicable).
• [x] My code implements all the features I wish to merge in this pull request.
• [ ] My change requires a change to the documentation.
• [ ] I have updated the documentation accordingly.
• [ ] I have added tests to cover my changes.
• [x] All new and existing tests pass.

Maintainer/Reviewer Checklist

• [x] Basic functionality has been tested and works as claimed.
• [ ] New documentation is clear and complete.
• [ ] Code is clear and readable.

[LexiconCode]

Thank you, I appreciate the feedback Daniel.

One note for the dependency upgrades:

• pyvda should be pinned to 0.0.8 as it's an API breaking change and drops Python 2 support. Once Natlink has a beta release supporting Python 3 that dependency will be updated.

• Also related to Natlink has had issues with utilizing wxpython > 4.0.7. for those engines that utilize Python 3 this is a nonissue as they can utilize the latest wxpython package.

We've migrated most of the GUI to utilize pyside2 with the intent to drop wxpython when dropping support for Python 2.

None of this is to say that Dependabot Core is not something we should add to the project. If you could make some allowances for those 2 packages that would be great. Otherwise let me know.

[ddugovic]

Thanks for the review! I recently got interested in accessibility watching a livestreamer who recently has focused on accessibility-related games. I'll consider your ask as I attempt to install Kaldi on my machine (sorry for the "drive-by" nature of the PR so far).

[LexiconCode]

Thanks for the review! I recently got interested in accessibility watching a livestreamer who recently has focused on accessibility-related games. I'll consider your ask as I attempt to install Kaldi on my machine (sorry for the "drive-by" nature of the PR so far).

if there's anything I can do to help let me know. If there's no response about a week or so I'll close the PR.

[ddugovic]

Thanks... sorry, my Kaldi installation went poorly and work/personal responsibilities overwhelm me at present. I may try again much later this year.

[LexiconCode]

Thanks... sorry, my Kaldi installation went poorly and work/personal responsibilities overwhelm me at present. I may try again much later this year.

https://1drv.ms/u/s!Ag4M-olMXhzjiGLH-F4a1SdJThFf?e=h1GA1h It contains self-contained install of Caster and Kaldi with Python 3