Add Dependabot config

[alexanderattar]

PR

Description

Via @tynes:

Since there are so many untrusted dependencies used in the typescript code, vulnerabilities can be found at any time and we need to be able to quickly update the impacted dependencies when this happens.

Dependabot is now native to Github 👏 This means all we need to do is add a new dependabot.yml file under the .github directory. Within the config we can specify the config where the dependencies are managed. For example the location of package.json for nodejs. Additionally/conveniently if using Yarn workspaces Dependabot should automatically handle package.json files in subdirectories of the workspace (as noted here https://github.com/dependabot/dependabot-core/issues/603)!

Questions

• Is daily an appropriate interval? From examples this seems pretty typical

Metadata

Fixes

• Fixes https://github.com/ethereum-optimism/roadmap/issues/51

Contributing Agreement

• [x] I have read and understood the Optimism Contributing Guide and Code of Conduct and am following those guidelines in this pull request.

[tynes]

Could you put this config file in this repo? https://github.com/ethereum-optimism/.github Then it won't be necessary to open PRs in each repo

[alexanderattar]

Yeah for sure. I'll close this