Use Dependabot to update TypeScript/JavaScript dependencies

[DilumAluthge]

@SaschaMann I'm wondering if Dependabot can fix the package.json and package-lock.json files for us?

[SaschaMann]

I'm strongly opposed to enabling Dependabot for these deps.

• There is no need to upgrade/update dependencies unless there's a security vulnerability or bug that affects us. Those alerts are enabled already and we can open Dependabot PRs from them when this is actually the case. (most of the vulns the alerts report are completely irrelevant and pointless btw)
• Dependabot creates a gigantic amount of noise in projects using npm. I'd unsubscribe and only watch for codeowner or direct mentions because I simply can't handle the notification spam for repos that use npm where Dependabot is enabled.
• This repo has rather low activity because it's by design fairly stable unless the GHA environment changes massively. I could potentially see a case for bumping production dependencies when releasing a new version but we don't need Dependabot for it and quite frankly I'm not fully convinced it'd be worth the effort.

If you want to volunteer to deal with those issues, go for it, but I'd rather not tbh.

[DilumAluthge]

Nope, my only motivation for trying Dependabot was to see if Dependabot could fix the npm issues, which have already been fixed.