This PR enables dependabot, which monitors and create pull requests for us to upgrade all the dependencies.
Why?
JIRA: EXT-1893
It's better to keep upgrading dependencies consistently, rather than doing a lot of updates in bulk and not being able to figure out why something is broken.
We will have to iterate on configuring dependabot. But for now, I've configured it to create a grouped pull-request, which means we will have a single PR per week with all the upgrades grouped together, instead of having one PR per one dependency, meaning lots of PRs created and blocking the CI pipeline.
What?
This PR enables dependabot, which monitors and create pull requests for us to upgrade all the dependencies.
Why?
JIRA: EXT-1893
It's better to keep upgrading dependencies consistently, rather than doing a lot of updates in bulk and not being able to figure out why something is broken.
We will have to iterate on configuring dependabot. But for now, I've configured it to create a grouped pull-request, which means we will have a single PR per week with all the upgrades grouped together, instead of having one PR per one dependency, meaning lots of PRs created and blocking the CI pipeline.
How to test? (optional)