[FEATURE] Dependabot

[juan-miii]

Describe the feature you'd like and why

I would like to suggest adding Dependabot to automatically check for updates in Docker and Python dependencies. This would help keep code secure and up to date, ensuring we quickly address any vulnerabilities or outdated packages.

User Impact

Anyone working on or using the project would benefit by reducing manual dependency maintenance and improving overall stability.

Implementation Details (optional)

Dependabot can be configured via .github/dependabot.yml to monitor dependency files. At first glance I believe python and docker shall be considered. If this aligns with the project’s scope, I can look into setting it up. Final step would be you activating dependency graph and Dependabot, which can only be performed by the repository owner.

Additional context

Let me know if this is within the scope of the project. I have some free time this weekend, and I'd be happy to open a PR with the required changes and configurations if that seems fine.

[coleam00]

This is a great idea, I appreciate it @juan-miii! I haven't used Dependabot before - as long as you don't think this would cause issues for end users with versions of things updating more frequently, then I am all for it!

[juan-miii]

Totally understandable! In practice, Dependabot will open pull requests any time it detects an available update. We can configure our GitHub Actions to automatically build and test the project for each new PR. That way:

1. If an update passes all tests/builds successfully, we can merge it without risking any disruption for end users.
2. If something fails or seems unstable, we can simply ignore or close that PR and stick with the current version.

I'll be working on it throughout the week and hopefully come back with a PR around next weekend. If anything comes up or if there's anything specific you’d like me to consider, feel free to ask!

[coleam00]

That sounds amazing, thank you @juan-miii!