Current situation
dependabot is creating PRs to update github action dependencies. This is helpful. Apparently other dependencies (such as npm, dockerhub) are apparently not analyzed.
Goal
- Understand dependabots current configuration
- Research whether dependabot can do updates on other dependencies as well
- If yes, configure dependabot to do as much dependency tracking for us as possible