Feature Request: Addition of a Dependent-bot for Automated Dependency Updates and Package Vulnerability Fixes.

[aialok]

Is your feature request related to a problem? Please describe.

• we are currently facing issues with dependencies in our project. We often find ourselves manually updating most of our packages, and it becomes challenging to determine the most suitable and non-vulnerable versions. To address these challenges related to dependency versions and security, we propose integrating a new bot into our repository called Dependent-bot, provided by GitHub itself. This bot would effectively solve our problems related to project dependencies.

Describe the solution you'd like

• Dependabot consists of three different features that help you manage your dependencies:

  • Dependabot alerts—inform you about vulnerabilities in the dependencies that you use in your repository.
  • Dependabot security updates—automatically raise pull requests to update the dependencies you use that have known security vulnerabilities.
  • Dependabot version updates—automatically raise pull requests to keep your dependencies up-to-date.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Approach to be followed (optional)
A clear and concise description of approach to be followed.

Additional context

• For more detail : https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide

Potential internship candidates
Please read this if you are planning to apply for a Palisadoes Foundation internship PalisadoesFoundation/talawa#359

[Cioppolo14]

We currently use dependabot, but sometimes we make manual versions when the automated PRs fail our tests. Closing as we already have this.