v2 - configure dependabot #325
Description
Most of the PRs are just closed PRs to dependabot. The default config is annoying and doesn't really work. But we can change that.
Introduce a config file (https://dependabot.com/docs/config-file/) to:
- Limit the rate to 2 weeks (or monthly otherwise). Every 1 week feels like too much.
- Only do it for security update or minor/major. Patches also feel like too much.
- Update
package.jsonas well, not only the lockfile.
If any other interesting features can be configured, please mention them so we can make better use of the tool.