Add periodic dependency updater like Dependabot

[nifadyev]

Dependency updater will help to keep project dependencies up to date. Relevant dependencies reduce security issues, allow using the latest features, but may break compatibility. As a result, dependencies updater is helpful, but their changes should be validated and tested manually.

The first and obvious option is Dependabot. It is the default Github updater, and it is widely used in many projects. However, sometimes it lacks some useful features and may spam PRs if it is improperly configured (like any other updater). Also, only Github is supported, so migration to other hosting platform may be difficult

Another option is Renovate. It supports many hosting platforms, its development is more active and PRs description contains more helpful information.

Compare dependabot PR and renovate PR