Create Dependabot config file

[dependabot-preview]

👋 Dependabot is moving natively into GitHub! This pull request migrates your configuration from Dependabot.com to a config file, using the new syntax. When you merge this pull request, we'll swap out dependabot-preview (me) for a new dependabot app, and you'll be all set!

With this change, you'll now use the Dependabot page in GitHub, rather than the Dependabot dashboard, to monitor your version updates. Dependabot is now configured exclusively using config files.

If you've got any questions or feedback for us, please let us know by creating an issue in the dependabot/dependabot-core repository.

Learn more about the relaunch of Dependabot

Please note that regular @dependabot commands do not work on this pull request.

🤖💛

[dschaper]

This was autogenerated, we need to review it and adjust accordingly.

[netlify]

✔️ Deploy Preview for pihole-docs ready!

🔨 Explore the source changes: fe92473

🔍 Inspect the deploy log: https://app.netlify.com/sites/pihole-docs/deploys/60e0cc6814656a00088f93a4

😎 Browse the preview: https://deploy-preview-374--pihole-docs.netlify.app

[XhmikosR]

Does anybody recall why tornado was excluded? I don't think we even have this dependency anymore.

The rest of the changes look good, they are just backported.

[dschaper]

The template was auto-generated. None of the contents are opinionated or chosen/excluded for any known reason.

It's just what the bot wrote.

[XhmikosR]

It's not what the bot wrote; everything is migrated from the current config

[dschaper]

It's not what the bot wrote; everything is migrated from the current config

It's a PR literally opened by the bot itself.

[XhmikosR]

Yeah, but it just migrated the current config.

[dschaper]

Then I have no reason why tornado was excluded.

[XhmikosR]

Must have been an old thing, but since we now include the top-level deps, it's moot. I think we can merge this :)

[XhmikosR]

The only thing we need to consider is that automerging does not currently work: dependabot/dependabot-core#1973

[dschaper]

Thanks for finding that. I think the dependabot/dependabot-core#1973 (comment) solution is feasible.

[XhmikosR]

For security reasons, I would suggest that we stick with the current solution and block this PR until there's a proper solution in core.

[DL6ER]

How about using

https://github.com/JabRef/JabRef-Browser-Extension/blob/56666f241f3767af28fe2afb49b36afbf30bfb14/.github/workflows/automerge.yml#L22-L41

as suggested in the referenced upstream issue (last comment)?

[dschaper]

How about using

SGTM.

[XhmikosR]

I believe GitHub now has some kind of auto-merge feature, not sure how good it works with dependabot, though. But this is the only way forward, although we might need to wait for the needed functionality from GitHub.

[dependabot-preview]

As a reminder, Dependabot Preview will be shut down on August 3rd, 2021. You can merge this pull request to migrate to GitHub-native Dependabot. You can read the docs to learn more about what's changing, as well as find out how to get support if you need help migrating.

[PromoFaux]

Hold my beer.. we're going github native (we won't have any choice in a month anyway)