Enable Dependabot for GitHub Actions

[marcindabrowski]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

Enable Dependabot for GitHub Actions.

💡 Motivation and Context

GitHub Actions used in project CI were outdated and using unsupported Node.
Dependabot will scan repo and create PRs with new versions of GitHub Actions.

📝 Checklist

• I reviewed submitted code
• I added tests to verify changes
• I updated reference documentation to reflect the change
• All tests passing
• No breaking changes

[maciejwalkowiak]

I am not sure how useful will it be but lets give a try.

[marcindabrowski]

Dependabot is a great tool to manage dependency upgrades. It can analyze your actions and pom.xml as well, and creates a PR when new version of the action or library is used. Dependabot is part of GitHub.

But personally, I prefer Renovate bot, because it can do more thing, ie. it should bump Maven wrapper (I don't know, but it can do it for Gradle, so probably for Maven too). But to use Renovatebot you have to set it up there.
For dependabot you don't need to do anything.