Enable Dependabot

[naveensrinivasan]

With the rise in supply chain attacks, it helps to get the dependency updates.

Even if the project decides not to update the dependency it helps to be informed.

The dependabot settings have to be enabled in the security settings of the repository.

[codecov-commenter]

Codecov Report

Merging #1243 (083a9d5) into main (34cdca9) will decrease coverage by 0.01%.
The diff coverage is n/a.

❗ Current head 083a9d5 differs from pull request most recent head 126771d. Consider uploading reports for the commit 126771d to get more accurate results

@@            Coverage Diff             @@
##             main    #1243      +/-   ##
==========================================
- Coverage   90.42%   90.41%   -0.02%     
==========================================
  Files          70       70              
  Lines       38087    38087              
==========================================
- Hits        34441    34436       -5     
- Misses       3646     3651       +5     

Impacted Files	Coverage Δ
lightning/src/ln/functional_tests.rs	97.28% <0.00%> (-0.09%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 34cdca9...126771d. Read the comment docs.

[Kixunil]

FIY dependabot seems to have no special handling of MSRV

[naveensrinivasan]

FIY dependabot seems to have no special handling of MSRV

I am new to Rust. Is this a blocker?

[TheBlueMatt]

Its certainly very annoying, but I wouldn't call it a blocker. I assume if dependabot opens a PR and CI fails due to MSRV we can just close the PR and dependabot will shut up?

[naveensrinivasan]

Yes and also we can tell dependabot to ignore that version and so going forward it will not open a PR for either that minor or major version.

[TheBlueMatt]

LGTM, just seeking clarification on #1243 (comment)

[TheBlueMatt]

LGTM. worst case its broken and nothing happens, best case we get automated dep-bump prs, most of which will be useless cause we have to adapt to API changes, but hey, notifications good, I guess.

[naveensrinivasan]

LGTM. worst case its broken and nothing happens, best case we get automated dep-bump prs, most of which will be useless cause we have to adapt to API changes, but hey, notifications good, I guess.

This will work only when the settings are turned on the security settings like this.

[arik-so]

LGTM

[TheBlueMatt]

Looks like that was auto-enabled when we added the file to the main branch.

[naveensrinivasan]

Looks like that was auto-enabled when we added the file to the main branch.

That is surprising!