Imho, this is much saner than having so many PRs for all individual
dependencies. Taken from osbuild/images.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
dependabot is an independent security scanning tool which mostly
focuses on evaluating the dependency chain. Having the dependabot.yml
file on the main branch would enable the bot to test the dependencies
daily.
