schedule checks so they happen at 4:00am UTC. This way gitlab CI doesn't get blocked during working hours.
- limit the number of open PRs - check for actions updates less often b/c this is less critical
dependabot is an independent security scanning tool which mostly focuses on evaluating the dependency chain. Having the dependabot.yml file on the main branch would enable the bot to test the dependencies daily.
