build: activate dependabot (#33)

Author: cdcabrera

.github/dependabot.yml

@@ -0,0 +1,44 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+      day: wednesday
+    cooldown:
+      default-days: 14
+    open-pull-requests-limit: 3
+    target-branch: "main"
+    versioning-strategy: increase
+    allow:
+      - dependency-type: direct
+    labels:
+      - "build"
+    commit-message:
+      prefix: "build"
+      include: "scope"
+    groups:
+      dev:
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"
+      prod:
+        dependency-type: "production"
+        update-types:
+          - "patch"
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+      day: wednesday
+    cooldown:
+      default-days: 14
+    open-pull-requests-limit: 2
+    target-branch: "main"
+    labels:
+      - "build"
+    commit-message:
+      prefix: "build"
+      include: "scope"

.github/workflows/integration.yml

@@ -29,7 +29,10 @@ jobs:
             ${{ runner.os }}-${{ matrix.node-version }}-modules
       - name: Install Node.js packages
         if: ${{ steps.modules-cache.outputs.cache-hit != 'true' }}
-        run: npm install
+        run: npm ci
+      - name: Audit packages
+        run: npm audit --audit-level=high
+        continue-on-error: true
       - name: Lint and test
         run: npm test
       - name: Confirm integration