Add contents about dependabot

[tkoyama010]

Is the content of dependabot necessary for this guide? When managing Python packages, the dependabot configuration is very important for making the package robust.

• Working with Dependabot

[lwasser]

@tkoyama010 it could be worth bringing this up in our packaging channel in slack and linking to this issue. See what others think and we can decide together here! I recently started using it, thanks to @pllim, and I see the value in it!! if others agree, then I think we should add a section on it to the guide.

[tkoyama010]

@all-contributors please add @tkoyama010 for idea

[allcontributors]

@tkoyama010

I've put up a pull request to add @tkoyama010! 🎉

[RobPasMue]

Dependabot is a great tool for keeping dependencies up-to-date! Not only for getting the "greatest and latest" but also for checking if your range of versions is also admitting vulnerable versions (reported by security advisories). It's great your planning on adding it!

[sneakers-the-rat]

I think it would be great if we restructured the guides a bit to be able to give all the supplemental topics like this a home. I had made a prior pitch on this before: pyOpenSci/pyopensci.github.io#441 (comment)

The "python packaging guide" already has stuff about tests and docs and whatnot, which are certainly related to packaging, as is stuff like dependabot, but i think that as we want to add more and more (which is great!) it will start to get strained and hard to navigate.

I also think it would be great to make room for things that are halfway between a blog post and an authoritative guide (i think i mentioned this in the slack? can't find it now), where eg. if someone really loves dependabot they can contribute a guide for it and have it tagged as being "guide from this person" and not have to worry so much about "does this belong in an authoritative guide."

So currently our section on CI is relatively sparse: https://www.pyopensci.org/python-package-guide/tests/tests-ci.html

and it's designed to be guide-like, read in series with the rest of the documents (which is also great!). It might be nice to have some toctree like this

guide
  packaging
    ...
  documentation
    ...
  tests
    ...
    ci -> /ci/intro
    ...
ci
  intro
  workflow_syntax
  actions
    ...
    dependabot
    ...
  

where we have narrative documentation part as in the guide, but then we can have arbitrary n subpages within actions that are like "here are some useful actions, this isn't part of the linear progression of the guide if you are following it, but it's a standalone reference you may encounter as you follow the guide or use independently"

[tkoyama010]

@all-contributors please add @sneakers-the-rat for ideas

[allcontributors]

@tkoyama010

I've put up a pull request to add @sneakers-the-rat! 🎉