Setup dependabot for automatic and regular dependency upgrade

[dentiny]

Purpose of PR

This PR introduce dependabot, which automatically upgrades dependency on weekly basis.

Changes Made

• Bug fix
• New feature
• Refactoring
• Documentation
• Test
• CI/CD pipeline
• Other

Breaking Changes

• Yes
• No

Checklist

• Added or updated unit tests for all changes
• Added or updated documentation for all changes
• Successfully built and ran all unit tests or manual tests locally
• PR title follows "MAHOUT-XXX: Brief Description" format (if related to an issue)
• Code follows ASF guidelines

[400Ping]

cc @rich7420 @guan404ming

[ryankert01]

@dentiny Is it making sense to add a python one also?

[dentiny]

@dentiny Is it making sense to add a python one also?

make sense, but I almost never wrote python before, need to check more (vibe code one).

[rawkintrevo]

These things tend to break stuff in prod. We're not in prod, so it's ok, but you need to have a VERY robust testing in place before merging something like this.

Edit- by break, I mean some one changes something upstream (even patching a bug) then down stream (us) are also now borken. They can be useful too. I'm just saying proceed with caution (or good tests, so you'll know when somethign broke that it looks like no one has touched in 3 years, but then you see, ohh dependabot upgraded some stuff recently- the testing shortens the lag between the dependabot 'upgrade' and noticing its broken)

[guan404ming]

I would like to ask that will this open a new pr for the update which could be reviewed by maintainer or it just automatically update?

Also, I think this one need some rebase. Thanks!

[guan404ming]

This one is kind of stale, please feel free to open a fresh one! Thanks!