Come home, dependabot

[Swiddis]

Description

Adds a quick YML config to poke it back to life. We can remove the config again once it's alive if we want to keep the default config.

Some decisions:

• Weekly updates since daily tends to flood a lot, and our stale PR review is biweekly anyway
• The group config means all the updates come in one PR, instead of dozens of PRs for every update
• Skip changelog by default

Related Issues

N/A

Check List

• New functionality includes testing.
• New functionality has been documented.
• New functionality has javadoc added.
• New functionality has a user manual doc added.
• New PPL command checklist all confirmed.
• API changes companion pull request created.
• Commits are signed per the DCO using --signoff or -s.
• Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🧪 No relevant tests

🔒 No security concerns identified

✅ No TODO sections

🔀 No multiple PR themes

⚡ Recommended focus areas for review Grouping Config The group configuration syntax appears incorrect. The correct Dependabot v2 syntax for grouping dependencies uses groups (plural) as the key, not group. This may cause the grouping feature to be silently ignored, resulting in individual PRs per dependency update rather than a single grouped PR. group: all-dependencies: patterns: - "*"

[dai-chen]

Do you know why other repo like sql-cli doesn't need this?

[Swiddis]

Not sure the exact dependabot behavior, but I know you can configure it with this & if it's reconfigured it'll come back. There might be another way to revive it without a file bump but even then I'd rather push this config if we're enabling it to prevent as much PR load.