Maintain dependencies using dependabot

[foolip]

https://dependabot.com/ sends PRs for node dependencies, and I've found it to be quite nice for some other personal projects.

@domenic have you used this, and WDYT?

[domenic]

I've not used it. I'd be happy to do this if you're able to set it up :)

[foolip]

Alright, I'll enable it and look at the PRs it sends.

[foolip]

A bunch of PRs have been sent now. Per #4 test coverage isn't perfect.

@domenic merging will automatically deploy, but is there any sort of precaution you'd want to take beyond seeing tests pass?

[domenic]

I think it'll probably be fine... I mean, ideally we'd get the additional coverage, but I don't think we should block on that.

[foolip]

I've merged a number of PRs that seemed low risk now and it seems fine. Will keep merging the smallest possible changes to resolve npm audit issues, and see what's then left.

[foolip]

Closing this since Dependabot is set up. I'll watch the repo to see the PRs as well.