add cron job for automated dependency version checks

[guan404ming]

Currently, our project does not have an automated mechanism to regularly check for updates to third-party dependencies.

I propose adding a scheduled Cron Job that performs the following:

• Periodically (e.g., daily or weekly) checks for newer versions of dependencies listed in package.json, requirements.txt, or other relevant files.

• Leverages tools such as Dependabot or auto-pull-request to automatically open pull requests or create update reports.

shall we add this? If so, I could help survey and implement this~

[jorenham]

Dependabot is already set-up :)
https://github.com/numpy/numtype/blob/main/.github/dependabot.yml

But for some reason, I haven't seen it in action yet, even though it's configured to run daily 🤔

[guan404ming]

Perfect!!

[jorenham]

I'm not sure if dependabot will also update the lockfiles in tool/, so maybe we could use another tool for that, if that's not the case?

[guan404ming]

I’ll look into whether Dependabot updates the lockfiles in tool/. If it doesn’t, maybe we can use something else for tha

[jorenham]

But for some reason, I haven't seen it in action yet, even though it's configured to run daily 🤔

Yea the dependabot logs suggest that it's not really working at the moment:
https://github.com/numpy/numtype/actions/runs/14119769096/job/39557734397

specifically:

updater | 2025/03/28 01:06:42 INFO <job_988219875> All versions of numpy ignored, no update allowed
updater | 2025/03/28 01:06:42 WARN <job_988219875> Please check your configuration as there are groups where no dependencies match:
- actions

This can happen if:
- the group's 'pattern' rules are misspelled
- your configuration's 'allow' rules do not permit any of the dependencies that match the group
- the dependencies that match the group rules have been removed from your project

  proxy | 2025/03/28 01:06:42 [011] POST /update_jobs/988219875/update_dependency_list
  proxy | 2025/03/28 01:06:42 [011] 204 /update_jobs/988219875/update_dependency_list
  proxy | 2025/03/28 01:06:42 [013] POST /update_jobs/988219875/increment_metric
  proxy | 2025/03/28 01:06:42 [013] 204 /update_jobs/988219875/increment_metric
updater | 2025/03/28 01:06:42 INFO <job_988219875> Starting grouped update job for numpy/numtype
2025/03/28 01:06:42 INFO <job_988219875> Found 1 group(s).
updater | 2025/03/28 01:06:42 WARN <job_988219875> Skipping update group for 'actions' as it does not match any allowed dependencies.
updater | 2025/03/28 01:06:42 INFO <job_988219875> Marking group 'actions' as handled.
updater | 2025/03/28 01:06:42 INFO <job_988219875> Adding dependencies as handled: ().
updater | 2025/03/28 01:06:42 INFO <job_988219875> All versions of numpy ignored, no update allowed
updater | 2025/03/28 01:06:42 INFO <job_988219875> Found no dependencies to update after filtering allowed updates in /