consider using dependabot to keep libraries up to date

Please consider using dependabot to keep libraries and github actions up to date.
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates