Hey! Would you like to add a dependency update tool, such as Dependabot or Renovatebot, to update the GitHub actions used in workflows?

We can configure the dependency update tool to automatically open PRs to update only GitHub actions. Perhaps only update when there's a vulnerable version, to generate less noise. It will also help handle the commit SHA updates. Does it make sense to add a dependency update tool?

Additional context

Hi again! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

Pull request invited.