Introduce automated dependency updates

[pbeza]

Background

We frequently open small, manual PRs whose sole purpose is to bump dependencies. This is repetitive, time-consuming, and easy to forget — and it feels like something we could automate at least partially.

Other projects already rely on tools like Dependabot or Renovate to proactively open PRs when dependencies can be safely updated. For example: matter-labs/teepot#350.

This idea was also suggested earlier (July 2025), but an issue was never created to track it: #651 (comment).

Automating dependency bumps would:

• Reduce manual maintenance work
• Keep dependencies fresher and more secure
• Standardize how dependency updates are proposed and reviewed

User Story

No response

Acceptance Criteria

• Select Dependabot and/or Renovate
• Tool opens automated PRs for dependency updates
• CI runs on generated PRs
• Dependency PRs are clearly labeled and easy to review

Resources & Additional Notes

• https://nearone.slack.com/archives/C0912BTG51T/p1770629986807389?thread_ts=1770623239.675169&cid=C0912BTG51T
• chore: use workspace for dependencies #651 (comment)