Create dependabot rule to upgrade TorchFix version

[huydhn]

The parameters are from From https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

Testing

On my own fork https://github.com/huydhn/executorch/blob/main/.github/dependabot.yml, and the PR to upgrade TorchFix is created successfully huydhn#2

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/3208

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

✅ No Failures

As of commit 27dc07c with merge base 8dc54d5 ():
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[facebook-github-bot]

@huydhn has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[kit1980]

Why not just unpin?

[huydhn]

Why not just unpin?

Like PT, ET is currently pinned all their dependencies as part of Docker image build, so I think having a PR like huydhn#2 would allow ET owners to control the upgrade process and land the PR only when it looks good.

Also, creating a dependabot.yml might be useful for other packages in the future.

[facebook-github-bot]

@huydhn has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[huydhn]

I switch the reviewer to pytorch/team-executorch as they are the owners.

[kit1980]

There is a chance that new TorchFix release will introduce CI failures after new rules added to TorchFix.
I wonder how this going to be handled in the dependabot workflow.

[huydhn]

@pytorchbot drci

[facebook-github-bot]

@huydhn merged this pull request in dbf90c2.