Add Dependabot guide (#342)

* dependabot

* Update 2024-01-23-dependabot.md

_posts/2024-01-23-dependabot.md

@@ -0,0 +1,81 @@
+---
+layout: post
+title:  "General Availability of Dependabot Integration"
+author:
+    - "@joshspicer"
+authorUrl:
+    - https://github.com/joshspicer
+---
+
+We are excited to announce that starting today, in collaboration with the Dependabot Team, the `devcontainers` package ecosystem is now generally available! 
+ Dependabot will now be able to update your public Dev Container [Features](https://containers.dev/features), keeping them up-to-date with the latest published versions.
+
+ To opt-in, add a `.github/dependabot.yml` to a repository containing one or more `devcontainer.json` configuration files:
+
+ ```yaml
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "devcontainers" # See documentation for possible values
+    directory: "/"
+    schedule:
+      interval: weekly
+ ```
+
+Once configured, Dependabot will begin to create pull requests to update your Dev Container Features:
+
+
+<div style="display: flex; justify-content: center;">
+    <img style="max-width: 100%; height: auto;" src="/img/dependabot-pr.png" alt="Dependabot PR">
+</div>
+
+An example diff generated by Dependabot is shown below:
+
+```diff
+---
+ .devcontainer-lock.json              | 8 ++++----
+ .devcontainer.json                   | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/.devcontainer-lock.json b/.devcontainer-lock.json
+index 324582b..a3868d9 100644
+--- a/.devcontainer-lock.json
++++ b/.devcontainer-lock.json
+@@ -1,9 +1,9 @@
+ {
+   "features": {
+-    "ghcr.io/devcontainers/features/docker-in-docker:1": {
+-      "version": "1.0.9",
+-      "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:b4c04ba88371a8ec01486356cce10eb9fe8274627d8d170aaec87ed0d333080d",
+-      "integrity": "sha256:b4c04ba88371a8ec01486356cce10eb9fe8274627d8d170aaec87ed0d333080d"
++    "ghcr.io/devcontainers/features/docker-in-docker:2": {
++      "version": "2.7.1",
++      "resolved": "ghcr.io/devcontainers/features/docker-in-docker@sha256:f6a73ee06601d703db7d95d03e415cab229e78df92bb5002e8559bcfc047fec6",
++      "integrity": "sha256:f6a73ee06601d703db7d95d03e415cab229e78df92bb5002e8559bcfc047fec6"
+     }
+   }
+ }
+\ No newline at end of file
+diff --git a/.devcontainer.json b/.devcontainer.json
+index e9d9af5..9eb9165 100644
+--- a/.devcontainer.json
++++ b/.devcontainer.json
+@@ -1,6 +1,6 @@
+ {
+     "image": "mcr.microsoft.com/devcontainers/base:jammy",
+     "features": {
+-        "ghcr.io/devcontainers/features/docker-in-docker:1": {}
++        "ghcr.io/devcontainers/features/docker-in-docker:2": {}
+     }
+ }
+```
+
+ This updater ensures publicly-accessible Features are pinned to the latest version in the associated `devcontainer.json` file.  If a dev container has an associated lockfile, that file will also be updated. For more information on lockfiles, see this [specification](https://github.com/devcontainers/spec/blob/main/docs/specs/devcontainer-lockfile.md).
+
+Features in any [valid dev container location](https://containers.dev/implementors/spec/#devcontainerjson) will be updated in a single pull request.
+
+Dependabot version updates are free to use for all repositories on GitHub.com.  For more information [see the Dependabot version update documentation](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystem).