Some notes here:
- Dependabot supports ignoring major, minor, or patch updates
- gradle-dependency-submission project supports submitting Gradle dependencies via the Dependabot API, but it does this via parsing the output of the dependencies task which is not ideal. It misses dependencies like gradlew, gradle plugins, etc. I think we should consider submitting a ticket to request using the Gradle Tooling API instead of parsing the output of the dependencies task.
- github-dependency-extractor could be another option, but it currently does not seem to be active