Customize Dependabot, especially for npm and gradle

[tillkuhn]

Feature
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore

Example

# Use `ignore` to specify dependencies that should not be updated

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "express"
        # For Express, ignore all updates for version 4 and 5
        versions: ["4.x", "5.x"]
        # For Lodash, ignore all updates
      - dependency-name: "lodash"
        # For AWS SDK, ignore all patch updates
      - dependency-name: "aws-sdk"
        update-types: ["version-update:semver-patch"]

[tillkuhn]

As for Gradle and not having the dependency version directly in the dependency declaration string (build.gradle.kts), check open issues

• ... calculates dependencies for a Gradle build-target and submits the list to the Dependency Submission API.
• Add support for Gradle Version Catalogs (Gradle 7.0)
• Support for Kotlin DSL Gradle projects #2280