This project currently relies on manual upgrade to manage dependency version. While the project maintainers have the flexibility to fully control the dependency, sometimes it's easy to miss some upgrades. Enabling github dependabot can help with this problem. With each PR raised by dependabot, the project maintainers can receive timely and detailed notification of a potential library upgrade, and decide whether to accept it or not.