Post an issue when a dependency falls out of date for some amount of time #16
Description
Right now the bot doesn't care if dependencies stay out of date for a long time. For instance, if a dependency reference is already out of date when the bot is initialized it will never file a PR despite the version mismatch, and if a generated PR is closed or never merged it just assumes that it's up-to-date.
The bot can take a few actions to improve the UX:
- if dependencies fall out of date for some amount of time (say a week), an issue can be filed on the dependent project to notify devs about the issue (for first-time setup or closed PR)
- if the issue is then closed the update should be ignored
- PRs that are never merged should at least be updated as additional updates come in
(depends on #2 to check for updates intermittently and parts of #8 since PRs would actually need to be tracked properly)