[Feature] Enable Renovatebot for dependency management

[ylemkimon]

• I'd be willing to implement this feature
• This feature can already be implemented through a plugin

Describe the user story
Renovate now supports Yarn 2 and its zero-install (renovatebot/renovate#7220).

It could also serve as an E2E test for Yarn 2 support of Renovate.

Describe the solution you'd like
Enable Renovatebot on the repo.

The config may be copied from https://github.com/yarnpkg/yarn/blob/master/renovate.json.

It's also possible to enable dedupe via postUpdateOptions: ["yarnDedupeHighest"] configuration.

Describe the drawbacks of your solution

• Noise

Describe alternatives you've considered

• Manual dependency management

[arcanis]

It would be interesting, especially in terms of dogfooding, but I'm personally a bit worried of the noise 🤔

In general we currently upgrade dependencies when we notice something we actually need (most frequently a feature), and so far it seems to work without requiring a lot of efforts from us. If we were to actively upgrade without precise reason, it would require much more triaging (and reviews are already taxing), and would increase the likelihood that a bug creeps past us.

[ylemkimon]

@arcanis One way would be to enable dependencyDashboardApproval for all updates, i.e., Renovate will not create branches/PRs automatically but instead wait for manual approval by maintainers from within the Dependency Dashboard.