ci: 👷 fix dependabot or switch to renovate

[karlbaumhauer]

User Story

As a developer of the Solid Design System, I would like to have all dependencies regularly updated and checked for vulnerabilities, so that I am sure our project dependencies are secure and well maintained.

Suggested Solution

As dependabot seems to have issues with pnpm (even thought it is supposed to work), I suggest to quickly have a look into possible fixes and, if it cant be fixed right away, switch to renovate as this works fine in the CMS's monorepo with pnpm.

Environment (GitHub Actions or Azure DevOps)

GitHub

Technical Information

• Dependabot Does not Recognize pnpm-lock.yaml OWASP/threat-dragon#369
• Feature request: support the pnpm package manager dependabot/dependabot-core#1736
• Dependabot is not updating package-lock when bumping dependencies in a monorepo dependabot/dependabot-core#6346 (comment)
• See renovate implementation on https://dev.azure.com/Union-Investment/Frontend/_git/union-investment-frontend?path=/.azuredevops/pipelines/renovate.yml&version=GBintegration

DoR

• Item has business value
• Item has been estimated by the team
• Item is clear and well-defined
• Item dependencies have been identified

DoD

• Documentation has been created/updated (if applicable)
• Implementation works successfully on feature branch

[mariohamann]

If this is not going to be fixed soon, we at least should remove Dependabot and all related PRs as this doesn't show our repo in a good shape, bloats our PR overview and our mail inbox. @Vahid1919 @karlbaumhauer

[karlbaumhauer]

@Vahid1919 if you have time and there is nothing left in the milestone to focus on, you could start here... If you need access to the mentioned implementation on azure devops, let me know.