Migration to renovate (#1276)

* Disable dependabot

* Modify semver range rules

- do not update `package.json` but still update lockfile (mirrors
  `dependabot` rules)

* Add tag to renovate PRs

Author: shenyih0ng

.github/dependabot.yml

@@ -5,4 +5,4 @@ updates:
   schedule:
     interval: monthly
     time: "07:00"
-  open-pull-requests-limit: 10
+  open-pull-requests-limit: 0 # disabled for `renovate` migration (might switch back in the future)

renovate.json

@@ -1,10 +1,16 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:base", ":dependencyDashboard", ":preserveSemverRanges", "group:allNonMajor"
+    "config:base", ":dependencyDashboard", "group:allNonMajor", ":label(dependencies)"
   ],
   "major": {
     "dependencyDashboardApproval": true
   },
+  "packageRules": [
+	  {
+		  "matchPackagePatterns": ["*"],
+		  "rangeStrategy": "update-lockfile"
+	  }
+  ],
   "enabledManagers": ["npm"]
 }