All repositories should have either Renovate or Dependabot enabled

This is one of Scorecard's high-risk checks: https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool