Add workflow to make dependabot commits compatible with Yarn v2

Adapted from dependabot/dependabot-core#1297 (comment)

Author: CarsonF

.github/workflows/dependabot.yml

@@ -0,0 +1,39 @@
+name: Dependabot
+
+on:
+  push:
+    branches: [ dependabot/npm_and_yarn/** ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+      - name: Use Node.js 12.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: '12'
+
+      - name: Autofix lockfile
+        run: |
+          # restore yarn.lock from the previous commit
+          git checkout HEAD^ -- yarn.lock
+
+          # if package.json was not updated, upgrade the dependency
+          git diff --name-only HEAD^ HEAD | grep -q 'package.json' || yarn up `git log -1 --pretty=%s | awk '{ print $2 }'`
+
+          # restore package.json from the last commit
+          git checkout HEAD -- package.json
+
+          yarn install
+
+      - name: Commit changes
+        run: |
+          git add yarn.lock
+          git config --global user.name 'dependabot[bot]'
+          git config --global user.email '49699333+dependabot[bot]@users.noreply.github.com'
+          git commit --amend
+          git push -f