Auto merge of #2086 - alsuren:canuse-lite-dependabot, r=jtgeibel

manually run dependabot for caniuse-lite

It looks like dependabot is able to make a minimal incision and update
caniuse-lite without messing around with the rest of the package lock.
I suspect that dependabot will eventually get around to updating
caniuse-lite if we wait long enough, but I was curious to see how hard
it is to run manually, so I had a go. Turns out it's really easy, but
takes quite a long time.

Steps to reproduce:

* clone https://github.com/dependabot/dependabot-core
* docker pull dependabot/dependabot-core
* bin/docker-dev-shell
  * bin/dry-run.rb --dep caniuse-lite npm_and_yarn rust-lang/crates.io
* paste the printed patch into a file (e.g. patchfile.txt)
* patch package-lock.json patchfile.txt
* npm ci && npm start

Fixes #1914