Step 2 (this PR): Commit a minimal .github/dependabot.yml specifying open-pull-requests-limit: 0 (this is a hack to enable only security updates, which can't otherwise be configured), the same assignee as currently specified in dependabot's UI, and the associated team as reviewers.
This transitions security updates from dependabot (which is pending retirement) to Github-managed.
Step 1 (already complete): Enable "Dependabot security updates" under the repo's Security & analysis settings.
Step 2 (this PR): Commit a minimal
.github/dependabot.yml
specifyingopen-pull-requests-limit: 0
(this is a hack to enable only security updates, which can't otherwise be configured), the same assignee as currently specified in dependabot's UI, and the associated team as reviewers.