The most important is that now GitHub is their owner (Microsoft actually) and it’s free
it sure sends a lot of spam
Actually we are working on it, but currently not sure if we will use dependabot, maybe other bot will work better.
That’s because most of our dependencies is outdated
DevOps team released this functionality for platform and storefront repositories. You can easily check it in pull requests and filter them by label “dependencies”.