chore(deps): migrate repositories to hybrid Renovate ownership

[ss-o]

Summary

Roll out the proposed hybrid dependency-management policy after ADR 0012 and the shared renovate-config.json are accepted and merged to main. Renovate will own routine version updates; GitHub Dependabot will retain dependency graph alerts and security update pull requests.

Merge gate

Blocked until the .github policy/configuration change containing ADR 0012, renovate-config.json, and runbooks/dependency-management.md is merged. Do not remove a repository's .github/dependabot.yml before the shared preset is available on main.

Scope

The Renovate GitHub App is installed for all organization repositories and is not suspended. Migrate the currently known workspace repositories that contain .github/dependabot.yml:

• z-shell/z-a-meta-plugins
• z-shell/src
• z-shell/zi
• z-shell/wiki
• z-shell/zd
• z-shell/zsh-eza
• z-shell/zsh-lint
• z-shell/zunit

z-shell/.github is migrated atomically in the policy/configuration change itself.

Per-repository checklist

• Confirm Renovate processes the repository using local>z-shell/.github:renovate-config or automatic organization preset discovery.
• Confirm dependency graph, Dependabot alerts, and Dependabot security updates remain enabled in GitHub settings.
• Add a minimal renovate.json only when an exception is required.
• Preserve non-default update targets; z-shell/zi currently requires baseBranches: ["next"].
• Remove .github/dependabot.yml so routine version updates do not overlap.
• Validate configuration with renovate-config-validator.
• Confirm routine dependency PRs come only from Renovate.

Triage

• Suggested item type: Maintenance
• Priority: High
• Effort: Medium
• Status: Blocked pending policy/config merge

References

• decisions/0012-hybrid-dependency-management.md
• runbooks/dependency-management.md
• renovate-config.json