Open
Description
It looks like many of numpy's test dependencies haven't been updated since dependabot was disabled in 2021, see #20268.
In the meantime, github fixed the issue causing spam PRs on forks of NumPy at the end of last year.
Would it make sense to turn dependabot on again now that forks won't be spammed with PRs anymore? I think existing forks may need to toggle a setting, new forks should have that setting turned off by default.
If there's no appetite for turning on dependabot again, would a PR that updates the test dependencies be OK?