diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 70774ed7..18d756ba 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,52 +3,11 @@
 # Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
 # the above-mentioned repo.
 
+# All dependendencies, except git submodules, in this project are now managed by Renovate.
+# See https://github.com/LizardByte/.github/blob/master/renovate-config.json5 for configuration.
+
 version: 2
 updates:
-  - package-ecosystem: "cargo"
-    directory: "/"
-    rebase-strategy: disabled
-    schedule:
-      interval: "cron"
-      cronjob: "0 1 * * *"
-      timezone: "America/New_York"
-    open-pull-requests-limit: 10
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    rebase-strategy: disabled
-    schedule:
-      interval: "cron"
-      cronjob: "30 1 * * *"
-      timezone: "America/New_York"
-    open-pull-requests-limit: 10
-
-  - package-ecosystem: "github-actions"
-    directories:
-      - "/"
-      - "/.github/actions/*"
-      - "/actions/*"
-    rebase-strategy: disabled
-    schedule:
-      interval: "cron"
-      cronjob: "0 2 * * *"
-      timezone: "America/New_York"
-    open-pull-requests-limit: 10
-    groups:
-      docker-actions:
-        applies-to: version-updates
-        patterns:
-          - "docker/*"
-      github-actions:
-        applies-to: version-updates
-        patterns:
-          - "actions/*"
-          - "github/*"
-      lizardbyte-actions:
-        applies-to: version-updates
-        patterns:
-          - "LizardByte/*"
-
   - package-ecosystem: "gitsubmodule"
     directory: "/"
     rebase-strategy: disabled
@@ -57,48 +16,3 @@ updates:
       cronjob: "30 2 * * *"
       timezone: "America/New_York"
     open-pull-requests-limit: 10
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    rebase-strategy: disabled
-    schedule:
-      interval: "cron"
-      cronjob: "0 3 * * *"
-      timezone: "America/New_York"
-    open-pull-requests-limit: 10
-    groups:
-      dev-dependencies:
-        applies-to: version-updates
-        dependency-type: "development"
-
-  - package-ecosystem: "nuget"
-    directory: "/"
-    rebase-strategy: disabled
-    schedule:
-      interval: "cron"
-      cronjob: "30 3 * * *"
-      timezone: "America/New_York"
-    open-pull-requests-limit: 10
-
-  - package-ecosystem: "pip"
-    directory: "/"
-    rebase-strategy: disabled
-    schedule:
-      interval: "cron"
-      cronjob: "0 4 * * *"
-      timezone: "America/New_York"
-    open-pull-requests-limit: 10
-    groups:
-      pytest-dependencies:
-        applies-to: version-updates
-        patterns:
-          - "pytest*"
-
-  - package-ecosystem: "rust-toolchain"
-    directory: "/"
-    rebase-strategy: disabled
-    schedule:
-      interval: "cron"
-      cronjob: "30 4 * * *"
-      timezone: "America/New_York"
-    open-pull-requests-limit: 1
diff --git a/.github/workflows/_codeql.yml b/.github/workflows/_codeql.yml
index 15c5a6f6..5569a2ed 100644
--- a/.github/workflows/_codeql.yml
+++ b/.github/workflows/_codeql.yml
@@ -4,16 +4,13 @@
 # the above-mentioned repo.
 
 name: CodeQL
-permissions:
-  actions: read
-  contents: read
-  security-events: write
+permissions: {}
 
 on:
+  pull_request:
   push:
     branches:
       - master
-  pull_request:
   schedule:
     - cron: '00 12 * * 0'  # every Sunday at 12:00 UTC
 
@@ -26,3 +23,7 @@ jobs:
     name: CodeQL
     uses: LizardByte/.github/.github/workflows/__call-codeql.yml@master
     if: ${{ github.repository != 'LizardByte/.github' }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
diff --git a/.github/workflows/_common-lint.yml b/.github/workflows/_common-lint.yml
index 80be0ccf..276fca51 100644
--- a/.github/workflows/_common-lint.yml
+++ b/.github/workflows/_common-lint.yml
@@ -4,8 +4,7 @@
 # the above-mentioned repo.
 
 name: common lint
-permissions:
-  contents: read
+permissions: {}
 
 on:
   pull_request:
@@ -19,3 +18,6 @@ jobs:
     name: Common Lint
     uses: LizardByte/.github/.github/workflows/__call-common-lint.yml@master
     if: ${{ github.repository != 'LizardByte/.github' }}
+    permissions:
+      contents: read
+      pull-requests: read
diff --git a/.github/workflows/_top-issues.yml b/.github/workflows/_top-issues.yml
new file mode 100644
index 00000000..3072822c
--- /dev/null
+++ b/.github/workflows/_top-issues.yml
@@ -0,0 +1,27 @@
+---
+# This workflow is centrally managed in https://github.com/LizardByte/.github/
+# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
+# the above-mentioned repo.
+
+# Create a top issues dashboard
+
+name: Top issues
+permissions: {}
+
+on:
+  schedule:
+    - cron: '0 6/12 * * *'
+  workflow_dispatch:
+
+concurrency:
+  group: 'top-issues'
+  cancel-in-progress: true
+
+jobs:
+  top-issues:
+    name: Top issues
+    uses: LizardByte/.github/.github/workflows/__call-top-issues.yml@master
+    if: github.repository_owner == 'LizardByte'
+    permissions:
+      contents: read
+      issues: write
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 00000000..de13970f
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>LizardByte/.github:renovate-config"
+  ]
+}