Restrict dependabot control comments

Hi,
I can’t find any way to restrict who’s comments DependaBot listens to in PR - am I missing something or is that not configurable?
It feels a bit wonky if anybody may trigger a merge in a public repo just by commenting?