If you had Web Security policies prior to upgrading your environment, you'll find them in a new editable Snippet called “web-sec-migration”. If you had targeted rules specific for GlobalProtect, Explicit Proxy, or Remote Networks, your find them in a separate snippet that's attached to the relevant scope.

So you don't encounter any functional changes to your configuration, snippets have already associated with their correct level, but you'll need to perform a full ("All Admin" scope) before your commits can function.