diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml
new file mode 100644
index 0000000..f409bdd
--- /dev/null
+++ b/.github/auto-merge.yml
@@ -0,0 +1,17 @@
+# Configure here which dependency updates should be merged automatically.
+# The recommended configuration is the following:
+- match:
+      # Only merge patches for production dependencies
+      dependency_type: production
+      update_type: "semver:patch"
+- match:
+      # Except for security fixes, here we allow minor patches
+      dependency_type: production
+      update_type: "security:minor"
+- match:
+      # and development dependencies can have a minor update, too
+      dependency_type: development
+      update_type: "semver:minor"
+
+# The syntax is based on the legacy dependabot v1 automerged_updates syntax, see:
+# https://dependabot.com/docs/config-file/#automerged_updates
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 74e648d..f16f15c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,8 +1,18 @@
 version: 2
 updates:
-- package-ecosystem: npm
-  directory: "/"
-  schedule:
-    interval: weekly
-  open-pull-requests-limit: 10
-  versioning-strategy: increase
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: monthly
+      time: "04:00"
+      timezone: Europe/Berlin
+      
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: monthly
+      time: "04:00"
+      timezone: Europe/Berlin
+    open-pull-requests-limit: 20
+    versioning-strategy: increase
diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
new file mode 100644
index 0000000..42b4e90
--- /dev/null
+++ b/.github/workflows/dependabot-automerge.yml
@@ -0,0 +1,22 @@
+# Automatically merge Dependabot PRs when version comparison is within the range
+# that is configured in .github/auto-merge.yml
+
+name: Auto-Merge Dependabot PRs
+
+on:
+  pull_request_target:
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check if PR should be auto-merged
+        uses: ahmadnassri/action-dependabot-auto-merge@v2
+        with:
+          # This must be a personal access token with push access
+          github-token: ${{ secrets.AUTO_MERGE_TOKEN }}
+          # By default, squash and merge, so Github chooses nice commit messages
+          command: squash and merge