diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml
new file mode 100644
index 0000000..bad4b50
--- /dev/null
+++ b/.github/auto-merge.yml
@@ -0,0 +1,17 @@
+# Configure here which dependency updates should be merged automatically.
+# The recommended configuration is the following:
+- match:
+    # Only merge patches for production dependencies
+    dependency_type: production
+    update_type: "semver:patch"
+- match:
+    # Except for security fixes, here we allow minor patches
+    dependency_type: production
+    update_type: "security:minor"
+- match:
+    # and development dependencies can have a minor update, too
+    dependency_type: development
+    update_type: "semver:minor"
+
+# The syntax is based on the legacy dependabot v1 automerged_updates syntax, see:
+# https://dependabot.com/docs/config-file/#automerged_updates
\ No newline at end of file
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..8c378df
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: monthly
+    time: "04:00"
+    timezone: Europe/Berlin
+  open-pull-requests-limit: 20
+  assignees:
+  - Author
+  versioning-strategy: increase
\ No newline at end of file