diff --git a/.dependabot/config.yml b/.dependabot/config.yml
new file mode 100644
index 0000000..e0be442
--- /dev/null
+++ b/.dependabot/config.yml
@@ -0,0 +1,14 @@
+version: 1
+update_configs:
+  - package_manager: "javascript"
+    directory: "/"
+    update_schedule: "live"
+    version_requirement_updates: "increase_versions_if_necessary"
+    commit_message:
+      prefix: "⬆"
+
+  - package_manager: "submodules"
+    directory: "/"
+    update_schedule: "daily"
+    commit_message:
+      prefix: "⬆"
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
new file mode 100644
index 0000000..fccc0f6
--- /dev/null
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,30 @@
+name: Automerge Dependabot Updates
+
+on:
+  check_suite:
+    types:
+      - completed
+
+jobs:
+  auto_merge:
+    runs-on: ubuntu-latest
+
+    needs:
+      - build_and_test
+
+    steps:
+      - name: auto-merge
+        uses: ridedott/merge-me-action@v1.1.34
+        with:
+          # Depending on branch protection rules, a  manually populated
+          # `GITHUB_TOKEN_WORKAROUND` environment variable with permissions to
+          # push to a protected branch must be used. This variable can have an
+          # arbitrary name, as an example, this repository uses
+          # `GITHUB_TOKEN_DOTTBOTT`.
+          #
+          # When using a custom token, it is recommended to leave the following
+          # comment for other developers to be aware of the reasoning behind it:
+          #
+          # This must be used as GitHub Actions token does not support
+          # pushing to protected branches.
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN_DOTTBOTT }}