diff --git a/.github/workflows/dependabot-auto-approve.yml b/.github/workflows/dependabot-auto-approve.yml
new file mode 100644
index 0000000..e60be6e
--- /dev/null
+++ b/.github/workflows/dependabot-auto-approve.yml
@@ -0,0 +1,20 @@
+name: Dependabot auto-approve
+on: pull_request
+
+permissions:
+  pull-requests: write
+  
+jobs:
+  get-metadata:
+    uses: ./.github/workflows/dependabot-metadata.yml
+
+  dependabot:
+    runs-on: ubuntu-latest
+    needs: get-metadata
+    steps:
+      - name: Approve a PR
+        if: needs.get-metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/dependabot-auto-label.yml b/.github/workflows/dependabot-auto-label.yml
new file mode 100644
index 0000000..210af68
--- /dev/null
+++ b/.github/workflows/dependabot-auto-label.yml
@@ -0,0 +1,33 @@
+name: Dependabot auto-label
+on: pull_request
+
+permissions:
+  pull-requests: write
+  issues: write
+
+jobs:
+  get-metadata:
+    uses: ./.github/workflows/dependabot-metadata.yml
+
+  dependabot:
+    runs-on: ubuntu-latest
+    needs: get-metadata
+    steps:
+      - name: Add a label for all production dependencies
+        if: needs.get-metadata.outputs.dependency-type == 'direct:production'
+        run: gh pr edit "$PR_URL" --add-label "dep:production"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Add a label for all development dependencies
+        if: needs.get-metadata.outputs.dependency-type == 'direct:development'
+        run: gh pr edit "$PR_URL" --add-label "dep:development"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Add a label for all indirect dependencies
+        if: needs.get-metadata.outputs.dependency-type == 'indirect'
+        run: gh pr edit "$PR_URL" --add-label "dep:indirect"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
new file mode 100644
index 0000000..0e09b92
--- /dev/null
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,21 @@
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+  
+jobs:
+  get-metadata:
+    uses: ./.github/workflows/dependabot-metadata.yml
+
+  dependabot:
+    runs-on: ubuntu-latest
+    needs: get-metadata
+    steps:
+      - name: Enable auto-merge for Dependabot PRs
+        if: needs.get-metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/dependabot-metadata.yml b/.github/workflows/dependabot-metadata.yml
new file mode 100644
index 0000000..e54a08d
--- /dev/null
+++ b/.github/workflows/dependabot-metadata.yml
@@ -0,0 +1,63 @@
+name: Get Dependabot Metadata
+
+on:
+  workflow_call:
+    inputs:
+      github-token:
+        description: 'GitHub token for authentication'
+        required: false
+        type: string
+        default: ${{ github.token }}
+    outputs:
+      dependency-names:
+        description: 'Dependency names from metadata'
+        value: ${{ jobs.metadata.outputs.dependency-names }}
+      dependency-type:
+        description: 'Dependency type from metadata'
+        value: ${{ jobs.metadata.outputs.dependency-type }}
+      update-type:
+        description: 'Update type from metadata'
+        value: ${{ jobs.metadata.outputs.update-type }}
+      package-ecosystem:
+        description: 'Package ecosystem from metadata'
+        value: ${{ jobs.metadata.outputs.package-ecosystem }}
+      target-branch:
+        description: 'Target branch from metadata'
+        value: ${{ jobs.metadata.outputs.target-branch }}
+      previous-version:
+        description: 'Previous version from metadata'
+        value: ${{ jobs.metadata.outputs.previous-version }}
+      new-version:
+        description: 'New version from metadata'
+        value: ${{ jobs.metadata.outputs.new-version }}
+      alert-state:
+        description: 'Alert state from metadata'
+        value: ${{ jobs.metadata.outputs.alert-state }}
+      ghsa-id:
+        description: 'GHSA ID from metadata'
+        value: ${{ jobs.metadata.outputs.ghsa-id }}
+      cvss:
+        description: 'CVSS score from metadata'
+        value: ${{ jobs.metadata.outputs.cvss }}
+
+jobs:
+  metadata:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    outputs:
+      dependency-names: ${{ steps.metadata.outputs.dependency-names }}
+      dependency-type: ${{ steps.metadata.outputs.dependency-type }}
+      update-type: ${{ steps.metadata.outputs.update-type }}
+      package-ecosystem: ${{ steps.metadata.outputs.package-ecosystem }}
+      target-branch: ${{ steps.metadata.outputs.target-branch }}
+      previous-version: ${{ steps.metadata.outputs.previous-version }}
+      new-version: ${{ steps.metadata.outputs.new-version }}
+      alert-state: ${{ steps.metadata.outputs.alert-state }}
+      ghsa-id: ${{ steps.metadata.outputs.ghsa-id }}
+      cvss: ${{ steps.metadata.outputs.cvss }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: ${{ inputs.github-token }}