diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8e5104e642..bcc121c738 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,25 +1,10 @@
 version: 2
 
 updates:
-  - package-ecosystem: npm
-    directory: '/'
-    schedule:
-      interval: daily
-    labels:
-      - dependencies
-    versioning-strategy: increase
-    ignore:
-      - dependency-name: typescript
-        versions:
-          - '>= 3.10.a'
-      - dependency-name: '@types/node'
-        versions:
-          - '>= 11.a'
-
   - package-ecosystem: nuget
     directory: '/packages/@jsii/dotnet-runtime/src'
     schedule:
-      interval: daily
+      interval: weekly
     labels:
       - dependencies
       - language/dotnet
@@ -27,7 +12,7 @@ updates:
   - package-ecosystem: nuget
     directory: '/packages/@jsii/dotnet-runtime-test/test'
     schedule:
-      interval: daily
+      interval: weekly
     labels:
       - dependencies
       - language/dotnet
@@ -35,7 +20,7 @@ updates:
   - package-ecosystem: pip
     directory: '/packages/@jsii/python-runtime'
     schedule:
-      interval: daily
+      interval: weekly
     labels:
       - dependencies
       - language/python
@@ -43,7 +28,7 @@ updates:
   - package-ecosystem: pip
     directory: '/gh-pages'
     schedule:
-      interval: daily
+      interval: weekly
     labels:
       - dependencies
       - language/python
@@ -68,3 +53,5 @@ updates:
     directory: '/'
     schedule:
       interval: daily
+    labels:
+      - dependencies
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
new file mode 100644
index 0000000000..312888dafa
--- /dev/null
+++ b/.github/workflows/auto-approve.yml
@@ -0,0 +1,13 @@
+# Approve PRs with "pr/auto-approve". mergify takes care of the actual merge.
+
+name: auto-approve
+on: pull_request
+
+jobs:
+  auto-approve:
+    if: contains(github.event.pull_request.labels.*.name, 'pr/auto-approve')
+    runs-on: ubuntu-latest
+    steps:
+    - uses: hmarr/auto-approve-action@v2.0.0
+      with:
+        github-token: "${{ secrets.AUTO_APPROVE_GITHUB_TOKEN }}"
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
deleted file mode 100644
index 0a708a5c84..0000000000
--- a/.github/workflows/dependabot.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-# Automatically manage PRs made by Dependabot
-
-name: Dependabot Pull Requests
-on:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - "!**"                         # <-- Excludes everything by default
-      - "**/package.json"             # <-- Allows modfying any package.json
-      - "**/*.csproj"                 # <-- Allows modifying any .csproj file
-      - "**/Directory.Build.targets"  # <-- Allows modifying any Directory.Build.targets file
-      - "yarn.lock"                   # <-- Allows modifying yarn.lock
-    types:
-      - opened
-
-jobs:
-  approve:
-    name: Auto-Approve
-    if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'dependabot-preview[bot]'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Request @dependabot auto-merge
-        uses: ahmadnassri/action-dependabot-auto-merge@v2
-        with:
-          command: 'squash and merge'
-          github-token: ${{ secrets.AUTO_APPROVE_GITHUB_TOKEN }}
-          target: minor