diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 98cfb47c935..1fa156a04cf 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -21,7 +21,7 @@ jobs:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
       - name: Set git identity
         run: |-
-          git config user.name "Automation"
+          git config user.name "github-actions"
           git config user.email "github-actions@github.com"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b6b65b7b6bc..d9abe1c245b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name "Automation"
+          git config user.name "github-actions"
           git config user.email "github-actions@github.com"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
diff --git a/.github/workflows/upgrade.yml b/.github/workflows/upgrade.yml
index fea5994f31d..323bb0ae337 100644
--- a/.github/workflows/upgrade.yml
+++ b/.github/workflows/upgrade.yml
@@ -16,6 +16,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name "github-actions"
+          git config user.email "github-actions@github.com"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
         with:
@@ -51,6 +55,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name "github-actions"
+          git config user.email "github-actions@github.com"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -92,8 +100,9 @@ jobs:
 
 
             *Automatically created by projen via the "upgrade" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: "curl -i --fail -X POST -H \"Accept: application/vnd.github.v3+json\" -H
diff --git a/API.md b/API.md
index 5cb3cbacc2b..681c7457b90 100644
--- a/API.md
+++ b/API.md
@@ -12,7 +12,6 @@ Name|Description
 [ConstructLibraryAws](#projen-constructlibraryaws)|*No description*
 [ConstructLibraryCdk8s](#projen-constructlibrarycdk8s)|CDK8s construct library project.
 [ConstructLibraryCdktf](#projen-constructlibrarycdktf)|CDKTF construct library project.
-[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)|Dependencies upgrade mechanism.
 [DevEnvironmentDockerImage](#projen-devenvironmentdockerimage)|Options for specifying the Docker image of the container.
 [DockerCompose](#projen-dockercompose)|Create a docker-compose YAML file.
 [DockerComposeService](#projen-dockercomposeservice)|A docker-compose service.
@@ -439,9 +438,10 @@ new AwsCdkConstructLibrary(options: AwsCdkConstructLibraryOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -642,9 +642,10 @@ new AwsCdkTypeScriptApp(options: AwsCdkTypeScriptAppOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -809,9 +810,10 @@ new Cdk8sTypeScriptApp(options: Cdk8sTypeScriptAppOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -1034,9 +1036,10 @@ new ConstructLibrary(options: ConstructLibraryOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -1183,9 +1186,10 @@ new ConstructLibraryAws(options: AwsCdkConstructLibraryOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -1343,9 +1347,10 @@ new ConstructLibraryCdk8s(options: ConstructLibraryCdk8sOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -1512,9 +1517,10 @@ new ConstructLibraryCdktf(options: ConstructLibraryCdktfOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -1572,77 +1578,6 @@ new ConstructLibraryCdktf(options: ConstructLibraryCdktfOptions)
 
 
 
-## class DependenciesUpgradeMechanism 🔹 <a id="projen-dependenciesupgrademechanism"></a>
-
-Dependencies upgrade mechanism.
-
-
-
-### Properties
-
-
-Name | Type | Description 
------|------|-------------
-**ignoresProjen**🔹 | <code>boolean</code> | <span></span>
-*static* **NONE**🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | Disable.
-
-### Methods
-
-
-#### bind(project)🔹 <a id="projen-dependenciesupgrademechanism-bind"></a>
-
-
-
-```ts
-bind(project: NodeProject): void
-```
-
-* **project** (<code>[NodeProject](#projen-nodeproject)</code>)  *No description*
-
-
-
-
-#### *static* dependabot(options?)🔹 <a id="projen-dependenciesupgrademechanism-dependabot"></a>
-
-Upgrade via dependabot.
-
-```ts
-static dependabot(options?: DependabotOptions): DependenciesUpgradeMechanism
-```
-
-* **options** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  *No description*
-  * **ignore** (<code>Array<[github.DependabotIgnore](#projen-github-dependabotignore)></code>)  You can use the `ignore` option to customize which dependencies are updated. __*Default*__: []
-  * **ignoreProjen** (<code>boolean</code>)  Ignores updates to `projen`. __*Default*__: true
-  * **labels** (<code>Array<string></code>)  List of labels to apply to the created PR's. __*Optional*__
-  * **registries** (<code>Map<string, [github.DependabotRegistry](#projen-github-dependabotregistry)></code>)  Map of package registries to use. __*Default*__: use public registries
-  * **scheduleInterval** (<code>[github.DependabotScheduleInterval](#projen-github-dependabotscheduleinterval)</code>)  How often to check for new versions and raise pull requests. __*Default*__: ScheduleInterval.DAILY
-  * **versioningStrategy** (<code>[github.VersioningStrategy](#projen-github-versioningstrategy)</code>)  The strategy to use when edits manifest and lock files. __*Default*__: VersioningStrategy.LOCKFILE_ONLY The default is to only update the lock file because package.json is controlled by projen and any outside updates will fail the build.
-
-__Returns__:
-* <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>
-
-#### *static* githubWorkflow(options?)🔹 <a id="projen-dependenciesupgrademechanism-githubworkflow"></a>
-
-Upgrade via a custom github workflow.
-
-```ts
-static githubWorkflow(options?: UpgradeDependenciesOptions): DependenciesUpgradeMechanism
-```
-
-* **options** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  *No description*
-  * **exclude** (<code>Array<string></code>)  List of package names to exclude during the upgrade. __*Default*__: Nothing is excluded.
-  * **ignoreProjen** (<code>boolean</code>)  Whether or not to ignore projen upgrades. __*Default*__: true
-  * **include** (<code>Array<string></code>)  List of package names to include during the upgrade. __*Default*__: Everything is included.
-  * **pullRequestTitle** (<code>string</code>)  Title of the pull request to use (should be all lower-case). __*Default*__: "upgrade dependencies"
-  * **taskName** (<code>string</code>)  The name of the task that will be created. __*Default*__: "upgrade".
-  * **workflow** (<code>boolean</code>)  Include a github workflow for creating PR's that upgrades the required dependencies, either by manual dispatch, or by a schedule. __*Default*__: true for root projects, false for sub-projects.
-  * **workflowOptions** (<code>[UpgradeDependenciesWorkflowOptions](#projen-upgradedependenciesworkflowoptions)</code>)  Options for the github workflow. __*Default*__: default options.
-
-__Returns__:
-* <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>
-
-
-
 ## class DevEnvironmentDockerImage 🔹 <a id="projen-devenvironmentdockerimage"></a>
 
 Options for specifying the Docker image of the container.
@@ -2639,9 +2574,10 @@ new JsiiProject(options: JsiiProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -3386,9 +3322,10 @@ new NodeProject(options: NodeProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -4476,9 +4413,10 @@ new TypeScriptAppProject(options: TypeScriptProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -4611,9 +4549,10 @@ new TypeScriptLibraryProject(options: TypeScriptProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -4746,9 +4685,10 @@ new TypeScriptProject(options: TypeScriptProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -4894,6 +4834,7 @@ new UpgradeDependencies(project: NodeProject, options?: UpgradeDependenciesOptio
   * **ignoreProjen** (<code>boolean</code>)  Whether or not to ignore projen upgrades. __*Default*__: true
   * **include** (<code>Array<string></code>)  List of package names to include during the upgrade. __*Default*__: Everything is included.
   * **pullRequestTitle** (<code>string</code>)  Title of the pull request to use (should be all lower-case). __*Default*__: "upgrade dependencies"
+  * **signoff** (<code>boolean</code>)  Add Signed-off-by line by the committer at the end of the commit log message. __*Default*__: true
   * **taskName** (<code>string</code>)  The name of the task that will be created. __*Default*__: "upgrade".
   * **workflow** (<code>boolean</code>)  Include a github workflow for creating PR's that upgrades the required dependencies, either by manual dispatch, or by a schedule. __*Default*__: true for root projects, false for sub-projects.
   * **workflowOptions** (<code>[UpgradeDependenciesWorkflowOptions](#projen-upgradedependenciesworkflowoptions)</code>)  Options for the github workflow. __*Default*__: default options.
@@ -4905,6 +4846,7 @@ new UpgradeDependencies(project: NodeProject, options?: UpgradeDependenciesOptio
 
 Name | Type | Description 
 -----|------|-------------
+**ignoresProjen**🔹 | <code>boolean</code> | Whether or not projen is also upgraded in this workflow,.
 **workflow**?🔹 | <code>[github.GithubWorkflow](#projen-github-githubworkflow)</code> | The workflow that executes the upgrade.<br/>__*Optional*__
 
 
@@ -5328,6 +5270,7 @@ new github.Dependabot(github: GitHub, options?: DependabotOptions)
 Name | Type | Description 
 -----|------|-------------
 **config**🔹 | <code>any</code> | The raw dependabot configuration.
+**ignoresProjen**🔹 | <code>boolean</code> | Whether or not projen is also upgraded in this config,.
 
 ### Methods
 
@@ -6846,7 +6789,7 @@ publishToGo(options?: GoPublishOptions): void
   * **githubRepo** (<code>string</code>)  GitHub repository to push to. __*Default*__: derived from `moduleName`
   * **githubTokenSecret** (<code>string</code>)  The name of the secret that includes a personal GitHub access token used to push to the GitHub repository. __*Default*__: "GO_GITHUB_TOKEN"
   * **gitUserEmail** (<code>string</code>)  The email to use in the release git commit. __*Default*__: "github-actions
-  * **gitUserName** (<code>string</code>)  The user name to use for the release git commit. __*Default*__: "GitHub Actions"
+  * **gitUserName** (<code>string</code>)  The user name to use for the release git commit. __*Default*__: "github-actions"
 
 
 
@@ -7723,9 +7666,10 @@ new web.NextJsProject(options: NextJsProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -7858,9 +7802,10 @@ new web.NextJsTypeScriptProject(options: NextJsTypeScriptProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -8065,9 +8010,10 @@ new web.ReactProject(options: ReactProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -8241,9 +8187,10 @@ new web.ReactTypeScriptProject(options: ReactTypeScriptProjectOptions)
   * **codeCovTokenSecret** (<code>string</code>)  Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories. __*Default*__: if this option is not specified, only public repositories are supported
   * **copyrightOwner** (<code>string</code>)  License copyright owner. __*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
   * **copyrightPeriod** (<code>string</code>)  The copyright years to put in the LICENSE file. __*Default*__: current year
-  * **dependabot** (<code>boolean</code>)  Include dependabot configuration. __*Default*__: false
+  * **dependabot** (<code>boolean</code>)  Use dependabot to handle dependency upgrades. __*Default*__: false
   * **dependabotOptions** (<code>[github.DependabotOptions](#projen-github-dependabotoptions)</code>)  Options for dependabot. __*Default*__: default options
-  * **depsUpgrade** (<code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code>)  How to handle dependency upgrades. __*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+  * **depsUpgrade** (<code>boolean</code>)  Use github workflows to handle dependency upgrades. __*Default*__: true
+  * **depsUpgradeOptions** (<code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code>)  Options for depsUpgrade. __*Default*__: default options
   * **gitignore** (<code>Array<string></code>)  Additional entries to .gitignore. __*Optional*__
   * **jest** (<code>boolean</code>)  Setup jest unit tests. __*Default*__: true
   * **jestOptions** (<code>[JestOptions](#projen-jestoptions)</code>)  Jest options. __*Default*__: default options
@@ -8376,10 +8323,11 @@ Name | Type | Description
 **constructsVersion**?🔹 | <code>string</code> | Minimum target version of constructs being tested against. If not provided, the default value depends on the configured `cdkVersion`:.<br/>__*Default*__: When the default behavior is used, the dependency on `constructs` will only be added as a `peerDependency`. Otherwise, a `devDependency` will also be added, set to the exact version configrued here.
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -8516,10 +8464,11 @@ Name | Type | Description
 **context**?🔹 | <code>Map<string, string></code> | Additional context to include in `cdk.json`.<br/>__*Optional*__
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -8667,10 +8616,11 @@ Name | Type | Description
 **constructsVersionPinning**?🔹 | <code>boolean</code> | Use pinned version instead of caret version for constructs.<br/>__*Default*__: false
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -8807,10 +8757,11 @@ Name | Type | Description
 **constructsVersion**?⚠️ | <code>string</code> | Minimum target version of constructs being tested against. If not provided, the default value depends on the configured `cdkVersion`:.<br/>__*Default*__: When the default behavior is used, the dependency on `constructs` will only be added as a `peerDependency`. Otherwise, a `devDependency` will also be added, set to the exact version configrued here.
 **copyrightOwner**?⚠️ | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?⚠️ | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
+**dependabot**?⚠️ | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
 **dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?⚠️ | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?⚠️ | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?⚠️ | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?⚠️ | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?⚠️ | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?⚠️ | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?⚠️ | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -8954,10 +8905,11 @@ Name | Type | Description
 **constructsVersionPinning**?🔹 | <code>boolean</code> | Use pinned version instead of caret version for constructs.<br/>__*Default*__: false
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -9096,10 +9048,11 @@ Name | Type | Description
 **compileBeforeTest**?🔹 | <code>boolean</code> | Compile the code before running tests.<br/>__*Default*__: if `testdir` is under `src/**`, the default is `true`, otherwise the default is `false.
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -9237,10 +9190,11 @@ Name | Type | Description
 **compileBeforeTest**?🔹 | <code>boolean</code> | Compile the code before running tests.<br/>__*Default*__: if `testdir` is under `src/**`, the default is `true`, otherwise the default is `false.
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -9980,7 +9934,7 @@ Name | Type | Description
 **gitBranch**?⚠️ | <code>string</code> | Branch to push to.<br/>__*Default*__: "main"
 **gitCommitMessage**?⚠️ | <code>string</code> | The commit message.<br/>__*Default*__: "chore(release): $VERSION"
 **gitUserEmail**?⚠️ | <code>string</code> | The email to use in the release git commit.<br/>__*Default*__: "github-actions
-**gitUserName**?⚠️ | <code>string</code> | The user name to use for the release git commit.<br/>__*Default*__: "GitHub Actions"
+**gitUserName**?⚠️ | <code>string</code> | The user name to use for the release git commit.<br/>__*Default*__: "github-actions"
 **githubRepo**?⚠️ | <code>string</code> | GitHub repository to push to.<br/>__*Default*__: derived from `moduleName`
 **githubTokenSecret**?⚠️ | <code>string</code> | The name of the secret that includes a personal GitHub access token used to push to the GitHub repository.<br/>__*Default*__: "GO_GITHUB_TOKEN"
 
@@ -10046,10 +10000,11 @@ Name | Type | Description
 **compileBeforeTest**?🔹 | <code>boolean</code> | Compile the code before running tests.<br/>__*Default*__: if `testdir` is under `src/**`, the default is `true`, otherwise the default is `false.
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -10325,10 +10280,11 @@ Name | Type | Description
 **codeCovTokenSecret**?🔹 | <code>string</code> | Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories.<br/>__*Default*__: if this option is not specified, only public repositories are supported
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -10671,10 +10627,11 @@ Name | Type | Description
 **compileBeforeTest**?⚠️ | <code>boolean</code> | Compile the code before running tests.<br/>__*Default*__: if `testdir` is under `src/**`, the default is `true`, otherwise the default is `false.
 **copyrightOwner**?⚠️ | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?⚠️ | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
+**dependabot**?⚠️ | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
 **dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?⚠️ | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?⚠️ | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?⚠️ | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?⚠️ | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?⚠️ | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?⚠️ | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?⚠️ | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -10798,10 +10755,11 @@ Name | Type | Description
 **compileBeforeTest**?🔹 | <code>boolean</code> | Compile the code before running tests.<br/>__*Default*__: if `testdir` is under `src/**`, the default is `true`, otherwise the default is `false.
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -10922,6 +10880,7 @@ Name | Type | Description
 **ignoreProjen**?🔹 | <code>boolean</code> | Whether or not to ignore projen upgrades.<br/>__*Default*__: true
 **include**?🔹 | <code>Array<string></code> | List of package names to include during the upgrade.<br/>__*Default*__: Everything is included.
 **pullRequestTitle**?🔹 | <code>string</code> | Title of the pull request to use (should be all lower-case).<br/>__*Default*__: "upgrade dependencies"
+**signoff**?🔹 | <code>boolean</code> | Add Signed-off-by line by the committer at the end of the commit log message.<br/>__*Default*__: true
 **taskName**?🔹 | <code>string</code> | The name of the task that will be created.<br/>__*Default*__: "upgrade".
 **workflow**?🔹 | <code>boolean</code> | Include a github workflow for creating PR's that upgrades the required dependencies, either by manual dispatch, or by a schedule.<br/>__*Default*__: true for root projects, false for sub-projects.
 **workflowOptions**?🔹 | <code>[UpgradeDependenciesWorkflowOptions](#projen-upgradedependenciesworkflowoptions)</code> | Options for the github workflow.<br/>__*Default*__: default options.
@@ -11854,7 +11813,7 @@ Name | Type | Description
 **gitBranch**?⚠️ | <code>string</code> | Branch to push to.<br/>__*Default*__: "main"
 **gitCommitMessage**?⚠️ | <code>string</code> | The commit message.<br/>__*Default*__: "chore(release): $VERSION"
 **gitUserEmail**?⚠️ | <code>string</code> | The email to use in the release git commit.<br/>__*Default*__: "github-actions
-**gitUserName**?⚠️ | <code>string</code> | The user name to use for the release git commit.<br/>__*Default*__: "GitHub Actions"
+**gitUserName**?⚠️ | <code>string</code> | The user name to use for the release git commit.<br/>__*Default*__: "github-actions"
 **githubRepo**?⚠️ | <code>string</code> | GitHub repository to push to.<br/>__*Default*__: derived from `moduleName`
 **githubTokenSecret**?⚠️ | <code>string</code> | The name of the secret that includes a personal GitHub access token used to push to the GitHub repository.<br/>__*Default*__: "GO_GITHUB_TOKEN"
 
@@ -12315,10 +12274,11 @@ Name | Type | Description
 **codeCovTokenSecret**?🔹 | <code>string</code> | Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories.<br/>__*Default*__: if this option is not specified, only public repositories are supported
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -12431,10 +12391,11 @@ Name | Type | Description
 **compileBeforeTest**?🔹 | <code>boolean</code> | Compile the code before running tests.<br/>__*Default*__: if `testdir` is under `src/**`, the default is `true`, otherwise the default is `false.
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -12587,10 +12548,11 @@ Name | Type | Description
 **codeCovTokenSecret**?🔹 | <code>string</code> | Define the secret name for a specified https://codecov.io/ token A secret is required to send coverage for private repositories.<br/>__*Default*__: if this option is not specified, only public repositories are supported
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
@@ -12731,10 +12693,11 @@ Name | Type | Description
 **compileBeforeTest**?🔹 | <code>boolean</code> | Compile the code before running tests.<br/>__*Default*__: if `testdir` is under `src/**`, the default is `true`, otherwise the default is `false.
 **copyrightOwner**?🔹 | <code>string</code> | License copyright owner.<br/>__*Default*__: defaults to the value of authorName or "" if `authorName` is undefined.
 **copyrightPeriod**?🔹 | <code>string</code> | The copyright years to put in the LICENSE file.<br/>__*Default*__: current year
-**dependabot**?⚠️ | <code>boolean</code> | Include dependabot configuration.<br/>__*Default*__: false
-**dependabotOptions**?⚠️ | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
+**dependabot**?🔹 | <code>boolean</code> | Use dependabot to handle dependency upgrades.<br/>__*Default*__: false
+**dependabotOptions**?🔹 | <code>[github.DependabotOptions](#projen-github-dependabotoptions)</code> | Options for dependabot.<br/>__*Default*__: default options
 **deps**?🔹 | <code>Array<string></code> | Runtime dependencies of this module.<br/>__*Default*__: []
-**depsUpgrade**?🔹 | <code>[DependenciesUpgradeMechanism](#projen-dependenciesupgrademechanism)</code> | How to handle dependency upgrades.<br/>__*Default*__: DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+**depsUpgrade**?🔹 | <code>boolean</code> | Use github workflows to handle dependency upgrades.<br/>__*Default*__: true
+**depsUpgradeOptions**?🔹 | <code>[UpgradeDependenciesOptions](#projen-upgradedependenciesoptions)</code> | Options for depsUpgrade.<br/>__*Default*__: default options
 **description**?🔹 | <code>string</code> | The description is just a string that helps people understand the purpose of the package.<br/>__*Optional*__
 **devContainer**?🔹 | <code>boolean</code> | Add a VSCode development environment (used for GitHub Codespaces).<br/>__*Default*__: false
 **devDeps**?🔹 | <code>Array<string></code> | Build dependencies for this module.<br/>__*Default*__: []
diff --git a/src/__tests__/__snapshots__/integ.test.ts.snap b/src/__tests__/__snapshots__/integ.test.ts.snap
index c27f62cdc44..9497fe9abcd 100644
--- a/src/__tests__/__snapshots__/integ.test.ts.snap
+++ b/src/__tests__/__snapshots__/integ.test.ts.snap
@@ -277,7 +277,7 @@ jobs:
           repository: \${{ github.event.pull_request.head.repo.full_name }}
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
@@ -334,7 +334,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
@@ -495,6 +495,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
         with:
@@ -529,6 +533,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -569,8 +577,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
@@ -2065,6 +2074,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
         with:
@@ -2098,6 +2111,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -2138,8 +2155,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
 ",
   ".gitignore": "# ~~ Generated by projen. To modify, edit .projenrc.js and run \\"npx projen\\".
 !/.gitattributes
@@ -3487,6 +3505,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
         with:
@@ -3518,6 +3540,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -3558,8 +3584,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
 ",
   ".gitignore": "# ~~ Generated by projen. To modify, edit .projenrc.js and run \\"npx projen\\".
 !/.gitattributes
@@ -4613,7 +4640,7 @@ jobs:
           repository: \${{ github.event.pull_request.head.repo.full_name }}
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Setup pnpm
         uses: pnpm/action-setup@v2.0.1
@@ -4668,7 +4695,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Setup pnpm
         uses: pnpm/action-setup@v2.0.1
@@ -4763,6 +4790,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Setup pnpm
         uses: pnpm/action-setup@v2.0.1
         with:
@@ -4795,6 +4826,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -4835,8 +4870,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
diff --git a/src/__tests__/__snapshots__/inventory.test.ts.snap b/src/__tests__/__snapshots__/inventory.test.ts.snap
index d3b6cf46852..ad448a896fc 100644
--- a/src/__tests__/__snapshots__/inventory.test.ts.snap
+++ b/src/__tests__/__snapshots__/inventory.test.ts.snap
@@ -355,8 +355,7 @@ Array [
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -369,7 +368,6 @@ Array [
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -397,11 +395,9 @@ Array [
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -409,7 +405,22 @@ Array [
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -2059,8 +2070,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -2073,7 +2083,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -2101,11 +2110,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -2113,7 +2120,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -3833,8 +3855,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -3847,7 +3868,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -3875,11 +3895,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -3887,7 +3905,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -5509,8 +5542,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -5523,7 +5555,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -5551,11 +5582,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -5563,7 +5592,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -7244,8 +7288,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -7258,7 +7301,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -7286,11 +7328,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -7298,7 +7338,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -9450,8 +9505,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -9464,7 +9518,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -9492,11 +9545,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -9504,7 +9555,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -11108,8 +11174,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -11122,7 +11187,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -11150,11 +11214,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -11162,7 +11224,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -12495,8 +12572,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -12509,7 +12585,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -12537,11 +12612,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -12549,7 +12622,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -14029,8 +14117,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -14043,7 +14130,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -14071,11 +14157,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -14083,7 +14167,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -16002,8 +16101,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -16016,7 +16114,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -16044,11 +16141,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -16056,7 +16151,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -17376,8 +17486,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -17390,7 +17499,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -17418,11 +17526,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -17430,7 +17536,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -18923,8 +19044,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -18937,7 +19057,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -18965,11 +19084,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -18977,7 +19094,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
@@ -20457,8 +20589,7 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "false",
-        "deprecated": true,
-        "docs": "Include dependabot configuration.",
+        "docs": "Use dependabot to handle dependency upgrades.",
         "featured": false,
         "name": "dependabot",
         "optional": true,
@@ -20471,7 +20602,6 @@ added, set to the exact version configrued here.",
       },
       Object {
         "default": "- default options",
-        "deprecated": true,
         "docs": "Options for dependabot.",
         "featured": false,
         "fqn": "projen.github.DependabotOptions",
@@ -20499,11 +20629,9 @@ added, set to the exact version configrued here.",
         "type": "unknown",
       },
       Object {
-        "default": "- DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions",
-        "docs": "How to handle dependency upgrades.",
+        "default": "true",
+        "docs": "Use github workflows to handle dependency upgrades.",
         "featured": false,
-        "fqn": "projen.DependenciesUpgradeMechanism",
-        "kind": "class",
         "name": "depsUpgrade",
         "optional": true,
         "parent": "NodeProjectOptions",
@@ -20511,7 +20639,22 @@ added, set to the exact version configrued here.",
           "depsUpgrade",
         ],
         "switch": "deps-upgrade",
-        "type": "DependenciesUpgradeMechanism",
+        "type": "boolean",
+      },
+      Object {
+        "default": "- default options",
+        "docs": "Options for depsUpgrade.",
+        "featured": false,
+        "fqn": "projen.UpgradeDependenciesOptions",
+        "kind": "interface",
+        "name": "depsUpgradeOptions",
+        "optional": true,
+        "parent": "NodeProjectOptions",
+        "path": Array [
+          "depsUpgradeOptions",
+        ],
+        "switch": "deps-upgrade-options",
+        "type": "UpgradeDependenciesOptions",
       },
       Object {
         "docs": "The description is just a string that helps people understand the purpose of the package.",
diff --git a/src/__tests__/__snapshots__/jsii.test.ts.snap b/src/__tests__/__snapshots__/jsii.test.ts.snap
index 5ffcc61402f..3e2559f62a4 100644
--- a/src/__tests__/__snapshots__/jsii.test.ts.snap
+++ b/src/__tests__/__snapshots__/jsii.test.ts.snap
@@ -25,7 +25,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
@@ -139,7 +139,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
@@ -217,7 +217,7 @@ jobs:
       - name: Release
         run: npx -p jsii-release@latest jsii-release-golang
         env:
-          GIT_USER_NAME: GitHub Actions
+          GIT_USER_NAME: github-actions
           GIT_USER_EMAIL: github-actions@github.com
           GITHUB_TOKEN: \${{ secrets.GO_GITHUB_TOKEN }}
     container:
diff --git a/src/__tests__/__snapshots__/node-project.test.ts.snap b/src/__tests__/__snapshots__/node-project.test.ts.snap
index 3e79ad33ee0..a247512ce20 100644
--- a/src/__tests__/__snapshots__/node-project.test.ts.snap
+++ b/src/__tests__/__snapshots__/node-project.test.ts.snap
@@ -1,5 +1,78 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
+exports[`deps upgrade commit can be signed 1`] = `
+Object {
+  "name": "Create Pull Request",
+  "needs": "upgrade",
+  "permissions": Object {
+    "checks": "write",
+    "contents": "write",
+    "pull-requests": "write",
+  },
+  "runs-on": "ubuntu-latest",
+  "steps": Array [
+    Object {
+      "name": "Checkout",
+      "uses": "actions/checkout@v2",
+    },
+    Object {
+      "name": "Set git identity",
+      "run": "git config user.name \\"github-actions\\"
+git config user.email \\"github-actions@github.com\\"",
+    },
+    Object {
+      "name": "Download patch",
+      "uses": "actions/download-artifact@v2",
+      "with": Object {
+        "name": ".upgrade.tmp.patch",
+        "path": "\${{ runner.temp }}",
+      },
+    },
+    Object {
+      "name": "Apply patch",
+      "run": "[ -s \${{ runner.temp }}/.upgrade.tmp.patch ] && git apply \${{ runner.temp }}/.upgrade.tmp.patch || echo \\"Empty patch. Skipping.\\"",
+    },
+    Object {
+      "id": "create-pr",
+      "name": "Create Pull Request",
+      "uses": "peter-evans/create-pull-request@v3",
+      "with": Object {
+        "author": "github-actions <github-actions@github.com>",
+        "body": "Upgrades project dependencies. See details in [workflow run].
+
+[Workflow Run]: https://github.com/\${{ github.repository }}/actions/runs/\${{ github.run_id }}
+
+------
+
+*Automatically created by projen via the \\"upgrade\\" workflow*",
+        "branch": "github-actions/upgrade",
+        "commit-message": "chore(deps): upgrade dependencies
+
+Upgrades project dependencies. See details in [workflow run].
+
+[Workflow Run]: https://github.com/\${{ github.repository }}/actions/runs/\${{ github.run_id }}
+
+------
+
+*Automatically created by projen via the \\"upgrade\\" workflow*",
+        "committer": "github-actions <github-actions@github.com>",
+        "signoff": true,
+        "title": "chore(deps): upgrade dependencies",
+        "token": "\${{ secrets.GITHUB_TOKEN }}",
+      },
+    },
+    Object {
+      "env": Object {
+        "GITHUB_TOKEN": "\${{ secrets.GITHUB_TOKEN }}",
+      },
+      "if": "steps.create-pr.outputs.pull-request-url != ''",
+      "name": "Update status check",
+      "run": "curl -i --fail -X POST -H \\"Accept: application/vnd.github.v3+json\\" -H \\"Authorization: token \${GITHUB_TOKEN}\\" https://api.github.com/repos/\${{ github.repository }}/check-runs -d '{\\"name\\":\\"build\\",\\"head_sha\\":\\"github-actions/upgrade\\",\\"status\\":\\"completed\\",\\"conclusion\\":\\"\${{ needs.upgrade.outputs.conclusion }}\\",\\"output\\":{\\"title\\":\\"Created via the upgrade workflow.\\",\\"summary\\":\\"Action run URL: https://github.com/\${{ github.repository }}/actions/runs/\${{ github.run_id }}\\"}}'",
+    },
+  ],
+}
+`;
+
 exports[`enable anti-tamper 1`] = `
 Array [
   Object {
@@ -8,7 +81,7 @@ Array [
   },
   Object {
     "name": "Set git identity",
-    "run": "git config user.name \\"Automation\\"
+    "run": "git config user.name \\"github-actions\\"
 git config user.email \\"github-actions@github.com\\"",
   },
   Object {
@@ -68,7 +141,7 @@ Array [
   },
   Object {
     "name": "Set git identity",
-    "run": "git config user.name \\"Automation\\"
+    "run": "git config user.name \\"github-actions\\"
 git config user.email \\"github-actions@github.com\\"",
   },
   Object {
diff --git a/src/__tests__/__snapshots__/upgrade-dependencies.test.ts.snap b/src/__tests__/__snapshots__/upgrade-dependencies.test.ts.snap
index 3958eb9ee3b..62e0c3e71b4 100644
--- a/src/__tests__/__snapshots__/upgrade-dependencies.test.ts.snap
+++ b/src/__tests__/__snapshots__/upgrade-dependencies.test.ts.snap
@@ -19,6 +19,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
       - name: Upgrade dependencies
@@ -47,6 +51,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -59,7 +67,7 @@ jobs:
         id: create-pr
         uses: peter-evans/create-pull-request@v3
         with:
-          token: \${{ secrets.GITHUB_TOKEN }}
+          token: \${{ secrets.PROJEN_SECRET }}
           commit-message: >-
             chore(deps): upgrade dependencies
 
@@ -87,8 +95,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
@@ -123,6 +132,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
       - name: Upgrade dependencies
@@ -151,6 +164,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -191,8 +208,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
diff --git a/src/__tests__/github/__snapshots__/task-workflow.test.ts.snap b/src/__tests__/github/__snapshots__/task-workflow.test.ts.snap
index a485ea411b7..a49e981d7ec 100644
--- a/src/__tests__/github/__snapshots__/task-workflow.test.ts.snap
+++ b/src/__tests__/github/__snapshots__/task-workflow.test.ts.snap
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v2
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: gh-workflow-test
         run: projen gh-workflow-test
@@ -37,7 +37,7 @@ jobs:
         uses: actions/checkout@v2
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: gh-workflow-test
         run: projen gh-workflow-test
diff --git a/src/__tests__/node-project.test.ts b/src/__tests__/node-project.test.ts
index 53dd34ffd58..ddd66a9fd48 100644
--- a/src/__tests__/node-project.test.ts
+++ b/src/__tests__/node-project.test.ts
@@ -4,7 +4,6 @@ import { DependencyType } from '../deps';
 import { JobPermission } from '../github/workflows-model';
 import * as logging from '../logging';
 import { NodePackage, NodePackageManager, NpmAccess } from '../node-package';
-import { DependenciesUpgradeMechanism } from '../node-project';
 import { Project } from '../project';
 import { Tasks } from '../tasks';
 import { mkdtemp, synthSnapshot, TestProject } from './util';
@@ -202,7 +201,18 @@ describe('deps upgrade', () => {
     });
 
     const snapshot = yaml.parse(synthSnapshot(project)['.github/workflows/upgrade.yml']);
-    expect(snapshot.jobs.pr.steps[3].with.labels).toStrictEqual(project.autoApprove?.label);
+    expect(snapshot.jobs.pr.steps[4].with.labels).toStrictEqual(project.autoApprove?.label);
+  });
+
+  test('commit can be signed', () => {
+    const project = new TestNodeProject({
+      depsUpgradeOptions: {
+        signoff: true,
+      },
+    });
+
+    const snapshot = yaml.parse(synthSnapshot(project)['.github/workflows/upgrade.yml']);
+    expect(snapshot.jobs.pr).toMatchSnapshot();
   });
 
   test('dependabot can be auto approved', () => {
@@ -239,7 +249,7 @@ describe('deps upgrade', () => {
 
   test('dependabot - with projen secret', () => {
     const project = new TestNodeProject({
-      depsUpgrade: DependenciesUpgradeMechanism.dependabot(),
+      dependabot: true,
       projenUpgradeSecret: 'PROJEN_GITHUB_TOKEN',
     });
     const snapshot = synthSnapshot(project);
@@ -249,7 +259,7 @@ describe('deps upgrade', () => {
 
   test('dependabot - no projen secret', () => {
     const project = new TestNodeProject({
-      depsUpgrade: DependenciesUpgradeMechanism.dependabot(),
+      dependabot: true,
     });
     const snapshot = synthSnapshot(project);
     expect(snapshot['.github/dependabot.yml']).toBeDefined();
@@ -258,29 +268,52 @@ describe('deps upgrade', () => {
 
   test('github actions - with projen secret', () => {
     const project = new TestNodeProject({
-      depsUpgrade: DependenciesUpgradeMechanism.githubWorkflow(),
       projenUpgradeSecret: 'PROJEN_GITHUB_TOKEN',
     });
     const snapshot = synthSnapshot(project);
     expect(snapshot['.github/workflows/upgrade.yml']).toBeDefined();
-    expect(snapshot['.github/workflows/upgrade-projen.yml']).toBeDefined();
+    expect(snapshot['.github/workflows/upgrade-projen.yml']).toBeUndefined();
   });
 
   test('github actions - no projen secret', () => {
-    const project = new TestNodeProject({
-      depsUpgrade: DependenciesUpgradeMechanism.githubWorkflow(),
-    });
+    const project = new TestNodeProject({});
     const snapshot = synthSnapshot(project);
     expect(snapshot['.github/workflows/upgrade.yml']).toBeDefined();
+
+    // note that in this case only the task is created, not the workflow
+    const upgradeProjen = snapshot['.projen/tasks.json'].tasks['upgrade-projen'];
+    expect(upgradeProjen).toBeDefined();
     expect(snapshot['.github/workflows/upgrade-projen.yml']).toBeUndefined();
   });
 
-  test('throws when depracated dependabot is configued with dependenciesUpgrade', () => {
+  test('throws when dependabot is configued with depsUpgrade', () => {
     expect(() => {
-      new TestNodeProject({ dependabot: true, depsUpgrade: DependenciesUpgradeMechanism.githubWorkflow() });
+      new TestNodeProject({ dependabot: true, depsUpgrade: true });
     }).toThrow("'dependabot' cannot be configured together with 'depsUpgrade'");
   });
 
+  test('can specity nested config withtout loosing default values', () => {
+
+    const project = new TestNodeProject({
+      autoApproveUpgrades: true,
+      autoApproveOptions: {
+        label: 'auto-approve',
+        secret: 'GITHUB_TOKEN',
+      },
+      depsUpgradeOptions: {
+        workflowOptions: {
+          secret: 'PROJEN_SECRET',
+        },
+      },
+    });
+    const snapshot = synthSnapshot(project);
+    const upgrade = yaml.parse(snapshot['.github/workflows/upgrade.yml']);
+
+    // we expect the default auto-approve label to be applied
+    expect(upgrade.jobs.pr.steps[4].with.labels).toEqual('auto-approve');
+
+  });
+
 });
 
 describe('npm publishing options', () => {
diff --git a/src/__tests__/release/__snapshots__/release.test.ts.snap b/src/__tests__/release/__snapshots__/release.test.ts.snap
index 72f8ac829c8..6a09526f298 100644
--- a/src/__tests__/release/__snapshots__/release.test.ts.snap
+++ b/src/__tests__/release/__snapshots__/release.test.ts.snap
@@ -37,7 +37,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:10.x
         run: projen release:10.x
@@ -99,7 +99,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:2.x
         run: projen release:2.x
@@ -161,7 +161,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -412,7 +412,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:foo
         run: projen release:foo
@@ -499,7 +499,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -751,7 +751,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -878,7 +878,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -1101,7 +1101,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -1257,7 +1257,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -1444,7 +1444,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -1618,7 +1618,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -1671,7 +1671,7 @@ jobs:
       - name: Release
         run: npx -p jsii-release@latest jsii-release-golang
         env:
-          GIT_USER_NAME: GitHub Actions
+          GIT_USER_NAME: github-actions
           GIT_USER_EMAIL: github-actions@github.com
           GITHUB_TOKEN: \${{ secrets.GO_GITHUB_TOKEN }}
     container:
@@ -1801,7 +1801,7 @@ Object {
       "description": "Publish this package to GitHub",
       "env": Object {
         "GIT_USER_EMAIL": "github-actions@github.com",
-        "GIT_USER_NAME": "GitHub Actions",
+        "GIT_USER_NAME": "github-actions",
       },
       "name": "publish:golang",
       "requiredEnv": Array [
@@ -1945,7 +1945,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:firefox
         run: projen release:firefox
@@ -2007,7 +2007,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:safari
         run: projen release:safari
@@ -2235,7 +2235,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:3.x
         run: projen release:3.x
@@ -2297,7 +2297,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:next
         run: projen release:next
@@ -2359,7 +2359,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release
         run: projen release
@@ -2610,7 +2610,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:10.x
         run: projen release:10.x
@@ -2808,7 +2808,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: release:10.x
         run: projen release:10.x
diff --git a/src/__tests__/upgrade-dependencies.test.ts b/src/__tests__/upgrade-dependencies.test.ts
index c00bd7de65f..a2b56e404ff 100644
--- a/src/__tests__/upgrade-dependencies.test.ts
+++ b/src/__tests__/upgrade-dependencies.test.ts
@@ -1,5 +1,5 @@
 import { NodeProject, UpgradeDependenciesSchedule } from '..';
-import { DependenciesUpgradeMechanism, NodeProjectOptions } from '../node-project';
+import { NodeProjectOptions } from '../node-project';
 import { Tasks } from '../tasks';
 import { mkdtemp, synthSnapshot } from './util';
 
@@ -34,12 +34,12 @@ test('upgrades command doesnt include ignored packages', () => {
   const project = createProject({
     projenUpgradeSecret: 'PROJEN_SECRET',
     deps: ['dep1', 'dep2'],
-    depsUpgrade: DependenciesUpgradeMechanism.githubWorkflow({
+    depsUpgradeOptions: {
       exclude: ['dep2'],
-    }),
+    },
   });
 
-  const deps = 'jest jest-junit npm-check-updates standard-version dep1';
+  const deps = 'jest jest-junit npm-check-updates projen standard-version dep1';
 
   const tasks = synthSnapshot(project)[Tasks.MANIFEST_FILE].tasks;
   expect(tasks.upgrade.steps[2].exec).toStrictEqual(`yarn upgrade ${deps}`);
@@ -51,9 +51,9 @@ test('upgrades command includes only included packages', () => {
   const project = createProject({
     projenUpgradeSecret: 'PROJEN_SECRET',
     deps: ['dep1', 'dep2'],
-    depsUpgrade: DependenciesUpgradeMechanism.githubWorkflow({
+    depsUpgradeOptions: {
       include: ['dep1'],
-    }),
+    },
   });
 
   const deps = 'dep1';
@@ -78,11 +78,11 @@ test('custom options', () => {
 
   const project = createProject({
     projenUpgradeSecret: 'PROJEN_SECRET',
-    depsUpgrade: DependenciesUpgradeMechanism.githubWorkflow({
+    depsUpgradeOptions: {
       workflowOptions: {
         schedule: UpgradeDependenciesSchedule.MONTHLY,
       },
-    }),
+    },
   });
 
   const snapshot = synthSnapshot(project);
diff --git a/src/__tests__/web/__snapshots__/nextjs-project.test.ts.snap b/src/__tests__/web/__snapshots__/nextjs-project.test.ts.snap
index 419640afc09..c699a4a3996 100644
--- a/src/__tests__/web/__snapshots__/nextjs-project.test.ts.snap
+++ b/src/__tests__/web/__snapshots__/nextjs-project.test.ts.snap
@@ -45,7 +45,7 @@ jobs:
           repository: \${{ github.event.pull_request.head.repo.full_name }}
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
@@ -100,7 +100,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
@@ -195,6 +195,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
         with:
@@ -227,6 +231,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -267,8 +275,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
diff --git a/src/__tests__/web/__snapshots__/nextjs-ts-project.test.ts.snap b/src/__tests__/web/__snapshots__/nextjs-ts-project.test.ts.snap
index 9e7742e3661..be9955563d1 100644
--- a/src/__tests__/web/__snapshots__/nextjs-ts-project.test.ts.snap
+++ b/src/__tests__/web/__snapshots__/nextjs-ts-project.test.ts.snap
@@ -45,7 +45,7 @@ jobs:
           repository: \${{ github.event.pull_request.head.repo.full_name }}
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
@@ -127,6 +127,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Setup Node.js
         uses: actions/setup-node@v2.2.0
         with:
@@ -159,6 +163,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -199,8 +207,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
diff --git a/src/__tests__/web/__snapshots__/react-project.test.ts.snap b/src/__tests__/web/__snapshots__/react-project.test.ts.snap
index c01449d3ef3..b6e7d243ad3 100644
--- a/src/__tests__/web/__snapshots__/react-project.test.ts.snap
+++ b/src/__tests__/web/__snapshots__/react-project.test.ts.snap
@@ -43,7 +43,7 @@ jobs:
           repository: \${{ github.event.pull_request.head.repo.full_name }}
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
@@ -94,7 +94,7 @@ jobs:
           fetch-depth: 0
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
@@ -185,6 +185,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
       - name: Upgrade dependencies
@@ -213,6 +217,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -253,8 +261,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
diff --git a/src/__tests__/web/__snapshots__/react-ts-project.test.ts.snap b/src/__tests__/web/__snapshots__/react-ts-project.test.ts.snap
index 8b61bc2e88b..eafe0cc7fce 100644
--- a/src/__tests__/web/__snapshots__/react-ts-project.test.ts.snap
+++ b/src/__tests__/web/__snapshots__/react-ts-project.test.ts.snap
@@ -44,7 +44,7 @@ jobs:
           repository: \${{ github.event.pull_request.head.repo.full_name }}
       - name: Set git identity
         run: |-
-          git config user.name \\"Automation\\"
+          git config user.name \\"github-actions\\"
           git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
@@ -122,6 +122,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Install dependencies
         run: yarn install --check-files --frozen-lockfile
       - name: Upgrade dependencies
@@ -150,6 +154,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set git identity
+        run: |-
+          git config user.name \\"github-actions\\"
+          git config user.email \\"github-actions@github.com\\"
       - name: Download patch
         uses: actions/download-artifact@v2
         with:
@@ -190,8 +198,9 @@ jobs:
 
 
             *Automatically created by projen via the \\"upgrade\\" workflow*
-          author: Automation <github-actions@github.com>
-          committer: Automation <github-actions@github.com>
+          author: github-actions <github-actions@github.com>
+          committer: github-actions <github-actions@github.com>
+          signoff: true
       - name: Update status check
         if: steps.create-pr.outputs.pull-request-url != ''
         run: \\"curl -i --fail -X POST -H \\\\\\"Accept: application/vnd.github.v3+json\\\\\\" -H
diff --git a/src/github/constants.ts b/src/github/constants.ts
new file mode 100644
index 00000000000..fdd18d4af2d
--- /dev/null
+++ b/src/github/constants.ts
@@ -0,0 +1,22 @@
+import * as workflow from './workflows-model';
+
+/**
+ * Represents the github-actions user.
+ *
+ * Use this when you need to perform a commit as part of your workflow.
+ */
+export const GITHUB_ACTIONS_USER = {
+  name: 'github-actions',
+  email: 'github-actions@github.com',
+};
+
+/**
+ * Workflow flow to configure git with the github actions identity.
+ */
+export const SET_GIT_IDENTITY_WORKFLOW_STEP: workflow.JobStep = {
+  name: 'Set git identity',
+  run: [
+    `git config user.name "${GITHUB_ACTIONS_USER.name}"`,
+    `git config user.email "${GITHUB_ACTIONS_USER.email}"`,
+  ].join('\n'),
+};
diff --git a/src/github/dependabot.ts b/src/github/dependabot.ts
index 4f39551f449..e691d12122c 100644
--- a/src/github/dependabot.ts
+++ b/src/github/dependabot.ts
@@ -265,6 +265,11 @@ export class Dependabot extends Component {
    */
   public readonly config: any;
 
+  /**
+   * Whether or not projen is also upgraded in this config,
+   */
+  public readonly ignoresProjen: boolean;
+
   private readonly ignore: any[];
 
   constructor(github: GitHub, options: DependabotOptions = {}) {
@@ -273,6 +278,7 @@ export class Dependabot extends Component {
     const project = github.project;
 
     this.ignore = [];
+    this.ignoresProjen = options.ignoreProjen ?? true;
 
     const registries = options.registries ? kebabCaseKeys(options.registries) : undefined;
 
@@ -303,7 +309,7 @@ export class Dependabot extends Component {
       this.addIgnore(i.dependencyName, ...(i.versions ?? []));
     }
 
-    if (options.ignoreProjen ?? true) {
+    if (this.ignoresProjen) {
       this.addIgnore('projen');
     }
   }
diff --git a/src/github/task-workflow.ts b/src/github/task-workflow.ts
index 073777cce12..3b9ef4f88ee 100644
--- a/src/github/task-workflow.ts
+++ b/src/github/task-workflow.ts
@@ -1,4 +1,5 @@
 import { Task } from '../tasks';
+import { SET_GIT_IDENTITY_WORKFLOW_STEP } from './constants';
 import { GitHub } from './github';
 import { GithubWorkflow } from './workflows';
 import { ContainerOptions, Job, JobPermissions, JobStep, JobStepOutput, Triggers } from './workflows-model';
@@ -158,13 +159,7 @@ export class TaskWorkflow extends GithubWorkflow {
         },
 
         // sets git identity so we can push later
-        {
-          name: 'Set git identity',
-          run: [
-            'git config user.name "Automation"',
-            'git config user.email "github-actions@github.com"',
-          ].join('\n'),
-        },
+        SET_GIT_IDENTITY_WORKFLOW_STEP,
 
         ...preBuildSteps,
 
diff --git a/src/node-project.ts b/src/node-project.ts
index 77f1802386c..8f93e43e384 100644
--- a/src/node-project.ts
+++ b/src/node-project.ts
@@ -11,6 +11,7 @@ import { GitHubProject, GitHubProjectOptions } from './project';
 import { Release, ReleaseProjectOptions, Publisher } from './release';
 import { Task } from './tasks';
 import { UpgradeDependencies, UpgradeDependenciesOptions, UpgradeDependenciesSchedule } from './upgrade-dependencies';
+import { deepMerge } from './util';
 import { Version } from './version';
 
 const PROJEN_SCRIPT = 'projen';
@@ -121,9 +122,9 @@ export interface NodeProjectOptions extends GitHubProjectOptions, NodePackageOpt
   readonly workflowNodeVersion?: string;
 
   /**
-   * Include dependabot configuration.
+   * Use dependabot to handle dependency upgrades.
+   * Cannot be used in conjunction with `depsUpgrade`.
    *
-   * @deprecated - use `depsUpgrade: DependenciesUpgradeMechanism.dependabot()`
    * @default false
    */
   readonly dependabot?: boolean;
@@ -131,17 +132,24 @@ export interface NodeProjectOptions extends GitHubProjectOptions, NodePackageOpt
   /**
    * Options for dependabot.
    *
-   * @deprecated - use `depsUpgrade: DependenciesUpgradeMechanism.dependabot()`
    * @default - default options
    */
   readonly dependabotOptions?: DependabotOptions;
 
   /**
-   * How to handle dependency upgrades.
+   * Use github workflows to handle dependency upgrades.
+   * Cannot be used in conjunction with `dependabot`.
    *
-   * @default - DependenciesUpgradeMechanism.dependabot if dependabot is true, otherwise a DependenciesUpgradeMechanism.githubWorkflow configured from other passed-in NodeProjectOptions
+   * @default true
+   */
+  readonly depsUpgrade?: boolean;
+
+  /**
+   * Options for depsUpgrade.
+   *
+   * @default - default options
    */
-  readonly depsUpgrade?: DependenciesUpgradeMechanism;
+  readonly depsUpgradeOptions?: UpgradeDependenciesOptions;
 
   /**
    * Options for mergify
@@ -693,7 +701,10 @@ export class NodeProject extends GitHubProject {
       });
     }
 
-    if (options.dependabot !== undefined && options.depsUpgrade) {
+    const dependabot = options.dependabot ?? false;
+    const depsUpgrade = options.depsUpgrade ?? !dependabot;
+
+    if (dependabot && depsUpgrade) {
       throw new Error("'dependabot' cannot be configured together with 'depsUpgrade'");
     }
 
@@ -714,9 +725,17 @@ export class NodeProject extends GitHubProject {
 
     const autoApproveLabel = (condition: boolean) => (condition && this.autoApprove?.label) ? [this.autoApprove.label] : undefined;
 
-    const defaultDependenciesUpgrade = (options.dependabot ?? false)
-      ? DependenciesUpgradeMechanism.dependabot({ labels: autoApproveLabel(depsAutoApprove) })
-      : DependenciesUpgradeMechanism.githubWorkflow({
+    let ignoresProjen;
+    if (dependabot) {
+      const defaultOptions = {
+        labels: autoApproveLabel(depsAutoApprove),
+      };
+      const dependabotConf = this.github?.addDependabot(deepMerge([defaultOptions, options.dependabotOptions ?? {}]));
+      ignoresProjen = dependabotConf?.ignoresProjen;
+    }
+
+    if (depsUpgrade) {
+      const defaultOptions = {
         // if projen secret is defined we can also upgrade projen here.
         ignoreProjen: !options.projenUpgradeSecret,
         workflowOptions: {
@@ -727,12 +746,13 @@ export class NodeProject extends GitHubProject {
           } : undefined,
           labels: autoApproveLabel(depsAutoApprove),
         },
-      });
-
-    const dependenciesUpgrade = options.depsUpgrade ?? defaultDependenciesUpgrade;
-    dependenciesUpgrade.bind(this);
+      };
+      const upgradeDependencies = new UpgradeDependencies(this, deepMerge([defaultOptions, options.depsUpgradeOptions ?? {}]));
+      ignoresProjen = upgradeDependencies.ignoresProjen;
+    }
 
-    if (dependenciesUpgrade.ignoresProjen && this.package.packageName !== 'projen') {
+    // create a dedicated workflow to upgrade projen itself if needed
+    if (ignoresProjen && this.package.packageName !== 'projen') {
 
       new UpgradeDependencies(this, {
         include: ['projen'],
@@ -1009,46 +1029,3 @@ export interface NodeWorkflowSteps {
   readonly antitamper: any[];
   readonly install: any[];
 }
-
-/**
- * Dependencies upgrade mechanism.
- */
-export class DependenciesUpgradeMechanism {
-
-  /**
-   * Disable.
-   */
-  public static readonly NONE = new DependenciesUpgradeMechanism((_: NodeProject) => ({}), true);
-
-  /**
-   * Upgrade via dependabot.
-   */
-  public static dependabot(options: DependabotOptions = {}) {
-    return new DependenciesUpgradeMechanism((project: NodeProject) => {
-      project.github?.addDependabot(options);
-    }, options.ignoreProjen);
-  }
-
-  /**
-   * Upgrade via a custom github workflow.
-   */
-  public static githubWorkflow(options: UpgradeDependenciesOptions = {}) {
-    return new DependenciesUpgradeMechanism((project: NodeProject) => {
-      new UpgradeDependencies(project, options);
-    }, options.ignoreProjen);
-  }
-
-  private constructor(
-    private readonly binder: (project: NodeProject) => void,
-    private readonly _ignoresProjen?: boolean) {}
-
-  public get ignoresProjen(): boolean {
-    // we ignore projen by default because it requires 'workflow' permissions to run.
-    // nor depenedabot nor the default github token has those permissions.
-    return this._ignoresProjen ?? true;
-  }
-
-  public bind(project: NodeProject) {
-    this.binder(project);
-  }
-}
diff --git a/src/release/publisher.ts b/src/release/publisher.ts
index 7183975a14c..c8216aa585c 100644
--- a/src/release/publisher.ts
+++ b/src/release/publisher.ts
@@ -1,5 +1,6 @@
 import { Component } from '../component';
 import { workflows } from '../github';
+import { GITHUB_ACTIONS_USER } from '../github/constants';
 import { JobPermission, JobPermissions } from '../github/workflows-model';
 import { defaultNpmToken } from '../node-package';
 import { Project } from '../project';
@@ -254,8 +255,8 @@ export class Publisher extends Component {
       env: {
         GITHUB_REPO: options.githubRepo,
         GIT_BRANCH: options.gitBranch,
-        GIT_USER_NAME: options.gitUserName ?? 'GitHub Actions',
-        GIT_USER_EMAIL: options.gitUserEmail ?? 'github-actions@github.com',
+        GIT_USER_NAME: options.gitUserName ?? GITHUB_ACTIONS_USER.name,
+        GIT_USER_EMAIL: options.gitUserEmail ?? GITHUB_ACTIONS_USER.email,
         GIT_COMMIT_MESSAGE: options.gitCommitMessage,
       },
       workflowEnv: {
@@ -608,7 +609,7 @@ export interface GoPublishOptions {
 
   /**
    * The user name to use for the release git commit.
-   * @default "GitHub Actions"
+   * @default "github-actions"
    */
   readonly gitUserName?: string;
 
diff --git a/src/upgrade-dependencies.ts b/src/upgrade-dependencies.ts
index 2e387157bab..8451c02c0d1 100644
--- a/src/upgrade-dependencies.ts
+++ b/src/upgrade-dependencies.ts
@@ -1,5 +1,6 @@
 import { Component } from './component';
 import { GitHub, GithubWorkflow, workflows } from './github';
+import { GITHUB_ACTIONS_USER, SET_GIT_IDENTITY_WORKFLOW_STEP } from './github/constants';
 import { NodeProject } from './node-project';
 import { Task } from './tasks';
 
@@ -17,8 +18,6 @@ const REPO = context('github.repository');
 const RUN_ID = context('github.run_id');
 const RUN_URL = `https://github.com/${REPO}/actions/runs/${RUN_ID}`;
 const UBUNTU_LATEST = 'ubuntu-latest';
-const COMMIT_AUTHOR_NAME = 'Automation';
-const COMMIT_AUTHOR_EMAIL = 'github-actions@github.com';
 
 /**
  * Options for `UpgradeDependencies`.
@@ -79,6 +78,13 @@ export interface UpgradeDependenciesOptions {
    */
   readonly ignoreProjen?: boolean;
 
+  /**
+   * Add Signed-off-by line by the committer at the end of the commit log message.
+   *
+   * @default true
+   */
+  readonly signoff?: boolean;
+
 }
 
 /**
@@ -97,12 +103,18 @@ export class UpgradeDependencies extends Component {
 
   private readonly pullRequestTitle: string;
 
+  /**
+   * Whether or not projen is also upgraded in this workflow,
+   */
+  public readonly ignoresProjen: boolean;
+
   constructor(project: NodeProject, options: UpgradeDependenciesOptions = {}) {
     super(project);
 
     this._project = project;
     this.options = options;
     this.pullRequestTitle = options.pullRequestTitle ?? 'upgrade dependencies';
+    this.ignoresProjen = this.options.ignoreProjen ?? true;
 
     project.addDevDeps('npm-check-updates@^11');
 
@@ -123,7 +135,7 @@ export class UpgradeDependencies extends Component {
     });
 
     const exclude = this.options.exclude ?? [];
-    if (this.options.ignoreProjen ?? true) {
+    if (this.ignoresProjen) {
       exclude.push('projen');
     }
     const ncuCommand = ['npm-check-updates', '--upgrade', '--target=minor'];
@@ -189,6 +201,7 @@ export class UpgradeDependencies extends Component {
         name: 'Checkout',
         uses: 'actions/checkout@v2',
       },
+      SET_GIT_IDENTITY_WORKFLOW_STEP,
       ...this._project.installWorkflowSteps,
       {
         name: 'Upgrade dependencies',
@@ -258,11 +271,14 @@ export class UpgradeDependencies extends Component {
       `*Automatically created by projen via the "${workflow.name}" workflow*`,
     ].join('\n');
 
+    const comitter = `${GITHUB_ACTIONS_USER.name} <${GITHUB_ACTIONS_USER.email}>`;
+
     const steps: workflows.JobStep[] = [
       {
         name: 'Checkout',
         uses: 'actions/checkout@v2',
       },
+      SET_GIT_IDENTITY_WORKFLOW_STEP,
       {
         name: 'Download patch',
         uses: 'actions/download-artifact@v2',
@@ -285,8 +301,9 @@ export class UpgradeDependencies extends Component {
           'title': title,
           'labels': this.options.workflowOptions?.labels?.join(',') || undefined,
           'body': description,
-          'author': `${COMMIT_AUTHOR_NAME} <${COMMIT_AUTHOR_EMAIL}>`,
-          'committer': `${COMMIT_AUTHOR_NAME} <${COMMIT_AUTHOR_EMAIL}>`,
+          'author': comitter,
+          'committer': comitter,
+          'signoff': this.options.signoff ?? true,
         },
       },
     ];