diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000000..83970139fd5ee
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: '/'
+    schedule:
+      interval: daily
+    versioning-strategy: widen
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
new file mode 100644
index 0000000000000..95c4c24687fb0
--- /dev/null
+++ b/.github/workflows/automerge.yml
@@ -0,0 +1,14 @@
+name: Auto Merge Dependency Updates
+
+on:
+  - pull_request
+  - pull_request_review
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: tjenkinson/gh-action-auto-merge-dependency-updates@3ee8958
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          allowed-actors: dependabot[bot]
diff --git a/.github/workflows/update-package-lock.yaml b/.github/workflows/update-package-lock.yaml
deleted file mode 100644
index 24defcb1f93f6..0000000000000
--- a/.github/workflows/update-package-lock.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: Update package-lock.json
-
-on:
-    schedule:
-        # This is probably 6am UTC, which is 10pm PST or 11pm PDT
-        # Alternatively, 6am local is also fine
-        - cron: '0 6 * * *'
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-node@v1
-      with:
-        node-version: 12
-        registry-url: https://registry.npmjs.org/
-
-    - name: Configure git and update package-lock.json
-      run: |
-        git config user.email "typescriptbot@microsoft.com"
-        git config user.name "TypeScript Bot"
-        npm install --package-lock-only
-        git add -f package-lock.json
-        if git commit -m "Update package-lock.json"; then
-          git push
-        fi