diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..99769526
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,37 @@
+# Dependabot configuration.
+#
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5 # Set to 0 to (temporarily) disable.
+    versioning-strategy: widen
+    allow:
+      # Only allow updates to the dev dependencies as non-dev dependency
+      # updates will generally need code changes in this package.
+      - dependency-type: "development"
+    ignore:
+      # A new PHPUnit major will generally require a managed update,
+      # so do not allow automated PRs.
+      - dependency-name: "yoast/phpunit-polyfills"
+        update-types: ["version-update:semver-major"]
+    commit-message:
+      prefix: "Composer:"
+      include: "scope"
+    labels:
+      - "builds / deploys / releases"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "GH Actions:"
+    labels:
+      - "builds / deploys / releases"