diff --git a/.dependabot/config.yml b/.dependabot/config.yml
deleted file mode 100644
index 386bbf6..0000000
--- a/.dependabot/config.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-# Settings found in https://dependabot.com/docs/config-file/
-version: 1
-update_configs:
-  - package_manager: "go:modules"
-    directory: "/"
-    update_schedule: "weekly"
-    automerged_updates:
-      - match:
-          dependency_type: "all"
-          update_type: "semver:minor"
-    default_labels:
-      - dependencies
-      - automerge
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..45b708d
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: weekly
+    time: "10:00"
+    timezone: PST8PDT
+  pull-request-branch-name:
+    separator: "-"
+  open-pull-requests-limit: 10
+  labels:
+  - dependencies
+  - automerge
diff --git a/.github/workflows/go-auto-approve.yml b/.github/workflows/go-auto-approve.yml
index 2c312fb..91d8b0e 100644
--- a/.github/workflows/go-auto-approve.yml
+++ b/.github/workflows/go-auto-approve.yml
@@ -1,10 +1,10 @@
-name: auto approve and tidy
+name: auto approve and merge and tidy
 on:
   pull_request:
     paths:
-      - '.github/workflows/gosum.yml'
-      - 'go.mod'
-      - 'go.sum'
+      - ".github/workflows/gosum.yml"
+      - "go.mod"
+      - "go.sum"
 
 # job level conditions don't seem to work at the moment
 # https://github.community/t5/GitHub-Actions/Status-of-workflows-with-no-running-jobs/td-p/37160
@@ -25,7 +25,7 @@ jobs:
       - name: setup go
         uses: actions/setup-go@v1
         with:
-          go-version: '1.14'
+          go-version: "1.14"
       - name: Tidy
         run: |
           go version
@@ -56,4 +56,28 @@ jobs:
         uses: hmarr/auto-approve-action@v2.0.0
         if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
         with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
\ No newline at end of file
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+  merge:
+    name: auto-merge dependabot PRs
+    runs-on: ubuntu-latest
+    needs: [approve]
+    steps:
+      - name: "Wait for status checks"
+        id: waitforstatuschecks
+        uses: "WyriHaximus/github-action-wait-for-status@v1.0.0"
+        with:
+          ignoreActions: merge
+          checkInterval: 13
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+      - name: merge
+        uses: actions/github-script@0.2.0
+        if: (github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]') && steps.waitforstatuschecks.outputs.status == 'success'
+        with:
+          script: |
+            github.pullRequests.merge({
+              owner: context.payload.repository.owner.login,
+              repo: context.payload.repository.name,
+              pull_number: context.payload.pull_request.number
+            })
+          github-token: "${{ secrets.GITHUB_TOKEN }}"