diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..5f0889ce9
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/on_pull_request_push.yml b/.github/workflows/on_pull_request_push.yml
index f64248d2b..ee7404e38 100644
--- a/.github/workflows/on_pull_request_push.yml
+++ b/.github/workflows/on_pull_request_push.yml
@@ -55,3 +55,13 @@ jobs:
     secrets: inherit
     with:
       doc: true
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Checkout Repository'
+      uses: actions/checkout@v4
+    - name: Dependency Review
+      uses: actions/dependency-review-action@v4
+      with:
+        # Possible values: "critical", "high", "moderate", "low"
+        fail-on-severity: critical
diff --git a/package.json b/package.json
index 8b414c0fd..df468b876 100644
--- a/package.json
+++ b/package.json
@@ -11,6 +11,7 @@
     "node": "20",
     "pnpm": "^9.4"
   },
+  "packageManager": "pnpm@9.4.0",
   "private": true,
   "description": "Plugins required or recommended to use CKEditor 5 within CoreMedia Studio.",
   "keywords": [