diff --git a/.dependabot/config.yml b/.dependabot/config.yml
new file mode 100644
index 000000000..3c8f2499e
--- /dev/null
+++ b/.dependabot/config.yml
@@ -0,0 +1,32 @@
+version: 1
+update_configs:
+  - package_manager: "javascript"
+    directory: "/"
+    update_schedule: "live"
+    allowed_updates:
+      - match:
+          update_type: "security"
+    automerged_updates:
+      - match:
+          dependency_type: "all"
+          update_type: "security:patch"
+  - package_manager: "javascript"
+    directory: "/sandbox"
+    update_schedule: "live"
+    allowed_updates:
+      - match:
+          update_type: "security"
+    automerged_updates:
+      - match:
+          dependency_type: "all"
+          update_type: "security:patch"
+  - package_manager: "python"
+    directory: "/"
+    update_schedule: "live"
+    allowed_updates:
+      - match:
+          update_type: "security"
+    automerged_updates:
+      - match:
+          dependency_type: "all"
+          update_type: "security:patch"
diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml
index f59c85394..811a2691a 100644
--- a/.github/workflows/pr-lint.yaml
+++ b/.github/workflows/pr-lint.yaml
@@ -20,8 +20,3 @@ jobs:
           msg: |
             This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:
             # [${{ env.TICKET_NAME }}](https://jira.digital.nhs.uk/browse/${{ env.TICKET_NAME}})
-
-      - name: Merge dependabot PRs
-        uses: ridedott/merge-me-action@master
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c3d8d4837..a7080bc7a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 2020-02-26
+* Add a config for dependabot so that security updates are automatically merged
+
 ## 2020-02-24
 * Hugely improved linting of source code
 * New testing setup & approach to support e2e tests