diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 368fbea44..96e962940 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,20 +3,13 @@ version: 2
 updates:
   - package-ecosystem: bundler
     directory: "/"
-    schedule:
-      interval: daily
-      time: "20:00"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 3
     allow:
       - dependency-type: all
-    versioning-strategy: lockfile-only
 
   - package-ecosystem: bundler
     directory: "/gemfile_steep"
-    schedule:
-      interval: daily
-      time: "20:00"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 3
     allow:
       - dependency-type: all
     versioning-strategy: lockfile-only
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
index 27fea67f8..daf169377 100644
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -5,13 +5,21 @@ permissions:
   pull-requests: write
   contents: write
 
+env:
+  blocker_files: steep.gemspec Gemfile gemfile_steep/Gemfile
+
 jobs:
   dependabot:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Abort if blocker files are changed
+        run: git diff --exit-code ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} -- ${{ env.blocker_files }}
       - name: Enable auto-merge for Dependabot PRs
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}