diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index f6552d8..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-version: 2
-updates:
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    target-branch: "develop"
-    commit-message:
-      prefix: "#trivial Dependabot "
diff --git a/Gemfile.lock b/Gemfile.lock
index 84556ae..89993d2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -50,7 +50,8 @@ GEM
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    git (1.11.0)
+    git (1.18.0)
+      addressable (~> 2.8)
       rchardet (~> 1.8)
     json (2.6.2)
     kramdown (2.4.0)
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..edc5600
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,8 @@
+{
+  "extends": ["config:best-practices"],
+  "schedule": "on monday before 8am",
+  "vulnerabilityAlerts": {
+    "groupName": "Vulnerable Dependencies",
+    "enabled": true
+  }
+}