diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index df68c0122..f3a44634b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,5 +10,21 @@ updates:
     # Check the npm registry for updates every month
     schedule:
       interval: "monthly"
-    # Bump versions only in package-lock.json
-    versioning-strategy: "lockfile-only"
+    # Usually only bump versions in package-lock.json, but update package.json for major version updates
+    versioning-strategy: "increase-if-necessary"
+    # Update all dependencies in a single PR
+    groups:
+      # ESLint usually requires updating together for major updates
+      eslint:
+        patterns:
+          - "eslint*"
+          - "@typescript-eslint/*"
+      # Other updates should be okay all at once
+      dev-dependencies:
+        patterns:
+          - "*"
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/codeowners-merge.yml b/.github/workflows/codeowners-merge.yml
index e2f774933..67d119757 100644
--- a/.github/workflows/codeowners-merge.yml
+++ b/.github/workflows/codeowners-merge.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Run Codeowners merge check
-        uses: OSS-Docs-Tools/code-owner-self-merge@1.6.3
+        uses: OSS-Docs-Tools/code-owner-self-merge@1.6.6
         if: github.repository == 'microsoft/TypeScript-DOM-lib-generator'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}