diff --git a/.gitattributes b/.gitattributes
index 18677abbcfc..3f737b4f112 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,8 +3,8 @@
 /.copywrite.hcl linguist-generated
 /.gitattributes linguist-generated
 /.github/CODEOWNERS linguist-generated
+/.github/dependabot.yml linguist-generated
 /.github/ISSUE_TEMPLATE/config.yml linguist-generated
-/.github/pull_request_template.md linguist-generated
 /.github/workflows/alert-open-prs.yml linguist-generated
 /.github/workflows/auto-approve.yml linguist-generated
 /.github/workflows/auto-close-community-issues.yml linguist-generated
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000000..549f421d827
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+# NOTE: Dependabot configuration is not managed by Projen because if you enable Dependabot through Projen,
+# it will delete the upgrade-main job and expect you to only use Dependabot for updates.
+# That is not what we want either; we just want to use Dependabot for security updates.
+
+version: 2
+updates:
+  - package-ecosystem: npm
+    versioning-strategy: lockfile-only
+    directory: /
+    schedule:
+      interval: daily
+    ignore:
+      - dependency-name: projen
+    labels:
+      - auto-approve
+      - automerge
+      - dependencies
+      - security
+    # Disable version updates for npm dependencies, only use Dependabot for security updates
+    open-pull-requests-limit: 0
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
deleted file mode 100644
index 11d479bcaed..00000000000
--- a/.github/pull_request_template.md
+++ /dev/null
@@ -1 +0,0 @@
-Fixes #
\ No newline at end of file
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index cfbb5bd1ff7..29653865438 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e
         with:
           days-before-stale: -1
           days-before-close: -1
diff --git a/.gitignore b/.gitignore
index 6d3f63e91bc..148ee3440d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -36,7 +36,6 @@ jspm_packages/
 /dist/version.txt
 !/.github/workflows/release.yml
 !/.github/workflows/upgrade-main.yml
-!/.github/pull_request_template.md
 !/test/
 !/tsconfig.dev.json
 !/src/
@@ -60,6 +59,7 @@ package-lock.json
 !/.github/workflows/provider-upgrade.yml
 !/.github/workflows/alert-open-prs.yml
 !/.github/workflows/force-release.yml
+!/.github/dependabot.yml
 !/.github/CODEOWNERS
 !/scripts/should-release.js
 API.md
diff --git a/.projen/files.json b/.projen/files.json
index f54cf9774c8..91c4de4fe9d 100644
--- a/.projen/files.json
+++ b/.projen/files.json
@@ -3,8 +3,8 @@
     ".copywrite.hcl",
     ".gitattributes",
     ".github/CODEOWNERS",
+    ".github/dependabot.yml",
     ".github/ISSUE_TEMPLATE/config.yml",
-    ".github/pull_request_template.md",
     ".github/workflows/alert-open-prs.yml",
     ".github/workflows/auto-approve.yml",
     ".github/workflows/auto-close-community-issues.yml",
diff --git a/package.json b/package.json
index c974c3e2c84..44c448e5ea2 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
     "jsii-docgen": "^10.2.3",
     "jsii-pacmak": "^1.93.0",
     "jsii-rosetta": "~5.2.0",
-    "projen": "^0.78.0",
+    "projen": "^0.78.1",
     "semver": "^7.5.3",
     "standard-version": "^9",
     "typescript": "~5.2.0"
diff --git a/yarn.lock b/yarn.lock
index 7a20ca62d97..89a95647196 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -201,9 +201,9 @@
     jsii-srcmak "^0.1.954"
 
 "@cdktf/provider-project@^0.5.0":
-  version "0.5.3"
-  resolved "https://registry.yarnpkg.com/@cdktf/provider-project/-/provider-project-0.5.3.tgz#09cf130a611791b6a0984409107afd5b5527a91c"
-  integrity sha512-6UyY84u6A+f0Xsel0kabsqQN4srBIwa4/BFHuZqmSW4DqVbYobd+9wj3EF/Fd0HGnR9elOvZw86WP9zOCIovHA==
+  version "0.5.4"
+  resolved "https://registry.yarnpkg.com/@cdktf/provider-project/-/provider-project-0.5.4.tgz#75da846bfb1be19ff283a96eb16b918e0b01ab27"
+  integrity sha512-h4MJDZhi3el6ngjjjbtxXcDp+IgIwwJXGX/seWuUYDJwBWncmuNbDWeeD+KXCUYft9jxj1I90YArxhm2jSpqaQ==
   dependencies:
     change-case "^4.1.2"
     fs-extra "^10.1.0"
@@ -3309,10 +3309,10 @@ process-nextick-args@~2.0.0:
   resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2"
   integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==
 
-projen@^0.78.0:
-  version "0.78.0"
-  resolved "https://registry.yarnpkg.com/projen/-/projen-0.78.0.tgz#3148000da5a2322666013e689227407a26131ba4"
-  integrity sha512-cLergWOFUGLm+BZy2d0q0MTgyLMw6Htub7XfAgWI7+lsC+anpypeOGvdca3+TcgKZAMZrmPdNjfWNM+5ag6Mew==
+projen@^0.78.1:
+  version "0.78.1"
+  resolved "https://registry.yarnpkg.com/projen/-/projen-0.78.1.tgz#a947d4d063d41e8404032fa4c4b4895e164f89be"
+  integrity sha512-MrvXISCDCiN3WjqrU33RV0ZwfguQTK+E/t5ivhaCmCuXuXHVnSMtwah9uMbCteQm/vJIzDzSV1Ruf7UzeU54Mw==
   dependencies:
     "@iarna/toml" "^2.2.5"
     case "^1.6.3"