diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index aff8572..c1c2e2e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -20,25 +20,43 @@ updates:
       - "dependencies"
       - "automated"
     groups:
-      # Group minor and patch updates together
-      minor-and-patch:
-        patterns:
-          - "*"
-        update-types:
-          - "minor"
-          - "patch"
       # Separate group for Next.js updates
       nextjs:
         patterns:
           - "next"
+          - "next-intl"
           - "react"
           - "react-dom"
         update-types:
           - "minor"
           - "patch"
+      # Separate group for toolchain dependencies (riskier upgrades)
+      toolchain:
+        dependency-type: "development"
+        patterns:
+          - "@biomejs/*"
+          - "@swc/*"
+          - "esbuild"
+          - "vite"
+          - "rollup"
+          - "@rollup/*"
+          - "typescript"
+        update-types:
+          - "minor"
+          - "patch"
       # Separate group for dev dependencies
       dev-dependencies:
         dependency-type: "development"
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+      # Group minor and patch updates together (prod deps only)
+      minor-and-patch:
+        dependency-type: "production"
+        patterns:
+          - "*"
         update-types:
           - "minor"
           - "patch"
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index 8b742b5..cd69d64 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -3,6 +3,7 @@ name: Dependabot Auto-merge
 on:
   pull_request:
     branches: [main]
+    types: [opened, synchronize, reopened, ready_for_review]
 
 permissions:
   contents: write
@@ -20,6 +21,39 @@ jobs:
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Fix lockfile (npm install)
+        run: npm install --ignore-scripts --no-audit --no-fund
+
+      - name: Detect lockfile changes
+        id: lockfile
+        run: |
+          if [[ -n "$(git status --porcelain package-lock.json)" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Commit updated package-lock.json
+        if: steps.lockfile.outputs.changed == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add package-lock.json
+          git commit -m "chore(deps): update package-lock.json"
+          git push
+
       - name: Enable auto-merge for minor and patch updates
         if: |
           (steps.metadata.outputs.update-type == 'version-update:semver-minor' ||
diff --git a/.github/workflows/update-github-stars.yml b/.github/workflows/update-github-stars.yml
index fc7be1f..e2d69e9 100644
--- a/.github/workflows/update-github-stars.yml
+++ b/.github/workflows/update-github-stars.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
 
       - name: Install dependencies