diff --git a/.github/ISSUE_TEMPLATE/07_deps_maintenance_task.md b/.github/ISSUE_TEMPLATE/07_deps_maintenance_task.md
index c2cb548c655c..96c06c003334 100644
--- a/.github/ISSUE_TEMPLATE/07_deps_maintenance_task.md
+++ b/.github/ISSUE_TEMPLATE/07_deps_maintenance_task.md
@@ -24,6 +24,8 @@ assignees: ''
 
 See [notion page](https://www.notion.so/satoshilabs/Dependency-Management-1b5bf845aa1f4ca7b9d57ea9ccd3fe63) for more details.
 
+💡 _Hint:_ `ncu --deep -u -c 14 -t greatest --pre 0 -f DEP_NAME` to honor the [npmMinimalAgeGate](https://github.com/trezor/trezor-suite/blob/develop/.yarnrc.yml) when using [ncu](https://www.npmjs.com/package/npm-check-updates)
+
 ## QA instructions
 
 🚧 not known yet, will be discovered – it depends on specific list of updated dependencies.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000000..2d5740606225
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Note that this just limits age of the versions that dependabot suggests, not a limit for installation (that's in .yarnrc.yml)
+    cooldown:
+      default-days: 14
+      include:
+        - "*"
+      exclude:
+        - "@evolu/*"
+        - "@types/invity-api"
diff --git a/.yarnrc.yml b/.yarnrc.yml
index 65a8af9e270e..017de00f7403 100644
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -8,6 +8,13 @@ logFilters:
 
 nodeLinker: node-modules
 
+# Allow only packages older than 14 days (in minutes). Schema declares that "14d" can be entered, but that doesn't have any effect.
+npmMinimalAgeGate: 20160
+# Skip age gate for experimental, rapidly changing packages
+npmPreapprovedPackages:
+  - "@evolu/*"
+  - "@types/invity-api@*"
+
 plugins:
   - checksum: 5e73a1acbb9741fce1e8335e243c9480ea2107b9b4b65ed7643785ddea9e3019aee254a92a853b1cd71023b16fff5b7d3afd5256fe57cd35a54f8785b8c30281
     path: .yarn/plugins/@yarnpkg/plugin-outdated.cjs