diff --git a/.gitlab/dependabot.yml b/.gitlab/dependabot.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4850c72b914baa2cd5ed50d69bf6b607d54ca7c2
--- /dev/null
+++ b/.gitlab/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: composer
+    directory: /
+    schedule:
+      interval: weekly
+    labels: []
+    versioning-strategy: lockfile-only
+    open-pull-requests-limit: -1
+    open-security-pull-requests-limit: -1
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+    labels: []
+    versioning-strategy: lockfile-only
+    open-pull-requests-limit: -1
+    open-security-pull-requests-limit: -1
diff --git a/composer.json b/composer.json
index 8972ce231a536e196e299a06de3f6ef4cdc10577..7b1403d217fe4c623d9a2875b668055e58755d1e 100644
--- a/composer.json
+++ b/composer.json
@@ -28,7 +28,7 @@
         "mishal/iless": "^2.2",
         "ezyang/htmlpurifier": "^4.13",
         "davefx/phplot": "^6.2",
-        "jasig/phpcas": "^1.3",
+        "jasig/phpcas": "1.5",
         "phpxmlrpc/phpxmlrpc": "^4.4",
         "phpxmlrpc/extras": "^0.6.2",
         "algo26-matthias/idna-convert": "^3.0",