diff --git a/.github/workflows/auto-merge-dependabot-dependency-updates.yaml b/.github/workflows/auto-merge-dependabot-dependency-updates.yaml
new file mode 100644
index 0000000..088818c
--- /dev/null
+++ b/.github/workflows/auto-merge-dependabot-dependency-updates.yaml
@@ -0,0 +1,33 @@
+# Automatically merge (using squash) dependency update PRs, opened by Dependabot, under the following conditions:
+#
+#   - PR was opened by dependabot[bot].
+#   - Dependency update is a minor or patch update. This is determined based on Dependabot's metadata.
+#   - Configured required checks pass.
+#
+# PRs are approved and merged by user codacybeta (https://github.com/orgs/codacy/people/codacybeta), using its
+# AUTO_MERGE_TOKEN.
+name: Auto-merge Dependabot dependency updates
+
+on:
+  pull_request:
+
+jobs:
+  auto-merge:
+    name: Auto-merge Dependabot dependency updates
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Get Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.AUTO_MERGE_TOKEN }}
+      - name: Approve PR and set it to auto-merge
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        run: |
+          gh pr review --approve ${{ github.event.pull_request.number }}
+          gh pr merge --squash --auto ${{ github.event.pull_request.number }}
+        env:
+          GH_TOKEN: ${{ secrets.AUTO_MERGE_TOKEN }}
diff --git a/.github/workflows/dependabot_auto_approve.yml b/.github/workflows/dependabot_auto_approve.yml
deleted file mode 100644
index 1e67b30..0000000
--- a/.github/workflows/dependabot_auto_approve.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request
-
-name: Dependabot auto-approve
-on: pull_request
-
-permissions:
-  pull-requests: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/dependabot_auto_merge.yml b/.github/workflows/dependabot_auto_merge.yml
deleted file mode 100644
index f45abb0..0000000
--- a/.github/workflows/dependabot_auto_merge.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
-
-name: Dependabot auto-merge
-on: pull_request
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/docs/multiple-tests/pattern-vulnerability-high/results.xml b/docs/multiple-tests/pattern-vulnerability-high/results.xml
index 3e303cc..a9d614f 100644
--- a/docs/multiple-tests/pattern-vulnerability-high/results.xml
+++ b/docs/multiple-tests/pattern-vulnerability-high/results.xml
@@ -100,7 +100,7 @@
         <error
             source="vulnerability_high"
             line="14"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 1.12.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 0.30.2)"
             severity="high"
         />
     </file>
@@ -121,7 +121,7 @@
         <error
             source="vulnerability_high"
             line="5"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 1.12.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-58754: axios: Axios DoS via lack of data size check) (update to 0.30.2)"
             severity="high"
         />
     </file>
diff --git a/docs/multiple-tests/pattern-vulnerability-medium/results.xml b/docs/multiple-tests/pattern-vulnerability-medium/results.xml
index 615957c..3160819 100644
--- a/docs/multiple-tests/pattern-vulnerability-medium/results.xml
+++ b/docs/multiple-tests/pattern-vulnerability-medium/results.xml
@@ -122,6 +122,12 @@
             message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-4673: net/http: Sensitive headers not cleared on cross-origin redirect in net/http) (update to 1.23.10)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="3"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2025-47906: os/exec: Unexpected paths returned from LookPath in os/exec) (update to 1.23.12)"
+            severity="warning"
+        />
     </file>
 
     <file name="gradle/gradle.lockfile">