diff --git a/.github/workflows/dependabot-lockfile.yml b/.github/workflows/dependabot-lockfile.yml
new file mode 100644
index 00000000..87c56572
--- /dev/null
+++ b/.github/workflows/dependabot-lockfile.yml
@@ -0,0 +1,44 @@
+name: Fix Dependabot Lockfile
+
+on:
+  pull_request_target:
+    branches: [main]
+
+permissions:
+  contents: write
+  pull-requests: read
+
+jobs:
+  fix-lockfile:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout Dependabot branch
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.CI_PAT }}
+
+      - name: Set up pnpm
+        uses: pnpm/action-setup@v5
+        with:
+          version: 10
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: "22.x"
+
+      - name: Regenerate lockfile
+        run: pnpm install --no-frozen-lockfile --ignore-scripts
+
+      - name: Commit and push if lockfile changed
+        run: |
+          git diff --exit-code pnpm-lock.yaml && exit 0
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add pnpm-lock.yaml
+          git commit -m "fix(deps): regenerate pnpm-lock.yaml"
+          git push