diff --git a/.github/workflows/dependabot-sync.yml b/.github/workflows/dependabot-sync.yml
new file mode 100644
index 00000000000..15cde3179bf
--- /dev/null
+++ b/.github/workflows/dependabot-sync.yml
@@ -0,0 +1,23 @@
+name: Sync Dependabot Bump
+on:
+  pull_request:
+    branches: dependabot/npm_and_yarn/**
+
+jobs:
+  sync:
+    name: Sync dependency files
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [16.x]
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Run Sync Script
+        run: node ./scripts/sync-dependencies.mjs {{github.ref_name}}
diff --git a/scripts/sync-dependencies.mjs b/scripts/sync-dependencies.mjs
new file mode 100644
index 00000000000..58a905666f2
--- /dev/null
+++ b/scripts/sync-dependencies.mjs
@@ -0,0 +1,35 @@
+// when dependabot updates a dependency in a package.json,
+// we want to update it in our dependencies.yaml so the update doesn't get clobbered
+// This script is run by the github action in dependabot-sync.yml
+import process from 'node:process'
+import yaml from 'js-yaml'
+import { readFileSync, writeFileSync } from 'fs'
+import path from 'path'
+import { fileURLToPath } from 'url'
+
+// when dependabot updates a dependency in a package.json, we want to update it in our dependencies.yaml
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+
+const depsFile = path.join(__dirname, '..', 'config/dependencies.yaml')
+const oldDepsRaw = readFileSync(depsFile, { encoding: 'utf8' })
+
+// we get the branch name handed to us by the github action,
+// and it has all the info we need about the dependency being updated
+const branchName = process.argv[2]
+const versionRgx = /\d+\.\d+\.\d+$/
+const dependencyVersion = branchName.match(versionRgx)[0]
+const dependency = branchName
+  .replace(`-${dependencyVersion}`, '')
+  .replace('dependabot/npm_and_yarn/', '')
+
+// because this is from dependabot,
+// and because we want all our versions synced
+// we simply find and replace the version wherever it is specified
+const rgx = new RegExp(`(?<='${dependency}':\\W{0,2}\\w*\\W?')\\d+\\.\\d+\\.\\d+(?=')`, 'g')
+const newDepsRaw = oldDepsRaw.replace(rgx, dependencyVersion)
+console.log(`Updating ${dependency} version to ${dependencyVersion} in config/dependencies.yaml`)
+
+// write the file
+writeFileSync(depsFile, newDepsRaw)
+console.log('Successfully updated config/dependencies.yaml')