diff --git a/.github/workflows/autoapprove.yml b/.github/workflows/autoapprove.yml
index c39ce31fd..e8ec5755b 100644
--- a/.github/workflows/autoapprove.yml
+++ b/.github/workflows/autoapprove.yml
@@ -1,6 +1,8 @@
 name: Auto approve
 
-on: pull_request
+on:
+  pull_request_target:
+    types: [labeled]
 
 jobs:
   # Auto-approve dependabot PRs since this repo requires at least one approving review.
@@ -8,8 +10,8 @@ jobs:
   # (see .dependabot/config.yml for more info).
   auto-approve-dependabot:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
+    if: github.actor == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies')
     steps:
-      - uses: hmarr/auto-approve-action@v2.0.0
+      - uses: hmarr/auto-approve-action@v2.1.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"