diff --git a/Dockerfile b/Dockerfile
index 596c2c6..0e6f2e2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,7 +17,10 @@ FROM python:3.12-alpine
 RUN apk update && apk --no-cache add gcc musl-dev openjdk17-jdk curl graphviz ttf-dejavu fontconfig
 
 # Download plantuml file, Validate checksum & Move plantuml file
-RUN curl -o plantuml.jar -L https://github.com/plantuml/plantuml/releases/download/v1.2024.6/plantuml-1.2024.6.jar && echo "3e944755cbed59e1ed9332691d92294bef7bbcda  plantuml.jar" | sha1sum -c - && mv plantuml.jar /opt/plantuml.jar
+# renovate: datasource=github-releases depName=plantuml/plantuml
+ARG PLANTUML_VERSION=v1.2024.6
+ARG PLANTUML_CHECKSUM=3e944755cbed59e1ed9332691d92294bef7bbcda
+RUN curl -o plantuml.jar -L https://github.com/plantuml/plantuml/releases/download/v${PLANTUML_VERSION}/plantuml-${PLANTUML_VERSION}.jar && echo "${PLANTUML_CHECKSUM} plantuml.jar" | sha1sum -c - && mv plantuml.jar /opt/plantuml.jar
 
 RUN pip install --upgrade pip && pip install mkdocs-techdocs-core==1.5.4
 
diff --git a/renovate.json b/renovate.json
index 020aa2e..7091b1c 100644
--- a/renovate.json
+++ b/renovate.json
@@ -2,12 +2,33 @@
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": ["config:best-practices", ":gitSignOff"],
   "labels": ["dependencies"],
+  "enabledManagers": [
+    "dockerfile",
+    "pip_requirements",
+    "pip_setup"
+  ],
+  "dockerfile": {
+    "enabled": true
+  },
   "packageRules": [
     {
-      "matchUpdateTypes": ["major", "minor", "patch"],
-      "addLabels": ["{{ updateType }}"]
+      "description": "Automerge minor and patch updates for pip deps",
+      "matchManagers": ["dockerfile"],
+      "matchDatasources": ["pypi", "github-releases"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "addLabels": ["{{ updateType }}"],
+      "automerge": true,
+      "automergeType": "pr"
+    },
+    {
+      "description": "Separate major updates - require manual review",
+      "matchUpdateTypes": ["major"],
+      "automerge": false,
+      "labels": ["major-update", "dependencies"]
     }
   ],
+  "separateMajorMinor": true,
+  "separateMinorPatch": false,
   "osvVulnerabilityAlerts": true,
   "vulnerabilityAlerts": {
     "addLabels": ["security"],