diff --git a/.github/workflows/auto-dependabot.yaml b/.github/workflows/auto-dependabot.yaml
index 6d7a567..d3f5aa1 100644
--- a/.github/workflows/auto-dependabot.yaml
+++ b/.github/workflows/auto-dependabot.yaml
@@ -1,18 +1,40 @@
-name: Dependabot Auto Manage
-on: pull_request
+name: Auto-merge Dependabot PR
+
+on:
+  # XXX: !!! SECURITY WARNING !!!
+  # pull_request_target has write access to the repo, and can read secrets. We
+  # need to audit any external actions executed in this workflow and make sure no
+  # checked out code is run (not even installing dependencies, as installing
+  # dependencies usually can execute pre/post-install scripts). We should also
+  # only use hashes to pick the action to execute (instead of tags or branches).
+  # For more details read:
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  pull_request_target:
 
 permissions:
-  contents: write
+  contents: read
   pull-requests: write
 
 jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+  auto-merge:
+    name: Auto-merge Dependabot PR
+    if: >
+      github.actor == 'dependabot[bot]' &&
+      !contains(github.event.pull_request.title, 'the repo-config group')
+    runs-on: ubuntu-slim
     steps:
-      - uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165 # v1.5.0
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
+          private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
+
+      - name: Auto-merge Dependabot PR
+        uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165 # v1.5.0
         with:
+          github-token: ${{ steps.app-token.outputs.token }}
           dependency-type: 'all'
           auto-merge: 'true'
           merge-method: 'merge'
-          add-label: 'auto-merged'
+          add-label: 'tool:auto-merged'
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ccabd9c..c75bc47 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -28,11 +28,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch:
-          - amd64
-          - arm
-        os:
+        platform:
           - ubuntu-24.04
+          - ubuntu-24.04-arm
         python:
           - "3.11"
           - "3.12"
@@ -41,7 +39,7 @@ jobs:
           # that uses the same venv to run multiple linting sessions
           - "ci_checks_max"
           - "pytest_min"
-    runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }}
+    runs-on: ${{ matrix.platform }}
 
     steps:
       - name: Run nox
@@ -60,7 +58,7 @@ jobs:
     needs: ["nox"]
     # We skip this job only if nox was also skipped
     if: always() && needs.nox.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.nox.result }}
     steps:
@@ -105,15 +103,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch:
-          - amd64
-          - arm
-        os:
+        platform:
           - ubuntu-24.04
+          - ubuntu-24.04-arm
         python:
           - "3.11"
           - "3.12"
-    runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }}
+    runs-on: ${{ matrix.platform }}
 
     steps:
       - name: Setup Git
@@ -161,7 +157,7 @@ jobs:
     needs: ["test-installation"]
     # We skip this job only if test-installation was also skipped
     if: always() && needs.test-installation.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.test-installation.result }}
     steps:
@@ -276,7 +272,7 @@ jobs:
       # discussions to create the release announcement in the discussion forums
       contents: write
       discussions: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     steps:
       - name: Download distribution files
         uses: actions/download-artifact@v7
diff --git a/.github/workflows/dco-merge-queue.yml b/.github/workflows/dco-merge-queue.yml
index fb1cd90..d9597ad 100644
--- a/.github/workflows/dco-merge-queue.yml
+++ b/.github/workflows/dco-merge-queue.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   DCO:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - run: echo "This DCO job runs on merge_queue event and doesn't check PR contents"
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 8d02c13..c327e7f 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -7,7 +7,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Labeler
         # XXX: !!! SECURITY WARNING !!!
diff --git a/.github/workflows/release-notes-check.yml b/.github/workflows/release-notes-check.yml
index 0b758cd..ab3017f 100644
--- a/.github/workflows/release-notes-check.yml
+++ b/.github/workflows/release-notes-check.yml
@@ -16,7 +16,7 @@ on:
 jobs:
   check-release-notes:
     name: Check release notes are updated
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Check for a release notes update
         if: github.event_name == 'pull_request'
diff --git a/mkdocs.yml b/mkdocs.yml
index 8986bd5..97524e8 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -99,8 +99,8 @@ plugins:
       default_handler: python
       handlers:
         python:
+          paths: ["src"]
           options:
-            paths: ["src"]
             docstring_section_style: spacy
             inherited_members: true
             merge_init_into_class: false
@@ -111,7 +111,7 @@ plugins:
             show_signature_annotations: true
             show_source: true
             signature_crossrefs: true
-          import:
+          inventories:
             - https://docs.python.org/3/objects.inv
             - https://typing-extensions.readthedocs.io/en/stable/objects.inv
             - https://frequenz-floss.github.io/frequenz-api-dispatch/v0.13/objects.inv
diff --git a/pyproject.toml b/pyproject.toml
index 4ff361c..acff224 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@
 requires = [
   "setuptools == 80.10.2",
   "setuptools_scm[toml] == 9.2.2",
-  "frequenz-repo-config[lib] == 0.13.8",
+  "frequenz-repo-config[lib] == 0.16.0",
 ]
 build-backend = "setuptools.build_meta"
 
@@ -13,7 +13,8 @@ build-backend = "setuptools.build_meta"
 name = "frequenz-client-dispatch"
 description = "Dispatch API client for Python"
 readme = "README.md"
-license = { text = "MIT" }
+license = "MIT"
+license-files = ["LICENSE"]
 keywords = [
   "frequenz",
   "python",
@@ -28,7 +29,6 @@ keywords = [
 classifiers = [
   "Development Status :: 3 - Alpha",
   "Intended Audience :: Developers",
-  "License :: OSI Approved :: MIT License",
   "Programming Language :: Python :: 3",
   "Programming Language :: Python :: 3 :: Only",
   "Topic :: Software Development :: Libraries",
@@ -63,6 +63,7 @@ cli = [
 
 dev-flake8 = [
   "flake8 == 7.3.0",
+  "flake8-datetimez == 20.10.0",
   "flake8-docstrings == 1.7.0",
   "flake8-pyproject == 1.2.4",  # For reading the flake8 config from pyproject.toml
   "pydoclint == 0.8.3",
@@ -79,7 +80,7 @@ dev-mkdocs = [
   "mkdocs-macros-plugin == 1.5.0",
   "mkdocs-material == 9.7.3",
   "mkdocstrings[python] == 1.0.3",
-  "frequenz-repo-config[lib] == 0.13.8",
+  "frequenz-repo-config[lib] == 0.16.0",
 ]
 dev-mypy = [
   "mypy == 1.19.1",
@@ -90,7 +91,7 @@ dev-mypy = [
   "types-protobuf == 6.32.1.20251210",
   "types-python-dateutil == 2.9.0.20251115",
 ]
-dev-noxfile = ["nox == 2025.11.12", "frequenz-repo-config[lib] == 0.13.8"]
+dev-noxfile = ["nox == 2025.11.12", "frequenz-repo-config[lib] == 0.16.0"]
 dev-pylint = [
   "pylint == 4.0.5",
   # For checking the noxfile, docs/ script, and tests