What is Dependabot?
Dependabot helps you keep your dependencies up to date. Every day, it checks your dependency files for outdated requirements and opens individual PRs for any it finds. You review, merge, and get to work on the latest, most secure releases.
Dependabot checks for updates
Dependabot pulls down your dependency files and looks for any outdated or insecure requirements.
Dependabot opens pull requests
If any of your dependencies are out-of-date, Dependabot opens individual pull requests to update each one.
You review and merge
You check that your tests pass, scan the included changelog and release notes, then hit merge with confidence.
Simple, drip-feed getting started flow
We’ll update five of your dependencies each day, until you’re on the cutting edge. Request more PRs if you want, or close them to ignore a dependency until the next release.
Security advisories handled automatically
Great pull requests that stay up-to-date
Dependabot PRs include release notes, changelogs, commit links and vulnerability details whenever available. They also automatically keep themselves conflict-free.
Compatibility scores for each update
Dependabot aggregates everyone’s test results into a compatibility score, so you can be certain a dependency update is backwards compatible and bug-free.
Powerful configuration options
You can configure Dependabot via an online dashboard or commit config files to your repositories with details of how Dependabot should behave.
Live, daily, weekly or monthly updates
Choose to receive update PRs live, daily, weekly or monthly. We make an exception for security patches, which you’ll always receive immediately.