Keeping your dependencies updated automatically

Dependabot can maintain your repository's dependencies automatically.

About Dependabot version updates→
You can use Dependabot to keep the packages you use updated to the latest versions.
Upgrading from Dependabot.com to GitHub-native Dependabot→
You can upgrade to GitHub-native Dependabot by merging a pull request that will allow your dependencies to continue being updated.
Enabling and disabling version updates→
You can configure your repository so that Dependabot automatically updates the packages you use.
Listing dependencies configured for version updates→
You can view the dependencies that Dependabot monitors for updates.
Managing pull requests for dependency updates→
You manage pull requests raised by Dependabot in much the same way as other pull requests, but there are some extra options.
Automating Dependabot with GitHub Actions→
Examples of how you can use GitHub Actions to automate common Dependabot related tasks.
Managing encrypted secrets for Dependabot→
You can store sensitive information, like passwords and access tokens, as encrypted secrets and then reference these in the Dependabot configuration file.
Customizing dependency updates→
You can customize how Dependabot maintains your dependencies.
Configuration options for dependency updates→
Detailed information for all the options you can use to customize how Dependabot maintains your repositories.
Keeping your actions up to date with Dependabot→
You can use Dependabot to keep the actions you use updated to the latest versions.

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Still need help?

Ask the GitHub community Contact support