Keep all your packages up to date with Dependabot

Since our acquisition of Dependabot last year, we’ve been building its functionality directly into GitHub. This includes two main features:

  • Dependabot security updates are automated pull requests that help you update dependencies with known vulnerabilities. These have been available in all repositories since November 2019, and you’ve shown us just how important these security patches are by merging more than 776,000 security update pull requests.
  • Dependabot version updates are automated pull requests that keep your dependencies updated, even when they don’t have any vulnerabilities. These are available in beta now.

You can now create workflow templates, making it easier to promote best practices and consistency across your organization.

  • Workflow templates are defined in a .github repository, enabling you to leverage all the power of GitHub’s collaborative capabilities and providing full auditability
  • You can optionally define rules for which repositories are a best fit for the templates

