GIT Course

Dependabot

Go back

GitHub is providing a bot that will create pull requests when new updates for your dependencies are released. This can be easily enabled by creating .github/dependabot.yml.

You can go to Insights > Dependency graph > Dependabot to create a template file. Then you simply need to set the package-ecosystem. You got a table here.


Example (gradle - JAVA)

version: 2
updates:
  - package-ecosystem: "gradle"
    directory: "/"
    schedule:
      interval: "daily"

Example (npm - Node)

version: 2
updates:
    - package-ecosystem: "npm"
      directory: "/"
      schedule:
        interval: "daily"
        time: "13:00"
      open-pull-requests-limit: "99"
      versioning-strategy: "increase"