Skip to content

Dependabot

Configuration

Introduction

Dependabot is GitHub’s service for keeping repository dependencies up to date and staying ahead of security vulnerabilities in open source packages.

Based on the configured package ecosystems, Dependabot will send alerts to repository administrators for security-related events in referenced packages. Dependabot will also open Pull Requests to update dependencies when fixes are published.

Features

GitHub Actions

Watches for updates to GitHub Actions workflow steps, e.g. actions/checkout.

Read more about Keeping actions up to date with Dependabot