Dependabot helps you keep your Ruby, JavaScript, Python and PHP dependencies up to date. Every day, it checks your dependency files for outdated requirements and opens individual pull requests for any it finds. You review the PRs, merge them, and get to work on the latest, most secure releases.

More about Dependabot

Great pull requests that stay up-to-date

Dependabot PRs include release notes, changelogs and commit links whenever they're available. They'll also automatically keep themselves conflict-free.

Compatibility scores for each update

Dependabot aggregates everyone's test results into a compatibility score, so you can be certain a dependency update is backwards compatible and bug-free.

Simple, drip-feed getting started flow

We'll update five of your dependencies each day, until you're on the cutting edge. Request more PRs if you want, or close them to ignore a dependency until the next release.

Daily, weekly, or monthly update options

Choose to receive update PRs daily, weekly or monthly. Think of it like brushing your teeth regularly rather than occasionally making painful trips to the dentist.

Helpful PRs with release notes, changelogs, and Dependabot compatibility scores
A simple and intelligent comment-based interface to make dependency management as easy as possible
Support for multiple languages and flexible update schedules

Pricing and setup

Dependabot logo preview

Open source / personal account

Free daily dependency updates for all your open source and personal repos

  • Unlimited public repos
  • Unlimited private repos (personal account)

Next: Confirm your installation location.

Dependabot is provided by a third-party and is governed by separate terms, privacy policy, and support contact.