Every day, Dependabot checks your dependency files for outdated or insecure requirements and opens individual pull requests for any it finds. You review the PRs, merge them, and get to work on the latest, most secure releases.
More about Dependabot
Great PRs that stay up-to-date
Dependabot pull requests include release notes, changelogs and commit links whenever they're available. They'll also automatically keep themselves conflict-free.
Compatibility scores for each update
Dependabot aggregates everyone's test results into a compatibility score, so you can be certain a dependency update is backwards compatible and bug-free.
Security advisories handled automatically
Simple getting started flow
We'll update five of your dependencies each day, until you're on the cutting edge. Request more PRs if you want, or close them to ignore a dependency until the next release.
Automatic merge options
Dependabot can be configured to automatically merge PRs if your tests pass on them, based on the size of the change (patch/minor/major) and the dependency type.
Pricing and setup
Open source / personal account
Free daily dependency updates for all your open source and personal repos
Small organisation Free Trial
Daily dependency update for up to five private repos$15 / month$180 / year
Unlimited Free Trial
Daily dependency update for all your private repos$50 / month$600 / year