How it works
Dependabot checks for updates
Every day, Dependabot pulls down your dependency files and looks for any outdated requirements.
Dependabot opens pull requests
If any of your dependencies are out-of-date, Dependabot opens individual pull requests to bump each one.
You review and merge
You check your tests pass, scan the included changelog and release notes, then hit merge with confidence.