How it works
Dependabot checks for updates
Dependabot pulls down your dependency files and looks for any outdated or insecure requirements.
Dependabot opens pull requests
If any of your dependencies are out-of-date, Dependabot opens individual pull requests to bump each one.
You review and merge
You check that your tests pass, scan the included changelog and release notes, then hit merge with confidence.