Today, we’re launching Dependabot — a dependable robot who’ll keep your dependencies up-to-date for you. Here’s how it works.
Dependabot is a GitHub app that automates dependency updates.
Every day, Dependabot pulls down your dependency files and looks for any outdated requirements. If any of your dependencies are out-of-date, Dependabot opens individual pull requests to bump each one. All you need to do is check your tests pass, scan the included changelog and release notes, and make a call on hitting merge or skipping the new version.
- Staying up-to-date is the most secure strategy
- Making incremental changes beats have big-bang updates
There are other apps out there that can help you with the above, but Dependabot is the only one that supports multiple languages and has an open-source core.
Just click on one of the links below. The app is totally free for the first month if you sign up before June 14th 2017.