Dependabot for Elixir
Dependabot creates pull requests to keep your Elixir dependencies up-to-date.
Elixir is one of Dependabot's best supported languages. Alongside Dependabot's core features it has:
Version conflicts taken care of
Dependabot considers resolvability when determining available version updates. Dependabot PRs will always resolve for your mix.exs.
Mixfile requirement updates
Dependabot will propose updates to your Mixfile, as well as your mixfile.lock. Alternatively, you can set Dependabot to only make lockfile updates.
Support for git sources and private packages
Dependabot can handle private packages and organisations, with a secure way for you to provide credentials. It also works with git sources, private or otherwise.
Automatic vulnerability scanning
Dependabot checks your dependencies against the Elixir Advisory Database, and creates PRs immediately for any vulnerable top-level or subdependencies.
Flexible monorepo support
Using a monorepo? No problem - you can specify one or many directories within a repo for Dependabot to look for dependency files in.
Custom branches and labels
By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.