Dependabot for Elixir

Dependabot creates pull requests to keep your Elixir dependencies up-to-date.


Elixir is one of Dependabot's best supported languages. Alongside Dependabot's core features it has:

Version conflicts taken care of

Dependabot considers resolvability when determining available version updates. Dependabot PRs will always resolve for your mix.exs.

Mixfile requirement updates

Dependabot will propose updates to your Mixfile, as well as your mixfile.lock. Alternatively, you can set Dependabot to only make lockfile updates.

Support for git sources and private packages

Dependabot can handle private packages and organisations, with a secure way for you to provide credentials. It also works with git sources, private or otherwise.

Automatic vulnerability scanning

Dependabot checks your dependencies against the Elixir Advisory Database, and creates PRs immediately for any vulnerable top-level or subdependencies.

Flexible monorepo support

Using a monorepo? No problem - you can specify one or many directories within a repo for Dependabot to look for dependency files in.

Custom branches and labels

By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.