Yarn and npm5 lockfile support
Dependabot works with lockfiles out of the box. It will automatically detect whether you're using Yarn or npm5 and keep the lockfile up-to-date.
Support for git sources and custom registries
Dependabot can handle git sources and custom registries, including those that require authentication. You name it, Dependabot supports it.
Monorepo support, including Yarn workspaces
Using a monorepo? Dependabot will pick up all your JS dependency files automatically if you're using Yarn workspaces, or you can specify directories individually.
Custom branches and labels
By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.