Dependabot for Rust

Dependabot creates pull requests to keep your Rust dependencies up-to-date.


Rust is one of Dependabot's newest languages. We're still rapidly improving it, but alongside Dependabot's core features it already has:

Cargo.toml and lockfile updates

Dependabot will propose updates to your Cargo.toml, as well as your Cargo.lock. Alternatively, you can set Dependabot to only make lockfile updates.

Automatic vulnerability scanning

Dependabot checks your dependencies against the RustSec Advisory Database, and creates PRs immediately for any vulnerable top-level or subdependencies.

Support for git sources

Dependabot can handle git sources, and will create PRs to keep them pointing to the latest commit. For private git sources you can enter credentials in your dashboard.

Custom branches and labels

By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.