Dependabot for Rust
Dependabot creates pull requests to keep your Rust dependencies up-to-date.
Rust is one of Dependabot's newest languages. We're still rapidly improving it, but alongside Dependabot's core features it already has:
Cargo.toml and lockfile updates
Dependabot will propose updates to your Cargo.toml, as well as your Cargo.lock. Alternatively, you can set Dependabot to only make lockfile updates.
Automatic vulnerability scanning
Dependabot checks your dependencies against the RustSec Advisory Database, and creates PRs immediately for any vulnerable top-level or subdependencies.
Support for git sources
Dependabot can handle git sources, and will create PRs to keep them pointing to the latest commit. For private git sources you can enter credentials in your dashboard.
Custom branches and labels
By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.