Automated dependency updates

Dependabot makes keeping your Ruby and JavaScript dependencies up to date easy.

How it works

1

Dependabot checks for updates

Every day, Dependabot pulls down your dependency files and looks for any outdated requirements.

2

Opens pull requests

If any of your dependencies are out-of-date, Dependabot opens individual pull requests to bump each one.

3

Then you review and merge

You check your tests pass, scan the included changelog and release notes, then hit merge with confidence.

Screenshot of a Dependabot pull request

Features

Get up to date painlessly

We'll update five of your dependencies each day, until you're on the cutting edge. Request more PRs if you want, or close them to ignore a dependency until the next release.

Daily update checking

We check for new releases every day, and send you PRs for each one. Think of it like brushing your teeth every day rather than occasionally making painful trips to the dentist.

Easy-to-review pull requests

Dependabot PRs include release notes, changelogs and commit links whenever they're available. They'll also automatically keep themselves conflict-free.

Multi-language support

Dependabot already supports Ruby and Javascript, with Python and CocoaPods in beta testing. Other languages are easy to add to our open-source core.

Pricing

Free for the first month if you sign up by June 1st

Open Source

Open source projects are always free

$0 / month

Hobbyist

Unlimited private projects on your personal account

$5 / month

Startup

Up to 5 private projects on an organization account

$15 / month

Unlimited

Unlimited private projects on an organization account

$50 / month

Dependabot works as a GitHub integration. To get started, we'll take you through the GitHub flow to link your account.

