What is dependabot?
Monitor vulnerabilities in dependencies used in your project and keep your dependencies up-to-date with Dependabot.
What is the Advantage?
This will automatically open pull_request for your dependencies upgrade and you don't need to do it manually
Getting Started
You need to create a file inside the .github
directory at the root of your project. I have a React project so in my case, my project uses npm
package-ecosystem your project might be different like you have Java and maven or Gradle... etc so only you need to change the name npm
to your package-ecosystem name. For more Check the docs
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
This will daily check for your dependencies upgrade if any dependency will be upgradable then it will open a PR for that. We can change the interval like weekly and monthly
You can see the following image to get an idea which is showing there are four dependencies upgradable in your project.
Thank you!