Getting started with dependabot- What is dependabot?

What is dependabot?

Monitor vulnerabilities in dependencies used in your project and keep your dependencies up-to-date with Dependabot.

What is the Advantage?

This will automatically open pull_request for your dependencies upgrade and you don't need to do it manually

Getting Started

You need to create a file inside the .github directory at the root of your project. I have a React project so in my case, my project uses npm package-ecosystem your project might be different like you have Java and maven or Gradle... etc so only you need to change the name npm to your package-ecosystem name. For more Check the docs

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
interval: "daily"

This will daily check for your dependencies upgrade if any dependency will be upgradable then it will open a PR for that. We can change the interval like weekly and monthly You can see the following image to get an idea which is showing there are four dependencies upgradable in your project.

Thank you!