Dependabot requires GitHub
Existing project with dependencies
Activate Dependabot vulnerability alerts and automatic security update PRs for all dependency manifests in the repository.
1 version: 2 2 updates: 3 # npm packages 4 - package-ecosystem: "npm" 5 directory: "/" 6 schedule: 7 interval: "weekly" 8 day: "monday" 9 time: "06:00" 10 open-pull-requests-limit: 10 11 groups: 12 production-dependencies: 13 dependency-type: "production" 14 update-types: ["patch", "minor"] 15 ignore: 16 - dependency-name: "typescript" 17 update-types: ["version-update:semver-major"] 18 19 # GitHub Actions 20 - package-ecosystem: "github-actions" 21 directory: "/.github/workflows" 22 schedule: 23 interval: "weekly" 24
Dependabot alerts visible in Security tab; auto-PRs created for outdated packages
Sign in to share your feedback and join the discussion.