Dependabot is moving natively into GitHub! To move forward from Dependabot Preview, see the docs.
Great PRs that stay up-to-date
Dependabot pull requests include release notes, changelogs and commit links whenever they're available. They'll also automatically keep themselves conflict-free.
Compatibility scores for each update
Dependabot aggregates everyone's test results into a compatibility score, so you can be certain a dependency update is backwards compatible and bug-free.
Security advisories handled automatically
Simple getting started flow
We'll update five of your dependencies each day, until you're on the cutting edge. Request more PRs if you want, or close them to ignore a dependency until the next release.