Since our acquisition of Dependabot last year, we’ve been building its functionality directly into GitHub. This includes two main features:

  • Dependabot security updates are automated pull requests that help you update dependencies with known vulnerabilities. These have been available in all repositories since November 2019, and you’ve shown us just how important these security patches are by merging more than 776,000 security update pull requests.
  • Dependabot version updates are automated pull requests that keep your dependencies updated, even when they don’t have any vulnerabilities. These are available in beta now.

Check out the full blog post to learn more.