Skip to content

Dependabot now schedules version updates uniformly

Unless a specific time is provided, Dependabot version updates run at 5AM UTC daily, weekly, or monthly; however, this results in large usage spikes that slow down updates for everyone.

Starting today, we no longer schedule unspecified updates at the same time. Instead, each repository is assigned a time at random, and all updates in that repository will start at that time. If you want to specify a different time for updates to begin, you can use the schedule.time and schedule.timezone properties on each update.

As an example, this config resets the /frontend/package.json to run at 5AM UTC, while specifying /backend/package.json to run at 13:30 Pacific:

- package-ecosystem: "npm"
  directory: "/frontend"
    interval: "daily"
    time: "05:00"
    timezone: "UTC"
- package-ecosystem: "npm"
  directory: "/backend"
    interval: "daily"
    time: "13:30"
    timezone: "America/Los_Angeles"

Learn more about configuring schedules for Dependabot version updates.

To see what's next for Dependabot, visit the public roadmap.

The new Required Conversation resolution branch protection rule and Conversations menu is now generally available. Easily discover your pull request comments from the files changed tab and require that all your pull request conversations are resolved before merging.


You can enable and disable the conversation resolution branch protection rule through your repository branch settings, or with our REST and GraphQL APIs. Apart from this change, we are also introducing a new type of webhook event that is triggered when a conversation is resolved or unresolved.

Learn more about discovering and navigating conversations.

See more