Dependabot now supports automatic dependency updates for vcpkg, the free C/C++ package manager from Microsoft. This enables teams using vcpkg to keep their C and C++ dependencies secure and up-to-date automatically. This applies to version updates and not to security updates.

How it works

When you enable Dependabot for vcpkg, it will monitor your vcpkg.json manifest files and create pull requests to update the builtin-baseline commit hash. This ensures your C/C++ dependencies stay current with the latest versions available in the vcpkg port repository.

Getting started

To enable Dependabot for your vcpkg projects, add a vcpkg configuration to your .github/dependabot.yml file. See the Dependabot options reference for detailed configuration options and examples.

Learn more