Dependabot can now detect and update Swift package dependencies in Xcode projects that manage packages through .xcodeproj bundles, even when no Package.swift file is present. This improvement has been one of the most requested enhancements for Swift ecosystem support, and it’s now generally available.

Many iOS and macOS apps manage their Swift Package Manager dependencies entirely through Xcode, storing version rules in project.pbxproj and resolved pins in Package.resolved files nested inside .xcodeproj or .xcworkspace bundles. Until now, Dependabot required a top-level Package.swift manifest to discover and update Swift dependencies, leaving a large portion of the Apple developer community without automated dependency updates.

With this release, Dependabot will:

  • Automatically discover Xcode-managed Package.resolved files in both .xcodeproj and .xcworkspace bundle layouts.
  • Parse dependency version rules from project.pbxproj to respect the version constraints you’ve set in Xcode.
  • Open pull requests that update the appropriate Package.resolved file(s) in place, so your project stays compatible with Xcode without manual intervention.

If your repository contains an .xcodeproj bundle with a Package.resolved file, Dependabot will automatically pick it up on the next scheduled run. You can also add or adjust your dependabot.yml configuration to customize update behavior for the swift package ecosystem as usual. This is available now for cloud and will be supported in GitHub Enterprise Server 3.22.

To learn more, check out our Dependabot ecosystem documentation and join the conversation with developers in dependabot-core.