Goodbye Dependabot Preview, hello Dependabot!
Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the…
Dependabot Preview has helped more than 30,000 organizations keep their packages updated with more than seven million pull requests merged since it launched. As a result of that success, the Dependabot team joined GitHub in May 2019 and started building an updated version of Dependabot directly into GitHub. Now, we’re taking the next step, migrating customers from Dependabot Preview and onto the GitHub-native Dependabot.
As of today, the Dependabot Preview app and Dependabot.com no longer accept new customers, and will be shut down on August 3rd, 2021. To keep getting pull requests that update your packages, upgrade to GitHub Dependabot by merging the “Upgrade to GitHub-native Dependabot” pull request in your repository by August 3rd. After this date, any open pull requests from the Dependabot Preview bot will remain open, but the bot itself will no longer work on your GitHub accounts and organizations.
In GitHub Dependabot, most configuration is done via the configuration file. This file is very similar to the Dependabot Preview configuration file, but we’ve made a few changes and improvements that will be automatically included in the update pull request. You can see the update logs that used to be on the dependabot.com dashboard by going to your repository’s Insights page, clicking the Dependency graph tab on the left, and then clicking Dependabot.
Saying goodbye to a few features
With the recent launch of private registry support, almost all Dependabot Preview features are now available in GitHub Dependabot. However, some features will not be available in GitHub Dependabot:
- Live updates: We hope to bring these back in the future. For now, you can run GitHub Dependabot daily to catch new packages within one day of release.
- PHP environment variable registries: These features have not been added, but we are investigating if there are other solutions. For now, you can use GitHub Actions to fetch dependencies from these registries.
- Auto-merge: We always recommend verifying your dependencies before merging them; therefore, auto-merge will not be supported for the foreseeable future. For those of you who have vetted your dependencies, or are only using internal dependencies, we recommend adding third-party auto-merge apps, or setting up GitHub Actions to merge.
Keeping dependencies updated is a crucial part of securing your software supply chain—whether you’re working on an open source project or a large enterprise. We’ve got lots of exciting features on the roadmap, including more ecosystem updates, improved notifications, and Dependabot support for GitHub Enterprise Server.
If you have any questions or need help migrating, please contact GitHub Support.
Learn more about Dependabot in our documentation, or visit our public roadmap to see what’s next for Dependabot.
Tags:
Written by
Related posts
Explore the best of GitHub Universe: 9 spaces built to spark creativity, connection, and joy
See what’s happening at Universe 2025, from experimental dev tools and career coaching to community-powered spaces. Save $400 on your pass with Early Bird pricing.
Agents panel: Launch Copilot coding agent tasks anywhere on GitHub
Delegate coding tasks to Copilot and track progress wherever you are on GitHub. Copilot works in the background, creates a pull request, and tags you for review when finished.
Q1 2025 Innovation Graph update: Bar chart races, data visualization on the rise, and key research
Discover the latest trends and insights on public software development activity on GitHub with the quarterly release of data for the Innovation Graph, updated through March 2025.