Explore GitHub's New Acquisition - Dependabot

Are you tired of upgrading your project dependencies manually? If you maintain your source code in GitHub, then don’t worry. The recent acquisition from GitHub addresses all our problems using a third party service called “Dependabot”.
 

What is Dependabot?

 
Dependabot is a service that has been integrated with GitHub recently which automatically checks your project dependencies for new versions.
 

How it works

 
Once you configure Dependabot for your repositories, it will perform two tasks.
  • It checks for any outdated version of the project dependencies in your repo.
  • If Dependabot finds any latest version, then it will create a pull request with upgraded dependencies.
All you have to do is to review and merge the pull request changes.
 
Let’s explore how to configure Dependabot.
 
I will show you how to configure the Dependabot for projects in GitHub. Before diving into the configuration, let me tell you Dependabot supports the below languages.
 
Explore Github's New Acquisition - Dependabot
 
For demo purposes, I’m making a copy of another repository to freely experiment. The references are added below for those who want to try.
 
Go to the below link and click “Fork” on the top-right corner.
 
Explore Github's New Acquisition - Dependabot
 
Once you click on the “Fork” button, it will be available in your GitHub repository.
 
Follow the below steps to configure the dependabot.
  1. Log into GitHub repository and click on “Marketplace”.

    Explore Github's New Acquisition - Dependabot

  2. Search for Dependabot and click on it.

    Explore Github's New Acquisition - Dependabot

  3. Scroll down and click on “Install it for free”.

    Explore Github's New Acquisition - Dependabot

  4. It’s free of cost so click on “complete order and begin installation”.

    Explore Github's New Acquisition - Dependabot

  5. Based on your needs, either you can select “All repositories” or “Only select repositories”. Click on the "Install" button.

    Explore Github's New Acquisition - Dependabot

  6. You will be redirected to the dependabot dashboard. Just use GitHub login credentials to log into the dashboard. Click on “Authorize dependabot preview by GitHub”.

    Explore Github's New Acquisition - Dependabot

  7. From the Dependabot dashboard, we need to add repositories. Click on the “Select repos to add” button.

    Explore Github's New Acquisition - Dependabot

  8. Select the required repositories and languages and click on “Add selected” button.

    Explore Github's New Acquisition - Dependabot

  9. Click on “Bump” now button. By default, it will be configured to update schedule as daily. You can change options by clicking on the Settings icon on the right side. (.NET (beta) => Settings icon ). You can change settings as per your need and click “Update Settings”.

    Explore Github's New Acquisition - Dependabot

  10. Go back to the GitHub repository and click on the pull request.

    Explore Github's New Acquisition - Dependabot

    Wow! This repo uses some outdated version dependencies.

  11. Just click on the highlighted link and you can see the pull request changes like - what files have been changed etc.

    Explore Github's New Acquisition - Dependabot

    Explore Github's New Acquisition - Dependabot
You can review changes and merge these.
 
Dependabot helps keep your dependencies up-to-date. It's free for personal accounts and open source. I recently noticed dev.to opensourced and using this dependabot service on their repository.
 
Hope you learned something new. Keep learning & keep sharing.