Explore GitHub's New Acquisition - Dependabot

Are you tired of upgrading your project dependencies manually? If you maintain your source code in GitHub, then don’t worry. The recent acquisition from GitHub addresses all our problems using a third party service called “Dependabot”.

 

 

Dependabot is a service that has been integrated with GitHub recently which automatically checks your project dependencies for new versions.

 

 

Once you configure Dependabot for your repositories, it will perform two tasks.

• It checks for any outdated version of the project dependencies in your repo.
• If Dependabot finds any latest version, then it will create a pull request with upgraded dependencies.

All you have to do is to review and merge the pull request changes.

 

Let’s explore how to configure Dependabot.

 

I will show you how to configure the Dependabot for projects in GitHub. Before diving into the configuration, let me tell you Dependabot supports the below languages.

 

 

For demo purposes, I’m making a copy of another repository to freely experiment. The references are added below for those who want to try.

 

Go to the below link and click “Fork” on the top-right corner.

 

 

Once you click on the “Fork” button, it will be available in your GitHub repository.

 

Follow the below steps to configure the dependabot.

1. Log into GitHub repository and click on “Marketplace”.
   
   
   
   
2. Search for Dependabot and click on it.
   
   
   
   
3. Scroll down and click on “Install it for free”.
   
   
   
   
4. It’s free of cost so click on “complete order and begin installation”.
   
   
   
   
5. Based on your needs, either you can select “All repositories” or “Only select repositories”. Click on the "Install" button.
   
   
   
   
6. You will be redirected to the dependabot dashboard. Just use GitHub login credentials to log into the dashboard. Click on “Authorize dependabot preview by GitHub”.
   
   
   
   
7. From the Dependabot dashboard, we need to add repositories. Click on the “Select repos to add” button.
   
   
   
   
8. Select the required repositories and languages and click on “Add selected” button.
   
   
   
   
9. Click on “Bump” now button. By default, it will be configured to update schedule as daily. You can change options by clicking on the Settings icon on the right side. (.NET (beta) => Settings icon ). You can change settings as per your need and click “Update Settings”.
   
   
   
   
10. Go back to the GitHub repository and click on the pull request.
    
    
    
    Wow! This repo uses some outdated version dependencies.
    
    
11. Just click on the highlighted link and you can see the pull request changes like - what files have been changed etc.
    
    
    
    

You can review changes and merge these.

 

Dependabot helps keep your dependencies up-to-date. It's free for personal accounts and open source. I recently noticed dev.to opensourced and using this dependabot service on their repository.

 

Hope you learned something new. Keep learning & keep sharing.