You can configure your repository so that Dependabot automatically updates the packages you use. Enable Dependabot version updates by committing a dependabot.yml configuration file to your repository.
After you've enabled version updates, you can customize how Dependabot maintains your dependencies by adding further options to the dependabot.yml file. For example, you could:
1. Specify which day of the week to open pull requests for version updates: schedule.day.
2. Set reviewers, assignees, and labels for each package manager: reviewers, assignees, and labels.
3. Define a versioning strategy for changes to each manifest file: versioning-strategy.
4. Change the maximum number of open pull requests for version updates from the default of 5: open-pull-requests-limit.
5. Open pull requests for version updates to target a specific branch, instead of the default branch: target-branch.
For all configuration options, check out:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
Presented by: Andrea Griffiths
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Meetup: https://www.meetup.com/pro/github-virtual-meetup/
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com