Upgrading from Dependabot.com to GitHub-native Dependabot

You can upgrade to GitHub-native Dependabot by merging a pull request that will allow your dependencies to continue being updated.

Dependabot Preview has been shut down as of August 3rd, 2021. In order to keep getting Dependabot updates, please migrate to GitHub-native Dependabot.

Open pull requests from Dependabot Preview will remain open, including the pull request to upgrade to GitHub-native Dependabot, but the bot itself will no longer work on your GitHub accounts and organizations.

About upgrading from Dependabot Preview to GitHub-native Dependabot de GitHub

Dependabot Preview has been built directly into GitHub, so you can use Dependabot de GitHub alongside all the other functionality in GitHub without having to install and use a separate application. By migrating to GitHub-native Dependabot de GitHub, we can also focus on bringing lots of exciting new features to Dependabot de GitHub, including more ecosystem updates, improved notifications, and Dependabot de GitHub support for Servidor de GitHub Enterprise and GitHub AE.

Differences between Dependabot Preview and GitHub-native Dependabot de GitHub

While most of the Dependabot Preview features exist in GitHub-native Dependabot de GitHub, a few remain unavailable:

  • Live updates: We hope to bring these back in the future. For now, you can run GitHub Dependabot de GitHub daily to catch new packages within one day of release.
  • PHP environment variable registries: For projects that rely on the ACF_PRO_KEY environment variable, you may be able to vendor your licensed copy of the Advanced Custom Fields plugin. For an example, see dependabot/acf-php-example. For other environment variables, you can use GitHub Actions to fetch dependencies from these registries.
  • Auto-merge: We always recommend verifying your dependencies before merging them; therefore, auto-merge will not be supported for the foreseeable future. For those of you who have vetted your dependencies, or are only using internal dependencies, we recommend adding third-party auto-merge apps, or setting up GitHub Actions to merge. We have provided the dependabot/fetch-metadata action to help developers enable GitHub's automerge.

In GitHub-native Dependabot de GitHub, you can configure all version updates using the configuration file. This file is similar to the Dependabot Preview configuration file with a few changes and improvements that will be automatically included in your upgrade pull request. For more information about the upgrade pull request, see "Upgrading to GitHub-native Dependabot".

To see update logs for GitHub-native Dependabot de GitHub that were previously on the Dependabot.com dashboard:

  1. Navigate to your repository’s Insights page.
  2. Click Dependency graph to the left.
  3. Click Dependabot de GitHub.

For more information about version updates with GitHub-native Dependabot de GitHub, see "About Dependabot version updates."

Upgrading to GitHub-native Dependabot de GitHub

Upgrading from Dependabot Preview to GitHub-native Dependabot de GitHub requires you to merge the Upgrade to GitHub-native Dependabot pull request in your repository. This pull request includes the updated configuration file needed for GitHub-native Dependabot de GitHub.

If you are using private repositories, you will have to grant Dependabot access to these repositories in your organization's security and analysis settings. For more information, see "Allowing Dependabot to access private dependencies". Previously, Dependabot had access to all repositories within an organization, but we implemented this change because it is much safer to use the principle of least privilege for Dependabot.

If you are using private registries, you will have to add your existing Dependabot Preview secrets to your repository's or organization's "Dependabot secrets". For more information, see "Managing encrypted secrets for Dependabot".

If you have any questions or need help migrating, you can view or open issues in the dependabot/dependabot-core repository.

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.