Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

Managing pull requests for dependency updates

You manage pull requests raised by Dependabot de GitHub in much the same way as other pull requests, but there are some extra options.

En este artículo

About Dependabot de GitHub pull requests

Dependabot de GitHub raises pull requests to update dependencies. Depending on how your repository is configured, Dependabot de GitHub may raise pull requests for version updates and/or for security updates. You manage these pull requests in the same way as any other pull request, but there are also some extra commands available. For information about enabling Dependabot de GitHub dependency updates, see "Configuring Actualizaciones de seguridad del Dependabot de GitHub" and "Enabling and disabling version updates."

When Dependabot de GitHub raises a pull request, you're notified by your chosen method for the repository. Each pull request contains detailed information about the proposed change, taken from the package manager. These pull requests follow the normal checks and tests defined in your repository. In addition, where enough information is available, you'll see a compatibility score. This may also help you decide whether or not to merge the change. For information about this score, see "About Actualizaciones de seguridad del Dependabot de GitHub."

If you have many dependencies to manage, you may want to customize the configuration for each package manager so that pull requests have specific reviewers, assignees, and labels. For more information, see "Customizing dependency updates."

Viewing Dependabot de GitHub pull requests

  1. En GitHub, visita la página principal del repositorio.
  2. Debajo del nombre de tu repositorio, da clic en Solicitudes de extracción. Selección de la pestaña de propuestas y solicitudes de extracción
  3. Any pull requests for security and version updates are easy to identify.
    • The author is dependabot, the bot account used by Dependabot de GitHub.
    • By default, they have the dependencies label.

Changing the rebase strategy for Dependabot de GitHub pull requests

By default, Dependabot de GitHub automatically rebases pull requests to resolve any conflicts. If you'd prefer to handle merge conflicts manually, you can disable this using the rebase-strategy option. For details, see "Configuration options for dependency updates."

Managing Dependabot de GitHub pull requests with comment commands

Dependabot de GitHub responds to simple commands in comments. Each pull request contains details of the commands you can use to process the pull request, for example: to merge, squash, reopen, close, or rebase the pull request. The aim is to make it as easy as possible for you to triage these automatically generated pull requests.

If you run any of the commands for ignoring dependencies or versions, Dependabot de GitHub stores the preferences for the repository centrally. While this is a quick solution, for repositories with more than one contributor it is better to explicitly define the dependencies and versions to ignore in the configuration file. This makes it easy for all contributors to see why a particular dependency isn't being updated automatically. For more information, see "Configuration options for dependency updates."

¿Te ayudó este documento?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.