$ mkdir -p .github/
$ touch .github/dependabot.yml
Add the minimum (required) configuration:
Given the configuration, Dependabot will check on a daily interval for
npm updates using the package manifest (
package.json) located at the repository root (
For more options, check out “Configuration options for dependency updates”.
webpack recently published version
5.0.0 and you’re on
At 5am UTC, Dependabot will scan your
package.json and open a pull request (PR) to merge branch
The commit message will look like:
build(deps-dev): bump webpack from 4.0.0 to 5.0.0
The PR description will contain webpack’s release notes, changelog, and/or commits.