Options to add metadata to pull requests: reviewers, assignees, labels, milestone.Options to control which dependencies are updated: allow, groups, ignore, vendor.Options to customize the update schedule: schedule.time, schedule.timezone, schedule.day.Essential set up options that you must include in all configurations: package-ecosystem, directory, schedule.interval.These options fit broadly into the following categories. How to update manifest version requirements Timezone for time of day (zone identifier) Private registries that Dependabot can access Limit number of open pull requests for version updatesĬhange separator for pull request branch names OptionĮnable ecosystems that have beta-level supportĪllow or deny code execution in manifest files Each entry configures the update settings for a particular package manager. You use it to configure how Dependabot updates the versions or your project's dependencies. Configuration options for the dependabot.yml file The file must start with version: 2.įor a real-world example of dependabot.yml file, see Dependabot's own configuration file. You can, optionally, include a top-level registries key. The dependabot.yml file has two mandatory top-level keys: version, and updates. Note: You cannot configure Dependabot alerts using the dependabot.yml file.
