Configuring Dependabot for a Python project

GitHub's Dependabot can automatically file PRs with bumps to dependencies when new versions of them are available.

In June 2023 they added support for Grouped version updates, so one PR will be filed that updates multiple dependencies at the same time.

The Dependabot setup instructions don't explicitly mention projects which keep all of their dependency information in

It works just fine with those kinds of projects too.

To start it working, create a file in .github/dependabot.yml with the following contents:

version: 2
- package-ecosystem: pip
  directory: "/"
    interval: daily
    time: "13:00"
        - "*"

Then navigate to (but for your project) - that's Insights -> Dependency graph -> Dependabot - to confirm that it worked.

This should work for projects that use or pyproject.toml or requirements.txt.

Created 2022-01-14T16:33:03-08:00, updated 2023-08-03T17:41:54-07:00 · History · Edit