{"id":"320604c4-59c6-4384-8aa5-002658490c0f","shortId":"TwwgPp","kind":"skill","title":"dependabot","tagline":">-","description":"# Dependabot Configuration & Management\n\n## Overview\n\nDependabot is GitHub's built-in dependency management tool with three core capabilities:\n\n1. **Dependabot Alerts** — Notify when dependencies have known vulnerabilities (CVEs)\n2. **Dependabot Security Updates** — Auto-create PRs to fix vulnerable dependencies\n3. **Dependabot Version Updates** — Auto-create PRs to keep dependencies current\n\nAll configuration lives in a **single file**: `.github/dependabot.yml` on the default branch. GitHub does **not** support multiple `dependabot.yml` files per repository.\n\n## Configuration Workflow\n\nFollow this process when creating or optimizing a `dependabot.yml`:\n\n### Step 1: Detect All Ecosystems\n\nScan the repository for dependency manifests. Look for:\n\n| Ecosystem | YAML Value | Manifest Files |\n|---|---|---|\n| npm/pnpm/yarn | `npm` | `package.json`, `package-lock.json`, `pnpm-lock.yaml`, `yarn.lock` |\n| pip/pipenv/poetry/uv | `pip` | `requirements.txt`, `Pipfile`, `pyproject.toml`, `setup.py` |\n| Docker | `docker` | `Dockerfile` |\n| Docker Compose | `docker-compose` | `docker-compose.yml` |\n| GitHub Actions | `github-actions` | `.github/workflows/*.yml` |\n| Go modules | `gomod` | `go.mod` |\n| Bundler (Ruby) | `bundler` | `Gemfile` |\n| Cargo (Rust) | `cargo` | `Cargo.toml` |\n| Composer (PHP) | `composer` | `composer.json` |\n| NuGet (.NET) | `nuget` | `*.csproj`, `packages.config` |\n| .NET SDK | `dotnet-sdk` | `global.json` |\n| Maven (Java) | `maven` | `pom.xml` |\n| Gradle (Java) | `gradle` | `build.gradle` |\n| Terraform | `terraform` | `*.tf` |\n| OpenTofu | `opentofu` | `*.tf` |\n| Helm | `helm` | `Chart.yaml` |\n| Hex (Elixir) | `mix` | `mix.exs` |\n| Swift | `swift` | `Package.swift` |\n| Pub (Dart) | `pub` | `pubspec.yaml` |\n| Bun | `bun` | `bun.lockb` |\n| Dev Containers | `devcontainers` | `devcontainer.json` |\n| Git Submodules | `gitsubmodule` | `.gitmodules` |\n| Pre-commit | `pre-commit` | `.pre-commit-config.yaml` |\n\nNote: pnpm and yarn both use the `npm` ecosystem value.\n\n### Step 2: Map Directory Locations\n\nFor each ecosystem, identify where manifests live. Use `directories` (plural) with glob patterns for monorepos:\n\n```yaml\ndirectories:\n  - \"/\"           # root\n  - \"/apps/*\"     # all app subdirs\n  - \"/packages/*\" # all package subdirs\n  - \"/lib-*\"      # dirs starting with lib-\n  - \"**/*\"        # recursive (all subdirs)\n```\n\nImportant: `directory` (singular) does NOT support globs. Use `directories` (plural) for wildcards.\n\n### Step 3: Configure Each Ecosystem Entry\n\nEvery entry needs at minimum:\n\n```yaml\n- package-ecosystem: \"npm\"\n  directory: \"/\"\n  schedule:\n    interval: \"weekly\"\n```\n\n### Step 4: Optimize with Grouping, Labels, and Scheduling\n\nSee sections below for each optimization technique.\n\n## Monorepo Strategies\n\n### Glob Patterns for Workspace Coverage\n\nFor monorepos with many packages, use glob patterns to avoid listing each directory:\n\n```yaml\n- package-ecosystem: \"npm\"\n  directories:\n    - \"/\"\n    - \"/apps/*\"\n    - \"/packages/*\"\n    - \"/services/*\"\n  schedule:\n    interval: \"weekly\"\n```\n\n### Cross-Directory Grouping\n\nUse `group-by: dependency-name` to create a single PR when the same dependency updates across multiple directories:\n\n```yaml\ngroups:\n  monorepo-deps:\n    group-by: dependency-name\n```\n\nThis creates one PR per dependency across all specified directories, reducing CI costs and review burden.\n\nLimitations:\n- All directories must use the same package ecosystem\n- Applies to version updates only\n- Incompatible version constraints create separate PRs\n\n### Standalone Packages Outside Workspaces\n\nIf a directory has its own lockfile and is NOT part of the workspace (e.g., scripts in `.github/`), create a separate ecosystem entry for it.\n\n## Dependency Grouping\n\nReduce PR noise by grouping related dependencies into single PRs.\n\n### By Dependency Type\n\n```yaml\ngroups:\n  dev-dependencies:\n    dependency-type: \"development\"\n    update-types: [\"minor\", \"patch\"]\n  production-dependencies:\n    dependency-type: \"production\"\n    update-types: [\"minor\", \"patch\"]\n```\n\n### By Name Pattern\n\n```yaml\ngroups:\n  angular:\n    patterns: [\"@angular*\"]\n    update-types: [\"minor\", \"patch\"]\n  testing:\n    patterns: [\"jest*\", \"@testing-library*\", \"ts-jest\"]\n```\n\n### For Security Updates\n\n```yaml\ngroups:\n  security-patches:\n    applies-to: security-updates\n    patterns: [\"*\"]\n    update-types: [\"patch\", \"minor\"]\n```\n\nKey behaviors:\n- Dependencies matching multiple groups go to the **first** match\n- `applies-to` defaults to `version-updates` when absent\n- Ungrouped dependencies get individual PRs\n\n## Multi-Ecosystem Groups\n\nCombine updates across different package ecosystems into a single PR:\n\n```yaml\nversion: 2\n\nmulti-ecosystem-groups:\n  infrastructure:\n    schedule:\n      interval: \"weekly\"\n    labels: [\"infrastructure\", \"dependencies\"]\n\nupdates:\n  - package-ecosystem: \"docker\"\n    directory: \"/\"\n    patterns: [\"nginx\", \"redis\"]\n    multi-ecosystem-group: \"infrastructure\"\n\n  - package-ecosystem: \"terraform\"\n    directory: \"/\"\n    patterns: [\"aws*\"]\n    multi-ecosystem-group: \"infrastructure\"\n```\n\nThe `patterns` key is required when using `multi-ecosystem-group`.\n\n## PR Customization\n\n### Labels\n\n```yaml\nlabels:\n  - \"dependencies\"\n  - \"npm\"\n```\n\nSet `labels: []` to disable all labels including defaults. SemVer labels (`major`, `minor`, `patch`) are always applied if present in the repo.\n\n### Commit Messages\n\n```yaml\ncommit-message:\n  prefix: \"deps\"\n  prefix-development: \"deps-dev\"\n  include: \"scope\"  # adds deps/deps-dev scope after prefix\n```\n\n### Assignees and Milestones\n\n```yaml\nassignees: [\"security-team-lead\"]\nmilestone: 4  # numeric ID from milestone URL\n```\n\n### Branch Name Separator\n\n```yaml\npull-request-branch-name:\n  separator: \"-\"  # default is /\n```\n\n### Target Branch\n\n```yaml\ntarget-branch: \"develop\"  # PRs target this instead of default branch\n```\n\nNote: When `target-branch` is set, security updates still target the default branch; all ecosystem config only applies to version updates.\n\n## Schedule Optimization\n\n### Intervals\n\nSupported: `daily`, `weekly`, `monthly`, `quarterly`, `semiannually`, `yearly`, `cron`\n\n```yaml\nschedule:\n  interval: \"weekly\"\n  day: \"monday\"         # for weekly only\n  time: \"09:00\"         # HH:MM format\n  timezone: \"America/New_York\"\n```\n\n### Cron Expressions\n\n```yaml\nschedule:\n  interval: \"cron\"\n  cronjob: \"0 9 * * 1\"  # Every Monday at 9 AM\n```\n\n### Cooldown Periods\n\nDelay updates for newly released versions to avoid early-adopter issues:\n\n```yaml\ncooldown:\n  default-days: 5\n  semver-major-days: 30\n  semver-minor-days: 7\n  semver-patch-days: 3\n  include: [\"*\"]\n  exclude: [\"critical-lib\"]\n```\n\nCooldown applies to version updates only, not security updates.\n\n## Security Updates Configuration\n\n### Enable via Repository Settings\n\nSettings → Advanced Security → Enable Dependabot alerts, security updates, and grouped security updates.\n\n### Group Security Updates in YAML\n\n```yaml\ngroups:\n  security-patches:\n    applies-to: security-updates\n    patterns: [\"*\"]\n    update-types: [\"patch\", \"minor\"]\n```\n\n### Disable Version Updates (Security Only)\n\n```yaml\nopen-pull-requests-limit: 0  # disables version update PRs\n```\n\n### Auto-Triage Rules\n\nGitHub presets auto-dismiss low-impact alerts for development dependencies. Custom rules can filter by severity, package name, CWE, and more. Configure in repository Settings → Advanced Security.\n\n## PR Comment Commands\n\nInteract with Dependabot PRs using `@dependabot` comments.\n\n> **Note:** As of January 2026, merge/close/reopen commands have been deprecated.\n> Use GitHub's native UI, CLI (`gh pr merge`), or auto-merge instead.\n\n| Command | Effect |\n|---|---|\n| `@dependabot rebase` | Rebase the PR |\n| `@dependabot recreate` | Recreate the PR from scratch |\n| `@dependabot ignore this dependency` | Close and never update this dependency |\n| `@dependabot ignore this major version` | Ignore this major version |\n| `@dependabot ignore this minor version` | Ignore this minor version |\n| `@dependabot ignore this patch version` | Ignore this patch version |\n\nFor grouped PRs, additional commands:\n- `@dependabot ignore DEPENDENCY_NAME` — ignore specific dependency in group\n- `@dependabot unignore DEPENDENCY_NAME` — clear ignores, reopen with updates\n- `@dependabot unignore *` — clear all ignores for all dependencies in group\n- `@dependabot show DEPENDENCY_NAME ignore conditions` — display current ignores\n\nFor the complete command reference, see `references/pr-commands.md`.\n\n## Ignore and Allow Rules\n\n### Ignore Specific Dependencies\n\n```yaml\nignore:\n  - dependency-name: \"lodash\"\n  - dependency-name: \"@types/node\"\n    update-types: [\"version-update:semver-patch\"]\n  - dependency-name: \"express\"\n    versions: [\"5.x\"]\n```\n\n### Allow Only Specific Types\n\n```yaml\nallow:\n  - dependency-type: \"production\"\n  - dependency-name: \"express\"\n```\n\nRule: If a dependency matches both `allow` and `ignore`, it is **ignored**.\n\n### Exclude Paths\n\n```yaml\nexclude-paths:\n  - \"vendor/**\"\n  - \"test/fixtures/**\"\n```\n\n## Advanced Options\n\n### Versioning Strategy\n\nControls how Dependabot edits version constraints:\n\n| Value | Behavior |\n|---|---|\n| `auto` | Default — increase for apps, widen for libraries |\n| `increase` | Always increase minimum version |\n| `increase-if-necessary` | Only change if current range excludes new version |\n| `lockfile-only` | Only update lockfiles, ignore manifests |\n| `widen` | Widen range to include both old and new versions |\n\n### Rebase Strategy\n\n```yaml\nrebase-strategy: \"disabled\"  # stop auto-rebasing\n```\n\nAllow rebase over extra commits by including `[dependabot skip]` in commit messages.\n\n### Open PR Limit\n\n```yaml\nopen-pull-requests-limit: 10  # default is 5 for version, 10 for security\n```\n\nSet to `0` to disable version updates entirely.\n\n### Private Registries\n\n```yaml\nregistries:\n  npm-private:\n    type: npm-registry\n    url: https://npm.example.com\n    token: ${{secrets.NPM_TOKEN}}\n\nupdates:\n  - package-ecosystem: \"npm\"\n    directory: \"/\"\n    registries:\n      - npm-private\n```\n\n## FAQ\n\n**Can I have multiple `dependabot.yml` files?**\nNo. GitHub supports exactly one file at `.github/dependabot.yml`. Use multiple `updates` entries within that file for different ecosystems and directories.\n\n**Does Dependabot support pnpm?**\nYes. Use `package-ecosystem: \"npm\"` — Dependabot detects `pnpm-lock.yaml` automatically.\n\n**How do I reduce PR noise in a monorepo?**\nUse `groups` to batch updates, `directories` with globs for coverage, and `group-by: dependency-name` for cross-directory grouping. Consider `monthly` or `quarterly` intervals for low-priority ecosystems.\n\n**How do I handle dependencies outside the workspace?**\nCreate a separate ecosystem entry with its own `directory` pointing to that location.\n\n## Resources\n\n- `references/dependabot-yml-reference.md` — Complete YAML options reference\n- `references/pr-commands.md` — Full PR comment commands reference\n- `references/example-configs.md` — Real-world configuration examples","tags":["dependabot","awesome","copilot","github","agent-skills","agents","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"capabilities":["skill","source-github","skill-dependabot","topic-agent-skills","topic-agents","topic-awesome","topic-custom-agents","topic-github-copilot","topic-hacktoberfest","topic-prompt-engineering"],"categories":["awesome-copilot"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/github/awesome-copilot/dependabot","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add github/awesome-copilot","source_repo":"https://github.com/github/awesome-copilot","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 30784 github stars · SKILL.md body (10,992 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T06:52:19.670Z","embedding":null,"createdAt":"2026-04-18T20:29:46.127Z","updatedAt":"2026-04-22T06:52:19.670Z","lastSeenAt":"2026-04-22T06:52:19.670Z","tsv":"'/apps':238,327 '/lib-':246 '/packages':242,328 '/services':329 '0':755,864,1201 '00':742 '09':741 '1':20,87,757 '10':1190,1196 '2':30,216,558 '2026':916 '3':42,267,797 '30':787 '4':287,666 '5':782,1067,1193 '7':792 '9':756,761 'absent':536 'across':354,374,548 'action':126,129 'add':651 'addit':990 'adopt':775 'advanc':820,900,1103 'alert':22,824,881 'allow':1038,1069,1074,1089,1169 'alway':628,1124 'america/new_york':747 'angular':479,481 'app':240,1119 'appli':393,505,528,629,716,804,842 'applies-to':504,527,841 'assigne':656,660 'auto':35,47,870,876,933,1115,1167 'auto-cr':34,46 'auto-dismiss':875 'auto-merg':932 'auto-rebas':1166 'auto-triag':869 'automat':1273 'avoid':317,772 'aw':590 'batch':1286 'behavior':517,1114 'branch':65,672,679,685,689,697,702,711 'build.gradle':166 'built':11 'built-in':10 'bun':187,188 'bun.lockb':189 'bundler':136,138 'burden':383 'capabl':19 'cargo':140,142 'cargo.toml':143 'chang':1133 'chart.yaml':175 'ci':379 'clear':1005,1012 'cli':927 'close':954 'combin':546 'command':904,918,936,991,1032,1346 'comment':903,911,1345 'commit':200,203,635,639,1173,1179 'commit-messag':638 'complet':1031,1338 'compos':120,123,144,146 'composer.json':147 'condit':1025 'config':714 'configur':3,55,75,268,814,896,1352 'consid':1305 'constraint':400,1112 'contain':191 'control':1107 'cooldown':763,778,803 'core':18 'cost':380 'coverag':307,1292 'creat':36,48,81,345,369,401,426,1323 'critic':801 'critical-lib':800 'cron':730,748,753 'cronjob':754 'cross':334,1302 'cross-directori':333,1301 'csproj':151 'current':53,1027,1135 'custom':608,885 'cves':29 'cwe':893 'daili':724 'dart':184 'day':735,781,786,791,796 'default':64,530,621,682,696,710,780,1116,1191 'default-day':779 'delay':765 'dep':361,642,647 'depend':13,25,41,52,95,342,352,366,373,433,441,446,452,454,464,466,518,538,569,612,884,953,959,994,998,1003,1017,1022,1042,1046,1050,1063,1076,1080,1086,1298,1319 'dependabot':1,2,6,21,31,43,823,907,910,938,943,950,960,969,978,992,1001,1010,1020,1109,1176,1261,1270 'dependabot.yml':71,85,1238 'dependency-nam':341,365,1045,1049,1062,1079,1297 'dependency-typ':453,465,1075 'deprec':921 'deps-dev':646 'deps/deps-dev':652 'detect':88,1271 'dev':190,451,648 'dev-depend':450 'devcontain':192 'devcontainer.json':193 'develop':456,645,690,883 'differ':549,1256 'dir':247 'directori':218,228,236,255,262,282,320,326,335,356,377,386,410,575,588,1228,1259,1288,1303,1331 'disabl':617,853,865,1164,1203 'dismiss':877 'display':1026 'docker':116,117,119,122,574 'docker-compos':121 'docker-compose.yml':124 'dockerfil':118 'dotnet':156 'dotnet-sdk':155 'e.g':422 'earli':774 'early-adopt':773 'ecosystem':90,99,213,222,270,280,324,392,429,544,551,561,573,581,586,593,605,713,1226,1257,1268,1314,1326 'edit':1110 'effect':937 'elixir':177 'enabl':815,822 'entir':1206 'entri':271,273,430,1251,1327 'everi':272,758 'exact':1243 'exampl':1353 'exclud':799,1095,1099,1137 'exclude-path':1098 'express':749,1065,1082 'extra':1172 'faq':1233 'file':60,72,103,1239,1245,1254 'filter':888 'first':525 'fix':39 'follow':77 'format':745 'full':1343 'gemfil':139 'get':539 'gh':928 'git':194 'github':8,66,125,128,425,873,923,1241 'github-act':127 'github/dependabot.yml':61,1247 'github/workflows':130 'gitmodul':197 'gitsubmodul':196 'glob':231,260,303,314,1290 'global.json':158 'go':132,522 'go.mod':135 'gomod':134 'gradl':163,165 'group':290,336,339,358,363,434,439,449,478,500,521,545,562,582,594,606,828,831,837,988,1000,1019,1284,1295,1304 'group-bi':338,362,1294 'handl':1318 'helm':173,174 'hex':176 'hh':743 'id':668 'identifi':223 'ignor':951,961,965,970,974,979,983,993,996,1006,1014,1024,1028,1036,1040,1044,1091,1094,1146 'impact':880 'import':254 'includ':620,649,798,1152,1175 'incompat':398 'increas':1117,1123,1125,1129 'increase-if-necessari':1128 'individu':540 'infrastructur':563,568,583,595 'instead':694,935 'interact':905 'interv':284,331,565,722,733,752,1309 'issu':776 'januari':915 'java':160,164 'jest':489,495 'keep':51 'key':516,598 'known':27 'label':291,567,609,611,615,619,623 'lead':664 'lib':250,802 'librari':492,1122 'limit':384,863,1183,1189 'list':318 'live':56,226 'locat':219,1335 'lockfil':414,1141,1145 'lockfile-on':1140 'lodash':1048 'look':97 'low':879,1312 'low-impact':878 'low-prior':1311 'major':624,785,963,967 'manag':4,14 'mani':311 'manifest':96,102,225,1147 'map':217 'match':519,526,1087 'maven':159,161 'merg':930,934 'merge/close/reopen':917 'messag':636,640,1180 'mileston':658,665,670 'minimum':276,1126 'minor':460,472,485,515,625,790,852,972,976 'mix':178 'mix.exs':179 'mm':744 'modul':133 'monday':736,759 'monorepo':234,301,309,360,1282 'monorepo-dep':359 'month':726,1306 'multi':543,560,580,592,604 'multi-ecosystem':542 'multi-ecosystem-group':559,579,591,603 'multipl':70,355,520,1237,1249 'must':387 'name':343,367,475,673,680,892,995,1004,1023,1047,1051,1064,1081,1299 'nativ':925 'necessari':1131 'need':274 'net':149,153 'never':956 'new':1138,1156 'newli':768 'nginx':577 'nois':437,1279 'note':205,698,912 'notifi':23 'npm':105,212,281,325,613,1212,1216,1227,1231,1269 'npm-privat':1211,1230 'npm-registri':1215 'npm.example.com':1219 'npm/pnpm/yarn':104 'nuget':148,150 'numer':667 'old':1154 'one':370,1244 'open':860,1181,1186 'open-pull-requests-limit':859,1185 'opentofu':170,171 'optim':83,288,299,721 'option':1104,1340 'outsid':406,1320 'overview':5 'packag':244,279,312,323,391,405,550,572,585,891,1225,1267 'package-ecosystem':278,322,571,584,1224,1266 'package-lock.json':107 'package.json':106 'package.swift':182 'packages.config':152 'part':418 'patch':461,473,486,503,514,626,795,840,851,981,985,1061 'path':1096,1100 'pattern':232,304,315,476,480,488,510,576,589,597,847 'per':73,372 'period':764 'php':145 'pip':111 'pip/pipenv/poetry/uv':110 'pipfil':113 'plural':229,263 'pnpm':206,1263 'pnpm-lock.yaml':108,1272 'point':1332 'pom.xml':162 'pr':348,371,436,555,607,902,929,942,947,1182,1278,1344 'pre':199,202 'pre-commit':198,201 'pre-commit-config.yaml':204 'prefix':641,644,655 'prefix-develop':643 'present':631 'preset':874 'prioriti':1313 'privat':1207,1213,1232 'process':79 'product':463,468,1078 'production-depend':462 'prs':37,49,403,444,541,691,868,908,989 'pub':183,185 'pubspec.yaml':186 'pull':677,861,1187 'pull-request-branch-nam':676 'pyproject.toml':114 'quarter':727,1308 'rang':1136,1150 'real':1350 'real-world':1349 'rebas':939,940,1158,1162,1168,1170 'rebase-strategi':1161 'recreat':944,945 'recurs':251 'redi':578 'reduc':378,435,1277 'refer':1033,1341,1347 'references/dependabot-yml-reference.md':1337 'references/example-configs.md':1348 'references/pr-commands.md':1035,1342 'registri':1208,1210,1217,1229 'relat':440 'releas':769 'reopen':1007 'repo':634 'repositori':74,93,817,898 'request':678,862,1188 'requir':600 'requirements.txt':112 'resourc':1336 'review':382 'root':237 'rubi':137 'rule':872,886,1039,1083 'rust':141 'scan':91 'schedul':283,293,330,564,720,732,751 'scope':650,653 'scratch':949 'script':423 'sdk':154,157 'secrets.npm':1221 'section':295 'secur':32,497,502,508,662,705,810,812,821,825,829,832,839,845,856,901,1198 'security-patch':501,838 'security-team-lead':661 'security-upd':507,844 'see':294,1034 'semiannu':728 'semver':622,784,789,794,1060 'semver-major-day':783 'semver-minor-day':788 'semver-patch':1059 'semver-patch-day':793 'separ':402,428,674,681,1325 'set':614,704,818,819,899,1199 'setup.py':115 'sever':890 'show':1021 'singl':59,347,443,554 'singular':256 'skill' 'skill-dependabot' 'skip':1177 'source-github' 'specif':997,1041,1071 'specifi':376 'standalon':404 'start':248 'step':86,215,266,286 'still':707 'stop':1165 'strategi':302,1106,1159,1163 'subdir':241,245,253 'submodul':195 'support':69,259,723,1242,1262 'swift':180,181 'target':684,688,692,701,708 'target-branch':687,700 'team':663 'techniqu':300 'terraform':167,168,587 'test':487,491 'test/fixtures':1102 'testing-librari':490 'tf':169,172 'three':17 'time':740 'timezon':746 'token':1220,1222 'tool':15 'topic-agent-skills' 'topic-agents' 'topic-awesome' 'topic-custom-agents' 'topic-github-copilot' 'topic-hacktoberfest' 'topic-prompt-engineering' 'triag':871 'ts':494 'ts-jest':493 'type':447,455,459,467,471,484,513,850,1055,1072,1077,1214 'types/node':1052 'ui':926 'ungroup':537 'unignor':1002,1011 'updat':33,45,353,396,458,470,483,498,509,512,534,547,570,706,719,766,807,811,813,826,830,833,846,849,855,867,957,1009,1054,1058,1144,1205,1223,1250,1287 'update-typ':457,469,482,511,848,1053 'url':671,1218 'use':210,227,261,313,337,388,602,909,922,1248,1265,1283 'valu':101,214,1113 'vendor':1101 'version':44,395,399,533,557,718,770,806,854,866,964,968,973,977,982,986,1057,1066,1105,1111,1127,1139,1157,1195,1204 'version-upd':532,1056 'via':816 'vulner':28,40 'week':285,332,566,725,734,738 'widen':1120,1148,1149 'wildcard':265 'within':1252 'workflow':76 'workspac':306,407,421,1322 'world':1351 'x':1068 'yaml':100,235,277,321,357,448,477,499,556,610,637,659,675,686,731,750,777,835,836,858,1043,1073,1097,1160,1184,1209,1339 'yarn':208 'yarn.lock':109 'year':729 'yes':1264 'yml':131","prices":[{"id":"19d5a32a-11ee-4eb7-8fe0-015b96355763","listingId":"320604c4-59c6-4384-8aa5-002658490c0f","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"github","category":"awesome-copilot","install_from":"skills.sh"},"createdAt":"2026-04-18T20:29:46.127Z"}],"sources":[{"listingId":"320604c4-59c6-4384-8aa5-002658490c0f","source":"github","sourceId":"github/awesome-copilot/dependabot","sourceUrl":"https://github.com/github/awesome-copilot/tree/main/skills/dependabot","isPrimary":false,"firstSeenAt":"2026-04-18T21:49:08.886Z","lastSeenAt":"2026-04-22T06:52:19.670Z"},{"listingId":"320604c4-59c6-4384-8aa5-002658490c0f","source":"skills_sh","sourceId":"github/awesome-copilot/dependabot","sourceUrl":"https://skills.sh/github/awesome-copilot/dependabot","isPrimary":true,"firstSeenAt":"2026-04-18T20:29:46.127Z","lastSeenAt":"2026-04-22T06:40:24.177Z"}],"details":{"listingId":"320604c4-59c6-4384-8aa5-002658490c0f","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"github","slug":"dependabot","github":{"repo":"github/awesome-copilot","stars":30784,"topics":["agent-skills","agents","ai","awesome","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"license":"mit","html_url":"https://github.com/github/awesome-copilot","pushed_at":"2026-04-21T22:20:21Z","description":"Community-contributed instructions, agents, skills, and configurations to help you make the most of GitHub Copilot.","skill_md_sha":"62b6614b6f301b02957ff0e079cf1c4337172123","skill_md_path":"skills/dependabot/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/github/awesome-copilot/tree/main/skills/dependabot"},"layout":"multi","source":"github","category":"awesome-copilot","frontmatter":{"name":"dependabot","description":">-"},"skills_sh_url":"https://skills.sh/github/awesome-copilot/dependabot"},"updatedAt":"2026-04-22T06:52:19.670Z"}}