dependencies.io is a product of Dropseed

Native tools and package managers

We believe that whenever possible, automated dependency updates should be done exactly like you would do them yourself. We use git, yarn upgrade, pipenv update, and all the other commands that you use while working.

$ npm upgrade && git commit
version: 2
dependencies:
- type: js
  path: app/frontend
  settings:
    before_update:
    - yarn bootstrap
- type: python
  path: app/backend/Pipfile
- type: dockerfile
  path: dockerfiles/main/Dockerfile
    

Updates that fit your workflow

Every project is a different. Maybe you have a monorepo with multiple languages, or maybe you have custom post-install scripts for your environment. No matter the situation, our goal is to provide a service you can use.

Dependency updates are run with a real git clone of your repo, and you can inject your own commands throughout the update process to ensure all the changes you need are actually made. This also means that we can commit changes to vendored dependencies.

Out-of-range updates to manifests

When versions outside of your range are available, we'll let you know with a PR for that specific dependency. With release notes and test results at hand, you'll be able to decide if updating makes sense for your project and if more work is required.

Javascript pull request screenshot
yarn.lock automated update

In-range updates to lockfiles

For package managers that support version ranges + lockfiles, we make it easy to use the latest changes. When your lockfile becomes outdated, we'll send a PR with the most up-to-date version. When your tests pass, merge the PR to effortlessly make use of all the latest bug fixes and patches to your direct and transitive dependencies.

Scheduled updates

Your repo's dependencies are being updated all the time, whether or not you're working on the project. Our daily, weekly, and monthly scheduling options let you receive updates at a rate that works for you and your team.

Daily

For mission-critical projects that constantly need to be up-to-date with the latest bug fixes and security patches.

Weekly

Ideal for teams that want to stay on top of their dependencies, but don't need every patch as soon as it comes out.

Monthly

Perfect for low-touch projects that are on the back-burner. Don't let them fall too far behind.

Your code is built on dependencies, take them seriously.