Dependabot now supports grouping updates by dependency name across multiple directories, making it easier to manage dependency upgrades in repositories with more than one package or service.

What’s changed

Previously, Dependabot generated a separate pull request for each directory where a dependency needed updating. If your repository contained multiple directories, this meant several pull requests for a single dependency bump. For example, upgrading requests across three directories would produce three individual pull requests:

  • chore(deps): bump requests in /service-a
  • chore(deps): bump requests in /service-b
  • chore(deps): bump requests in /service-c

With this release, you can configure Dependabot to consolidate updates for the same dependency into a single pull request, regardless of how many directories are affected. This’ll help reduce the number of pull requests and simplify your upgrade workflow. This configuration is especially valuable for monorepos where a single dependency bump can touch dozens of directories.

Who can use this feature

This feature is available for all github.com users and will ship in GHES 3.21.

Get started

Configure your directory groups in the dependabot.yml file in your repository. The Dependabot configuration docs can help you get started.

Join the discussion within the Dependabot Community.