Setup dependabot in Github repo

Use dependabot and github actions to update packages in your project.

To setup dependabot, first go to Settings > Security & Analysis > Dependabot security updates

Next go to Insights > Dependency graph > Dependabot

dependabot.yaml file for scanning npm packages. Document for setting up dependabot.yaml file

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"

Resources

• https://phuctm97.com/blog/how-to-use-dependabot