GitHubSimplified Dependency Management for Monorepos
Dependabot has introduced a new grouping capability that reduces pull request clutter when managing dependencies across multiple directories in a single repository. Previously, when a dependency needed updating in multiple locations—such as in a monorepo structure—Dependabot would generate a separate pull request for each directory.
What Changed
Before: Upgrading a single dependency like requests across three directories would produce three individual pull requests:
chore(deps): bump requests in /service-achore(deps): bump requests in /service-bchore(deps): bump requests in /service-c
Now: You can configure Dependabot to consolidate all updates for the same dependency into a single pull request, regardless of how many directories are affected.
Key Benefits
- Reduced PR volume: Dramatically cuts down the number of pull requests in repositories with complex directory structures
- Simplified workflows: Makes it easier to review and merge dependency upgrades
- Monorepo-friendly: Particularly valuable for large monorepos where a single dependency bump can touch dozens of directories
Getting Started
Configure directory groups in your repository's dependabot.yml file using the updated grouping options. Refer to the Dependabot configuration documentation for implementation details.
This feature is available for all github.com users and will be included in GitHub Enterprise Server (GHES) 3.21.