Recipe
Recipe: Dependabot config writer
Generate a production-grade .github/dependabot.yml tuned for your stack, cadence, and open-pull-request limits.
What you get
- Multi-ecosystem grouping (npm, pip, cargo, gomod, docker, github-actions)
- Configurable schedule interval and timezone
- Open-PR cap with automatic rebase strategy
- Custom labels, assignees, and reviewers per package-ecosystem
- Versioning-strategy selection (increase, increase-if-necessary, lockfile-only)
Quick start
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
timezone: "America/Chicago"
open-pull-requests-limit: 10
versioning-strategy: increase
labels:
- "dependencies"
- "npm"Paste into .github/dependabot.yml and enable Dependabot in your repo settings.
Advanced: multi-ecosystem
updates:
- package-ecosystem: "npm"
directory: "/frontend"
schedule:
interval: "daily"
open-pull-requests-limit: 5
- package-ecosystem: "pip"
directory: "/backend"
schedule:
interval: "weekly"
open-pull-requests-limit: 3
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"Meridian auto-generates this config from your repo scan. Try it now