|
1 | | -The following table shows, for each package manager, whether {% data variables.product.prodname_dependabot %} supports: dependencies in private {% data variables.product.prodname_dotcom %} repositories, and vendored dependencies. |
2 | | - |
3 | | -Package manager | Private {% data variables.product.prodname_dotcom %} repositories | Vendoring |
4 | | ---- | :---:| :---: |
5 | | -Bundler: `bundler` | | **✓** | |
6 | | -Cargo: `cargo` | **✓** | | |
7 | | -Composer: `composer` | **✓** | | |
8 | | -Docker: `docker` | **✓** | | |
9 | | -Elixir: `hex` | | | |
10 | | -Elm: `elm` | **✓** | | |
11 | | -git submodule: `gitsubmodule` | **✓** | | |
12 | | -GitHub Actions: `github-actions` | **✓** | | |
13 | | -Go modules: `gomod` | **✓** | **✓** | |
14 | | -Gradle: `gradle` | **✓** | | |
15 | | -Maven: `maven` | **✓** | | |
16 | | -Mix: `mix` | **✓** | | |
17 | | -npm: `npm` | **✓** | | |
18 | | -NuGet: `nuget` | **✓** | | |
19 | | -pip: `pip` | | | |
20 | | -Terraform: `terraform` | **✓** | | |
21 | | - |
22 | | -{% note %} |
23 | | - |
24 | | -**Note**: {% data variables.product.prodname_dependabot %} also supports the following package managers: |
25 | | - |
26 | | --`yarn` (v1 only) (specify `npm`) |
27 | | - |
28 | | --`.gradle.kts` files, for Kotlin projects (specify `gradle`) |
29 | | - |
30 | | --`pipenv`, `pip-compile`, and `poetry` (specify `pip`) |
31 | | - |
32 | | -For example, if you use `poetry` to manage your Python dependencies and want {% data variables.product.prodname_dependabot %} to monitor your dependency manifest file for new versions, use `package-ecosystem: "pip"` in your *dependabot.yml* file. |
33 | | - |
34 | | -{% endnote %} |
| 1 | +The following table shows, for each package manager: |
| 2 | +- The YAML value to use in the *dependabot.yml* file |
| 3 | +- The supported versions of the package manager |
| 4 | +- Whether dependencies in private {% data variables.product.prodname_dotcom %} repositories are supported |
| 5 | +- Whether vendored dependencies are supported |
| 6 | + |
| 7 | +Package manager | YAML value | Supported versions | Private repositories | Vendoring |
| 8 | +--- | --- | --- |:---:|:---: |
| 9 | +Bundler | `bundler` | v1 | | **✓** | |
| 10 | +Cargo | `cargo` | v1 | **✓** | | |
| 11 | +Composer | `composer` | v1,v2 | **✓** | | |
| 12 | +Docker | `docker` | v1 | **✓** | | |
| 13 | +Elixir | `mix` | v1 | **✓** | | |
| 14 | +Elm | `elm` | v0.18, v0.19 | **✓** | | |
| 15 | +git submodule | `gitsubmodule` | N/A (no version) | **✓** | | |
| 16 | +GitHub Actions | `github-actions` | N/A (no version) | **✓** | | |
| 17 | +Go modules | `gomod` | v1 | **✓** | **✓** | |
| 18 | +Gradle | `gradle` | see (A) below | **✓** | | |
| 19 | +Maven | `maven` | see (B) below | **✓** | | |
| 20 | +npm | `npm` | v6 | **✓** | | |
| 21 | +NuGet | `nuget` | <= 4.8.</br>see (C) below | **✓** | | |
| 22 | +pip | `pip` | v20 | | | |
| 23 | +pipenv | `pip` | <= 2018.11.26 | | | |
| 24 | +pip-compile | `pip` | 5.5.0 | | | |
| 25 | +poetry | `pip` | v1 | | | |
| 26 | +Terraform | `terraform` | <= 0.11 | **✓** | | |
| 27 | +yarn | `npm` | v1 | | | |
| 28 | + |
| 29 | +(A) {% data variables.product.prodname_dependabot %} doesn't run Gradle but supports updates to the following files: `build.gradle` and `build.gradle.kts` (for Kotlin projects). |
| 30 | + |
| 31 | +(B) {% data variables.product.prodname_dependabot %} doesn't run Maven but supports updates to `pom.xml` files. |
| 32 | + |
| 33 | +(C) {% data variables.product.prodname_dependabot %} doesn't run the NuGet CLI but does support most features up until version 4.8. |
| 34 | + |
| 35 | +For package managers such as `pipenv` and `poetry`, you need to use the `pip` YAML value. For example, if you use `poetry` to manage your Python dependencies and want {% data variables.product.prodname_dependabot %} to monitor your dependency manifest file for new versions, use `package-ecosystem: "pip"` in your *dependabot.yml* file. |
0 commit comments