52% of developers said they find it painful to update your dependencies and more time building. Dependabot version updates are in public beta and you can start using them today. Version updates regularly update all the packages used by your repository, even if they dont have any known vulnerabilities. GitHub watches the National Vulnerability Database and other sources for vulnerabilities in open source packages. If a vulnerability in a package you depend on, it sends you an alert, it also sends a pull request to update the closest non-vulnerable version.”]
Source: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/