Skip to content

Use Renovate for automated dependency refreshes

Context and Problem Statement

We need automated dependency refreshes to keep frontend, backend, and infrastructure packages current with minimal manual effort.

Considered Options

  • Dependabot
  • Renovate

Decision Outcome

Renovate was selected.

The primary reason is that Renovate is platform agnostic, reducing vendor lock-in to GitHub. It can run across GitHub, GitLab, Gitea, Forgejo, and self-hosted setups, which better matches our long-term portability goals.

Renovate also has stronger grouping, scheduling, dashboard, and monorepo update features than Dependabot.

Consequences

  • ✅ Reduces dependency on GitHub-specific automation.
  • ✅ Supports more flexible grouping and scheduling of updates.
  • ✅ Works well across monorepos and multiple dependency ecosystems.
  • ❌ Requires configuring the Renovate app or self-hosted runner.
  • ❌ Slightly more setup and maintenance than GitHub-native Dependabot.