I want to keep all the dependencies in the repo up to date.

AFAIK, I have two options: Dependabot and Renovatebot.

The package manager I’m using is uv, so the first step is to check whether both tools support it.

As per https://docs.astral.sh/uv/guides/integration/dependency-bots/, as of 2025/12/10:

uv is supported by Renovate.

Dependabot has announced support for uv, but there are some use cases that are not yet working.

These issues of dependabot with uv remain open:

Based on that, Renovate is the better choice for now.

Another advantage of Renovate is its flexibility: Dependabot is GitHub specific, while Renovate supports Github, Gitlab, and Bitbucket, and can also be self-hosted.

I installed the app just for the repo in question.

Since I’m using uv, I had to enable lock file maintenance by adding a commit in the Onboarding PR.

Afterward, Renovate started creating PRs like this one.

I also wanted to observe how Renovate reacts when I push commits to one of its PRs, so I used this PR to test that behavior.

Given that I already had tests that run in the PRs, it was easy and quick to verify that the changes were correct and working.

Resources