Dependabot support for Gradle lockfiles is now generally available

Dependabot now supports Gradle dependency lockfiles!

What’s new

Dependabot can now read and update gradle.lockfile in addition to build.gradle.
This feature is generally available and enabled by default; no additional configuration is required.
This provides more precise dependency management for Gradle projects that rely on lockfiles for reproducible builds.

Gradle lockfiles ensure that your builds are reproducible by locking specific versions of transitive dependencies. With this update, Dependabot can now work seamlessly with projects that use this best practice, maintaining the integrity of your dependency locks while keeping your dependencies up to date.

Getting started

No additional configuration needed! If your Gradle project uses lockfiles, Dependabot will automatically detect and update them alongside your build files.

Please join the discussion to learn more or engage with the Dependabot community on the topic of Gradle lockfiles.

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

Dependabot support for Gradle lockfiles is now generally available

What’s new

Why this matters

Getting started

Related Posts

Subscribe to our developer newsletter