Regain control over
your dependencies

We believe doing small, easy to assess updates regularly and supported by automation is the best way for busy teams to keep their apps up-to-date.

Proud that these great companies rely on Depfu to keep their apps up-to-date
"Absolutely loving Depfu. When managing quite a few repos across Baremetrics, it really helps keep on top of updates and security patches."
Scott Robertson — Software Engineer, Baremetrics
"Before I was always running bundle outdated first thing in the morning, but it was up to me to actually remember. With Depfu I wake up to PRs that I can act on right away."
Robin Mehner — Freelance Developer

A lightweight process for updating
dependencies that actually works

Get notified about new versions right where you work — with a pull request

The number of open PRs is limited and Depfu adapts to your pace so we never overwhelm you or your CI system with updates.

By default we send one PR per new version, but you can also get weekly or monthly PRs updating several dependencies at once.


Updating becomes part of your day-to-day workflow — instead of a boring, easily forgotten task.

The PR has all the info you need to make an informed decision about a dependency update

We collect everything from security advisories, release notes to all commits for that version. We even parse the changelog to extract the details of a single version.

Together with your build status, you can easily judge the risk of that update.


The vast majority of updates can be done by just clicking that merge button — you stay in control.

Depfu figures out the minimum number of updates you need to keep you reasonably up-to-date

There is no value in being on all the latest versions, you just want your dependencies to stay current. It's called bleeding edge for a reason.

The Depfu scheduler "matures" new versions depending on the library's past release frequency instead of opening a PR right away.


This reduces the number of PRs per week compared to sending you every new version by roughly 50% — sometimes more, sometimes less.

Does this sound familiar?

  • Your process for dependency updates is “whenever someone on the team has some extra time”.
  • You're a bit behind and would have to update a lot of things at the same time if there is a security vulnerability in one of your dependencies.
  • Upgrading dependencies is too easily ignored over more visible work — it's a pretty boring and thankless job.

Depfu's continuous updates keep your
app secure and maintainable

  • Doing small, easy to assess updates continuously is a lot easier than falling behind and having to update a big batch at once.
  • Depfu notifies you about security releases and ensures you are able to apply and deploy them as quickly as possible.
  • We help you bring even really out-of-date apps slowly up to speed. At your own pace, without overwhelming you with PRs.

Ready to get started?

All plans start with a 21-day free trial

Or read more
about the details

"Depfu is a great tool that helps you to reduce the stress of periodically checking dependency updates, with the risk to miss important releases. It definitely reduced the time we spend on maintenance at dnsimple."
Simone Carletti
CTO, dnsimple