Skip to main content
Stop falling behind on security patches and minor version bumps. This scheduled automation runs every Monday morning, scans your repository for outdated dependencies across all your package managers, runs your test suite against the upgraded versions, and opens clean PRs — grouped by risk so you can merge the safe ones instantly and review the major bumps carefully.

Use this template

Open Weekly Dependency Updates in Devin and create the automation with the default configuration. You can customize it before saving.
Looking for a hands-on walkthrough? See the step-by-step tutorial for Weekly Dependency Updates.

What this automation does

Unlike a rigid dependabot config, the Weekly Dependency Updates template gives you full prompt-based control. Tell Devin which packages to skip, which ones need extra caution, which ones to upgrade aggressively — all in plain English, stored in Knowledge. Devin handles the testing, the changelog summaries, and any code changes needed for breaking bumps.

How it works

Trigger: Schedule eventrecurring
  • Event: schedule:recurring
    • Conditions:
      • rrule matches FREQ=WEEKLY;BYDAY=MO;BYHOUR=10;BYMINUTE=0
What Devin does: Starts a session with full event context, executes the prompt below, and (optionally) notifies you on failure.

Prerequisites

Example prompt

The template ships with this prompt. You can edit it after clicking Use template, or leave it as-is.

Setting it up

  1. Open Automations → Templates in Devin.
  2. Click Weekly Dependency Updates. The create page opens with this template pre-filled.
  3. Connect any required integrations and install MCP servers if you haven’t already.
  4. Replace any placeholder values in the trigger conditions (for example, swap your-org/your-repo for your actual repo).
  5. Review the prompt and adjust it for your team’s language, conventions, and guardrails.
  6. Click Create automation.
Most automation templates include suggested ACU and invocation limits to bound cost during early rollout. Keep them as-is until you’re confident in the automation’s behavior, then raise them to fit your workload.

When to use this template

  • Teams that have given up on staying current because dependabot is too noisy
  • Monorepos where a single upgrade can affect a dozen packages
  • Security-sensitive projects that need proactive vulnerability patching
  • Keeping long-lived legacy services on supported runtime versions

Customization ideas

  • Split frontend and backend into separate schedules for focused PRs
  • Add Knowledge entries that pin specific packages (e.g. “don’t upgrade react past v18”)
  • Swap the schedule (daily, biweekly, monthly)
  • Chain with your existing CI for full regression coverage

See also