Dependabot, a tool designed to keep dependencies free of vulnerabilities and up-to-date, has expanded its capabilities to include updates for private dependencies. Previously limited to public libraries, Dependabot can now access private package registries and GitHub repositories, thanks to new features allowing authentication via access tokens or secrets stored in repositories. This update ensures that internal libraries and design systems remain current and secure, similar to public dependencies. For ecosystems like npm and go modules, where dependencies may come directly from private GitHub repositories, users can grant Dependabot access to these resources. Furthermore, users of Dependabot Preview who have faced migration challenges can now transition smoothly to GitHub Dependabot by transferring their secrets and initiating a pull request from the dashboard. The tool continues to evolve, offering ecosystem updates and less intrusive notifications, with its development being tracked on a public roadmap.