I’ve used this awesome tool on 20 open-source projects over the last two years. Here’s my opinion
Press enter or click to view image in full size
Typical problems Dependabot solves range from updating direct upstream dependencies when they get a patch release to propagating the security vulnerabilities your upstream projects have already fixed. If you have minimal time and don’t have a whole team of people to manage dependencies, Dependabot is a solution for you.
If you have more than 10–20 dependencies in a project with more than 30–50 thousand lines of code, you must take open-source dependencies seriously. Taking them seriously is also proportional to the number of repositories you have.
But disregard that last line: you must take open-source dependencies seriously, no matter what. If you want to read my detailed opinion about it, please read the following article: