Renovate and Depandabot are both automated dependency update tools. They can help us to maintain projects and keep projects healthy.
Comparison
Supported package managers
Although Renovate and Depandabot supported many package managers, based on my experience, Renovate is more comprehensive than Dependabot, for example, until 2023-05-01, Dependabot still doesn't support pnpm, it's in WIP status, you can know furthermore in this issue and PR.
Group updates
Renovate support group updates, which means that it offers more flexible control package upgrades. This is a very important feature, for example, when I developing a CDK Construct, aws-cdk-lib package and @aws-cdk prefix for the packages needs to be the same version, which means they also need to upgrade to the same version. If you don't do that, it maybe will not pass your CI pipeline. At Renovate, you can configure it with the following group rules.
{
"packageRules": [
{
"groupName": "AWS CDK",
"groupSlug": "awscdk",
"matchPackageNames": [
"constructs",
"aws-cdk-lib"
],
"matchPackagePrefixes": [
"@aws-cdk/"
],
"ignoreUnstable": false
}
]
}
You can know Renovate furthermore with its documentation. On the other hand, until 2023-05-01, Denpdabot still doesn't support group updates. You can know more about the following issues.
Conclusion
The comparison items above are the situation I faced during the development process. Renovate can solve them very well, but Dependabot can't. That's why I strongly recommended you use Renovate instead of Dependabot. I believe that Dependabot will solve them in the future, but that's the future thing, I have to use these features right now.