A GitHub CLI extension that streamlines the review and merge workflow for automated dependency update PRs.

GitHub is deprecating Dependabot comment commands on January 27, 2026 (announcement). Commands like @dependabot merge, @dependabot squash and merge, etc. will no longer work.

gh-dep will no longer support the Dependabot merge mode after v0.7.0.

• 🖥️ Interactive TUI: Full-featured terminal UI with keyboard navigation and live settings adjustment
• 📋 List dependency PRs by label/author with clean table output
• 📦 Group PRs by package@version for easier batched review
• ✅ Bulk approve all PRs for a chosen group
• 🚀 Bulk merge per group via GitHub Merge API calls (with optional CI validation)
• 🏢 Multi-repo support: Target specific repos or entire organizations
• 🔄 Works out-of-the-box with Dependabot and Renovate
• 🎨 Multiple output formats: Human-readable tables or JSON
• ⚙️ Configuration support: Save default repos and custom patterns via gh config
• 🎯 Custom patterns: Define your own PR title patterns for grouping

• GitHub CLI (gh) version 2.x or later
• Go 1.21 or later (for building from source)

gh extension install jackchuka/gh-dep

# Clone the repository
git clone https://github.com/jackchuka/gh-dep.git
cd gh-dep

# Build the extension
go build -o gh-dep

# Install as a gh extension
gh extension install .

# Launch interactive TUI for a single repo
gh dep --repo owner/app

# Or for an entire organization
gh dep --owner myorg

In the TUI, you can:

• Navigate with ↑/↓ or j/k
• Select PRs with space or a (select all)
• Toggle action mode with m (Approve → Merge → Approve & Merge)
• Adjust merge settings on-the-fly:
  • M - Toggle merge method (squash → merge → rebase)
  • c - Toggle CI checks requirement
• Search PRs with /
• Open current PR in browser with o
• Execute selected actions with x
• View help with ?

# List and group dependency PRs in a single repo
gh dep list --repo owner/app --group

# Output:
# GROUP              REPO      PR     URL
# [email protected]    app       #123   https://github.com/owner/app/pull/123
#                   api       #129   https://github.com/owner/api/pull/129
#                   web       #131   https://github.com/owner/web/pull/131
# [email protected]       app       #118   https://github.com/owner/app/pull/118
#                   api       #122   https://github.com/owner/api/pull/122

# View cached groups
gh dep groups

# Approve all PRs in a group (dry-run first)
gh dep approve --group [email protected] --dry-run

# Approve for real
gh dep approve --group [email protected]

# Merge with CI check validation (--require-checks is true by default)
gh dep merge --group [email protected] --method squash

gh dep [flags]

Launch an interactive terminal UI for managing dependency PRs with:

• Multi-select: Use space to toggle, a to select all, d to deselect all
• Navigation: ↑/↓ or j/k to move, o to open PR in browser
• Search: Press / to filter PRs by title, repo, or number
• Live Settings: Toggle execution mode and merge settings without restarting
  • m - Action mode (Approve → Merge → Approve & Merge)
  • M - Merge method (squash → merge → rebase)
  • c - CI checks requirement
• Execute: Press x to run selected actions with real-time feedback
• Help: Press ? to view all keyboard shortcuts

Flags:

• --author - PR author to filter (default: dependabot[bot], use any for all)
• --label - PR label to filter
• --review-requested - Filter PRs by review requested from user or team (e.g., @me or username)
• --archived - Include PRs from archived repositories (default: false)
• --limit - Max PRs to fetch per repo (default: 200)
• --repo / -R - Target repo(s), comma-separated
• --owner - Target all repos in an organization
• --mode - Initial execution mode: approve, merge, or approve-and-merge (default: approve)
• --merge-method - Initial merge method (default: squash)
• --require-checks - Initial CI checks setting

Examples:

# Launch TUI for a single repo
gh dep --repo owner/app

# Launch for entire organization with custom initial settings
gh dep --owner myorg --merge-method rebase

# Start in merge mode instead of approve mode
gh dep --repo owner/app --mode merge

# Start in approve-and-merge mode
gh dep --repo owner/app --mode approve-and-merge

# Filter by label
gh dep --repo owner/app --label dependencies

# Filter PRs where review is requested from you
gh dep --repo owner/app --review-requested @me

# Include PRs from archived repositories
gh dep --owner myorg --archived

gh dep list [flags]

Flags:

• --label - PR label to filter
• --author - PR author to filter (default: dependabot[bot], use any for all)
• --review-requested - Filter PRs by review requested from user or team (e.g., @me or username)
• --archived - Include PRs from archived repositories (default: false)
• --group - Group PRs by package@version and cache results
• --json - Output as JSON
• --limit - Max PRs to fetch per repo (default: 200)
• --repo / -R - Target repo(s), comma-separated (e.g., owner/repo1,owner/repo2)
• --owner - Target all repos in an organization

gh dep groups [flags]

Flags:

• --json - Output as JSON

Shows the groups from the last list --group command without fetching from GitHub.

gh dep approve --group GROUP_KEY [flags]

Flags:

• --group - Required. Group key (e.g., [email protected])
• --dry-run - Print actions without executing
• --repo / -R - Target repo(s) (uses cache if omitted)
• --org / -O - Target organization (uses cache if omitted)

gh dep merge --group GROUP_KEY [flags]

Flags:

• --group - Required. Group key (e.g., [email protected])
• --method - Merge method: merge, squash, or rebase (default: squash)
• --require-checks - Require CI checks to pass before merging
• --dry-run - Print actions without executing

Examples:

# Merge with CI validation (recommended)
gh dep merge --group [email protected] --method squash

# Dry-run merge
gh dep merge --group [email protected] --dry-run

Save default configuration to avoid passing flags every time:

# Set default repos
gh config set dep.repo "myorg/app,myorg/api,myorg/web"

# Set custom PR title patterns (comma-separated regexes with 2 capture groups: package, version)
gh config set dep.patterns "bump\s+([^\s]+)\s+from\s+[^\s]+\s+to\s+v?(\d+(?:\.\d+)?(?:\.\d+)?)"

# View current config
gh config get dep.repo

When flags are not provided, gh dep will use these defaults.

# Group across multiple repos
gh dep list --group --repo myorg/app,myorg/api,myorg/web

# Output:
# GROUP              REPO      PR     URL
# [email protected]    app       #123   https://github.com/myorg/app/pull/123
#                   app       #129   https://github.com/myorg/app/pull/129
#                   app       #131   https://github.com/myorg/app/pull/131
#                   api       #45    https://github.com/myorg/api/pull/45
# [email protected]       app       #118   https://github.com/myorg/app/pull/118
#                   app       #122   https://github.com/myorg/app/pull/122

# Approve across all repos
gh dep approve --group [email protected]

# List all dependency PRs across entire org
gh dep list --group --owner myorg

# Approve/merge org-wide
gh dep approve --group [email protected]
gh dep merge --group [email protected] --require-checks

The tool automatically parses titles from:

• Bump <pkg> from X to Y
• chore(deps): bump <pkg> from X to Y
• Update <pkg> to vY

• Update dependency <pkg> to vY
• chore(deps): update <pkg> to vY

Define your own patterns via gh config:

gh config set dep.patterns "your-pattern-here,another-pattern"

Pattern requirements:

• Must be valid regex
• Must have exactly 2 capture groups: (package) and (version)
• Multiple patterns can be comma-separated

Example custom patterns:

# Match "deps: upgrade foo to 1.2.3"
gh config set dep.patterns "deps:\s+upgrade\s+([^\s]+)\s+to\s+(\d+(?:\.\d+)?(?:\.\d+)?)"

# Match single-digit versions like "bump actions/setup-go from 5 to 6"
gh config set dep.patterns "bump\s+([^\s]+)\s+from\s+[^\s]+\s+to\s+(\d+(?:\.\d+)?(?:\.\d+)?)"

Unknown titles are grouped as unknown@unknown for manual review.

Groups are cached at:

${XDG_CACHE_HOME:-$HOME/.cache}/gh-dep/groups.json

Cache is overwritten on each list --group execution.

Default output uses GitHub CLI's table formatter for clean, aligned columns:

# Flat list
gh dep list
# Output:
# REPO                           PR     TITLE
# tailor-platform/app-shell     #112   chore(deps-dev): bump tw-animate-css from 1.2.5 to 1.4.0
# tailor-platform/app-shell     #111   chore(deps-dev): bump typescript-eslint from 8.28.0 to 8.44.1

# Grouped (single table)
gh dep list --group
# Output:
# GROUP                          REPO           PR     URL
# [email protected]          app-shell      #112   https://github.com/tailor-platform/app-shell/pull/112
# [email protected]      app-shell      #111   https://github.com/tailor-platform/app-shell/pull/111

Use --json for machine-readable output:

# Flat list as JSON array
gh dep list --json

# Grouped as JSON object
gh dep list --group --json
# Output:
# {
#   "[email protected]": [
#     {
#       "number": 112,
#       "title": "chore(deps-dev): bump tw-animate-css from 1.2.5 to 1.4.0",
#       "author": "dependabot[bot]",
#       "repo": "tailor-platform/app-shell",
#       "url": "https://github.com/tailor-platform/app-shell/pull/112"
#     }
#   ]
# }

go build -o gh-dep

go test ./...

./gh-dep --help

Contributions welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Add tests for new functionality
4. Ensure go test ./... passes
5. Submit a pull request

MIT License - see LICENSE for details.

Built with:

• GitHub CLI
• go-gh - Official GitHub CLI library and table formatter
• Cobra - CLI framework
• Bubble Tea - TUI framework
• Bubbles - TUI components
• Lipgloss - TUI styling

Made with ❤️ for dependency management automation