I particularly like its ability to synchronize updates to packages across ecosystems. You can sync a tool's version in Docker, mise, and GHA, for example. You can run arbitrary post-upgrade tasks.

The bigger concern is that you're effectively letting them (shallow) clone your repo. I prefer to self-host but that's not anywhere near as quick/easy as clicking the "integrate with GitHub" button.

> Second question: could you expand a little bit on why you like renovate better than dependabot?

They both do the same thing in about the same way... Dependabot is meant to be run at _massive_ scale across all of github so it has good support for the basic / common places people pin versions. It is quite slow to get support for newer conventions that are not ubiquitous across all of github. Easy example: k8s manifests where you might have "use $thisVersion of HelmChart" buried somewhere in yaml instead of in a clear-cut place like `requirements.txt`

Renovate has optional web UI and can be integrated with GitHub as an "app" for some interactive features but that's not worth the setup for small scale.

Renovate is _much_ more robust / the number of $things that it can detect and is a lot more extensible; as mentioned elsewhere in this thread, the regex feature is delightful. It's a pain to debug, but once you grock it / figure out how the custom regex stuff works, it's really nice.

I have more than a few scripts where the only versioned dependency is embedded in some URL:

``` wget http://github.com/some-repo/releases/v1.2.3/the-tool.tar.gz ```

And after a bit of regex work, renovate now knows to check that repos release page for updated versions and when it finds one, it updates the URL and pings me with a PR.

Before I joined Mend to work on Renovate, I wrote https://news.ycombinator.com/item?id=40011111 which goes into some ways I found Renovate better than Dependabot, and it still very much holds true (although I'm a little more biased now!)

You can also check out https://docs.renovatebot.com/bot-comparison/ for a high level comparison between the two

Re costs / why giving things away for free - @rarkins (Rhys Arkins, who created Renovate) has worked very hard over the years to give as much good stuff away to the community, and make it more straightforward for folks to run Renovate

The core (Mend Renovate CLI (AGPL-3.0-only)) is free to use and run as you want, and many folks do - it's very flexible and scales well as-is

But if you want things like real-time webhook processing of "rebase this PR" (and/or a few other features) then Mend Renovate Self-Hosted Community (commercial-but-free) Edition is a nice packaging and layer on top of the CLI for that

Running the CLI itself on a schedule against your repos is also absolutely viable as a solution, and we have many users who do that and are super happy with it