PatchPilot

PatchPilot is an open-source web app + GitHub App that automates dependency updates without the usual chaos. Instead of blindly bumping versions, it runs your test suite in ephemeral containers, applies minimal version changes, and only opens a PR when it can prove the update is safe. When tests fail, it attaches a concise failure report and a reproducible container command so maintainers can debug quickly. It also groups related updates (e.g., all ESLint plugins) to reduce PR spam, respects your release cadence, and supports monorepos. The project is designed to be self-hosted for privacy-conscious orgs and to avoid vendor lock-in. A lightweight rules engine lets maintainers define “never update” packages, allowed semver ranges, and security-only modes. The goal is fewer broken PRs, less maintainer burnout, and faster patching of known vulnerabilities.