Skip to content

fix dependabot python package manager versions#43699

Open
djbrown wants to merge 2 commits intogithub:mainfrom
djbrown:main
Open

fix dependabot python package manager versions#43699
djbrown wants to merge 2 commits intogithub:mainfrom
djbrown:main

Conversation

@djbrown
Copy link
Copy Markdown
Contributor

@djbrown djbrown commented Apr 6, 2026
edited
Loading

Why:

align versions to actual source of dependabot:
https://github.com/dependabot/dependabot-core/blob/main/python/helpers/requirements.txt

fixes #43697

What's being changed (if available, include any code snippets, screenshots, or gifs):

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the review environment.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Apr 6, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 6, 2026
edited
Loading

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source Review Production What Changed
code-security/reference/supply-chain-security/dependabot-options-reference.md fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
code-security/reference/supply-chain-security/supported-ecosystems-and-repositories.md fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
from reusable

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

@Sharra-writes Sharra-writes added content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot and removed triage Do not begin working on this issue until triaged by the team labels Apr 9, 2026
@Sharra-writes
Copy link
Copy Markdown
Contributor

Sharra-writes commented Apr 9, 2026

@djbrown I've asked the Dependabot team if they have any objections, and I'll let you know when they get back to me.

Copilot AI mentioned this pull request Apr 9, 2026
Draft
@kbukum1 kbukum1 self-requested a review April 9, 2026 21:36
kbukum1
kbukum1 reviewed Apr 9, 2026
View reviewed changes
content/code-security/reference/supply-chain-security/dependabot-options-reference.md
Comment on lines +545 to +547
| pip | `pip` | 24.2 |
| pip-compile | `pip` | 7.4.1 |
| pipenv | `pip` | <= 2024.4.1 |
| pipenv | `pip` | 2024.4.1 |
Copy link
Copy Markdown
Contributor

@kbukum1 kbukum1 Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| pip | `pip` | 24.2 |
| pip-compile | `pip` | 7.4.1 |
| pipenv | `pip` | <= 2024.4.1 |
| pipenv | `pip` | 2024.4.1 |
| pip | `pip` | 24.2 |
| pip-compile | `pip` | 7.5.3 |
| pipenv | `pip` | <= 2024.4.1 |

kbukum1
kbukum1 reviewed Apr 9, 2026
View reviewed changes
@Sharra-writes @kbukum1
Apply suggestion from @kbukum1
0e5c1d7 
Co-authored-by: kbukum1 <kbukum1@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbukum1 kbukum1 kbukum1 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Outdated dependabot python package manager versions

3 participants

@djbrown @Sharra-writes @kbukum1