Skip to content

fix dependabot python package manager versions#43699

Merged
Sharra-writes merged 9 commits intogithub:mainfrom
djbrown:main
Apr 14, 2026
Merged

fix dependabot python package manager versions#43699
Sharra-writes merged 9 commits intogithub:mainfrom
djbrown:main

Conversation

@djbrown
Copy link
Copy Markdown
Contributor

@djbrown djbrown commented Apr 6, 2026
edited
Loading

Why:

align versions to actual source of dependabot:
https://github.com/dependabot/dependabot-core/blob/main/python/helpers/requirements.txt

fixes #43697

What's being changed (if available, include any code snippets, screenshots, or gifs):

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the review environment.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Apr 6, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 6, 2026
edited
Loading

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source Review Production What Changed
code-security/reference/supply-chain-security/dependabot-options-reference.md fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
code-security/reference/supply-chain-security/supported-ecosystems-and-repositories.md fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
from reusable

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

@Sharra-writes Sharra-writes added content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot and removed triage Do not begin working on this issue until triaged by the team labels Apr 9, 2026
@Sharra-writes
Copy link
Copy Markdown
Contributor

Sharra-writes commented Apr 9, 2026

@djbrown I've asked the Dependabot team if they have any objections, and I'll let you know when they get back to me.

Copilot AI mentioned this pull request Apr 9, 2026
Draft
@kbukum1 kbukum1 self-requested a review April 9, 2026 21:36
kbukum1
kbukum1 reviewed Apr 9, 2026
View reviewed changes
content/code-security/reference/supply-chain-security/dependabot-options-reference.md Outdated
Comment on lines +545 to +547
| pip | `pip` | 24.2 |
| pip-compile | `pip` | 7.4.1 |
| pipenv | `pip` | <= 2024.4.1 |
| pipenv | `pip` | 2024.4.1 |
Copy link
Copy Markdown
Contributor

@kbukum1 kbukum1 Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| pip | `pip` | 24.2 |
| pip-compile | `pip` | 7.4.1 |
| pipenv | `pip` | <= 2024.4.1 |
| pipenv | `pip` | 2024.4.1 |
| pip | `pip` | 24.2 |
| pip-compile | `pip` | 7.5.3 |
| pipenv | `pip` | <= 2024.4.1 |

kbukum1
kbukum1 reviewed Apr 9, 2026
View reviewed changes
kbukum1
kbukum1 previously requested changes Apr 9, 2026
View reviewed changes
@djbrown djbrown requested a review from kbukum1 April 12, 2026 10:32
@djbrown djbrown mentioned this pull request Apr 12, 2026
Open
1 task
@Sharra-writes Sharra-writes dismissed kbukum1’s stale review April 14, 2026 22:49

The UI wasn't allowing the changes to be made to multiple lines, but we were able to make them line by line, so that was what we did. All the requested changes were incorporated, just not via the review comments.

@Sharra-writes Sharra-writes added this pull request to the merge queue Apr 14, 2026
Merged via the queue into github:main with commit abb8578 Apr 14, 2026
40 checks passed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 14, 2026

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jc-clark jc-clark jc-clark left review comments

@Sharra-writes Sharra-writes Sharra-writes approved these changes

@kbukum1 kbukum1 Awaiting requested review from kbukum1

Assignees

No one assigned

Labels

content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Outdated dependabot python package manager versions

5 participants

@djbrown @Sharra-writes @jc-clark @DewDropstempest @kbukum1