Skip to content

Correct Dependabot Python package manager versions in docs tables (pipenv constraint + pip-compile)#43769

Draft
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-dependabot-docs-pip-versions
Draft

Correct Dependabot Python package manager versions in docs tables (pipenv constraint + pip-compile)#43769
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-dependabot-docs-pip-versions

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 9, 2026
edited
Loading

This updates the docs to align Python package manager versions with Dependabot’s current source of truth and corrects regressions from the prior update. Specifically, it restores the <= pipenv constraint and updates pip-compile where it was previously missed.

  • dependabot-options-reference.md (package-ecosystem table)

    • Updated pip from v24.224.2
    • Updated pip-compile from 7.4.17.5.3
    • Preserved pipenv as <= 2024.4.1 (did not remove <=)
    • Updated poetry from v22.2.1
    • Left pnpm unchanged

  • supported-package-managers.md (reusable package managers table)

    • Updated pip from v21.1.224.2
    • Updated pipenv from <= 2021-05-29<= 2024.4.1 (preserving <=)
    • Updated pip-compile from 6.1.07.5.3
    • Updated poetry from v12.2.1
    • Kept all non-version columns unchanged

  • Example of corrected rows

    | pip         | `pip` | 24.2        |
| pip-compile | `pip` | 7.5.3       |
| pipenv      | `pip` | <= 2024.4.1 |
| poetry      | `pip` | 2.2.1       |
Original prompt

Context

This is a corrective fix for PR #43699 which updates the dependabot Python package manager versions in the docs to match the actual source of truth at https://github.com/dependabot/dependabot-core/blob/main/python/helpers/requirements.txt

The source of truth (requirements.txt) contains:

pip==24.2
pip-tools==7.5.3
pipenv==2024.4.1
poetry==2.2.1

PR #43699 had two issues:

  1. It accidentally removed the <= prefix from pipenv in dependabot-options-reference.md
  2. It did not update pip-compile (which uses pip-tools) at all

Changes required

File 1: content/code-security/reference/supply-chain-security/dependabot-options-reference.md

In the package-ecosystem table (around lines 572-576 on main), update the following rows:

Current (on main):

| pip| `pip`            | v24.2          |
| pip-compile | `pip`            | 7.4.1            |
| pipenv         | `pip`            | <= 2024.4.1    |
| pnpm   | `npm`            | v7, v8 <br>v9, v10 (version updates only)    |
| poetry         | `pip`            | v2               |

Should become:

| pip         | `pip`            | 24.2             |
| pip-compile | `pip`            | 7.5.3            |
| pipenv      | `pip`            | <= 2024.4.1      |
| pnpm   | `npm`            | v7, v8 <br>v9, v10 (version updates only)    |
| poetry      | `pip`            | 2.2.1            |

Key points for this file:

  • pip: Remove v prefix from version, change v24.2 to 24.2
  • pip-compile: Update version from 7.4.1 to 7.5.3
  • pipenv: KEEP the <= prefix. The version <= 2024.4.1 is already correct on main. Do NOT remove <=.
  • poetry: Update from v2 to 2.2.1
  • Do NOT change the pnpm row

File 2: data/reusables/dependabot/supported-package-managers.md

In the package managers table (around lines 41-45 on main), update the following rows:

Current (on main):

[pip](#pip-and-pip-compile) | `pip`            | v21.1.2          | ...
pipenv         | `pip`            | <= 2021-05-29    | ...
[pip-compile](#pip-and-pip-compile) | `pip`            | 6.1.0            | ...

and

poetry         | `pip`            | v1               | ...

Should become:

[pip](#pip-and-pip-compile) | `pip`            | 24.2             | ...
pipenv         | `pip`            | <= 2024.4.1      | ...
[pip-compile](#pip-and-pip-compile) | `pip`            | 7.5.3            | ...

and

poetry         | `pip`            | 2.2.1            | ...

Key points for this file:

  • pip: Change v21.1.2 to 24.2
  • pipenv: Change <= 2021-05-29 to <= 2024.4.1 (keep the <= prefix!)
  • pip-compile: Change 6.1.0 to 7.5.3
  • poetry: Change v1 to 2.2.1
  • Do NOT change any other columns in these rows (the octicon check/x columns must stay the same)

Important notes

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Help me review and confirm the pull request by checking the code ? @github/docs/pull/43699

Assistant:

I'll start by loading the PR review abilities and then gather information about this pull request.

Assistant: Now let me verify the claimed versions against the actual source of truth in dependabot-core:

Assistant: Now I have all the data I need. Let me verify the version claims against the source of truth.

PR Review: fix dependabot python package manager versions

Summary
Author @djbrown (Contributor)
State Open, not draft
Fixes #43697 — "Outdated dependabot python package manager versions"
Files changed 2 (+6, −6)
Reviews None yet
CI All checks passing ✅
Mergeable Yes (blocked — awaiting review)
Risk 🟢 Low — content-only version number corrections

A GitHub staff member (@Sharra-writes) has commented that they've asked the Dependabot team for feedback and is waiting on a response.

Core Changes — Version Accuracy Verification

The PR updates Python-related package manager versions in the docs to match the actual versions defined in dependabot/dependabot-core/python/helpers/requirements.txt.

I verified the source of truth. Here is the comparison:

Package Old (docs) New (PR) Actual (requirements.txt) ✅/⚠️
pip v24.2 / v21.1.2 24.2 pip==24.2 ✅ Match...

This pull request was created from Copilot chat.

Copilot AI changed the title [WIP] Fix pipenv and pip-tools versions in dependabot options reference Correct Dependabot Python package manager versions in docs tables (pipenv constraint + pip-compile) Apr 9, 2026
Copilot AI requested a review from kbukum1 April 9, 2026 21:40
@e7457166-a11y
Copy link
Copy Markdown

e7457166-a11y commented May 3, 2026

https://github.com/e7457166-a11y

@e7457166-a11y
Copy link
Copy Markdown

e7457166-a11y commented May 3, 2026

github-mcp-server --toolsets repos,issues,pull_requests

awarraich463-code
awarraich463-code reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown

@awarraich463-code awarraich463-code left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

About GitHub Importer

If your source code is stored on another Git-based hosting service, you can move the code to GitHub.com using GitHub Importer.

About GitHub Importer

GitHub Importer is a tool that quickly imports Git repositories from other hosting services to GitHub.com.

To get started with GitHub Importer, see Importing a repository with GitHub Importer.

Capabilities and limitations of GitHub Importer

  • GitHub Importer imports the source code and commit history of a repository. It does not import other associated data from the hosting service, such as issues and pull requests.
  • GitHub Importer is only available on GitHub.com.
  • During an import, you can authenticate with your remote repository. The repository must be accessible from the public internet. If the repository is hosted on a private network, GitHub Importer won't be able to access it.
  • GitHub Importer does not support repositories that use version control systems other than Git, such as Mercurial, Subversion, or Team Foundation Version Control (TFVC). For more information about alternatives to GitHub Importer, see About source code imports using the command line.
  • Repositories and individual files on GitHub are subject to size limits. For more information, see About large files on GitHub.
  • GitHub Importer does not move Git Large File Storage (LFS) objects from the source repository to the target repository. If you use Git LFS, you will need to either convert the Git LFS objects to regular files tracked by Git before running the migration, or move the Git LFS objects to the new repository separately after running the migration.

Further reading

Mac90lv
Mac90lv reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown

@Mac90lv Mac90lv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greaat

This was referenced May 8, 2026
Open
Open
Open
e7457166-a11y
e7457166-a11y reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@e7457166-a11y e7457166-a11y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e7457166@gmail.com

otsvikash343-prog
otsvikash343-prog reviewed May 16, 2026
View reviewed changes
Copy link
Copy Markdown

@otsvikash343-prog otsvikash343-prog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@e7457166-a11y
Copy link
Copy Markdown

e7457166-a11y commented May 17, 2026

Done

JAR

@e7457166-a11y
Copy link
Copy Markdown

e7457166-a11y commented May 18, 2026

No description provided.

e7457166-a11y
e7457166-a11y reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown

@e7457166-a11y e7457166-a11y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8.8.8.8:7/Google

e7457166-a11y
e7457166-a11y reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown

@e7457166-a11y e7457166-a11y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ebrahim

@e7457166-a11y
Copy link
Copy Markdown

e7457166-a11y commented May 21, 2026

8.8.8.8:7/Google

@adekhibek-cmyk
Copy link
Copy Markdown

adekhibek-cmyk commented May 24, 2026

Uploading .trashed-1781981063-DOC-20251210-WA0041..pdf…

@adekhibek-cmyk
Copy link
Copy Markdown

adekhibek-cmyk commented May 24, 2026

Plans for GitHub Copilot

Learn about the available plans for Copilot.

[!IMPORTANT] Starting June 1, 2026, GitHub is moving Copilot from request-based billing to usage-based billing. See Usage-based billing for organizations and enterprises and Usage-based billing for individuals.

Important

  • Starting April 20, 2026, new sign-ups for Copilot Pro, Copilot Pro+, and student plans are temporarily paused.
  • Starting April 22, 2026, new self-serve sign-ups for Copilot Business for organizations on GitHub Free and GitHub Team plans are temporarily paused.

GitHub offers several plans for GitHub Copilot, depending on your needs and whether you're using Copilot as an individual or as part of an organization or enterprise.

  • GitHub Copilot Free is available to individual developers who don't have access to Copilot through an organization or enterprise. This free plan includes limited access to select Copilot features, allowing you to try AI-powered coding assistance at no cost.

  • GitHub Copilot Student is available to verified students. The plan includes unlimited completions, access to premium models in Copilot Chat, access to Copilot cloud agent, and a monthly allowance of premium requests.

  • GitHub Copilot Pro is designed for individuals who want more flexibility. This paid plan includes unlimited completions, access to premium models in Copilot Chat, access to Copilot cloud agent, and a monthly allowance of premium requests. Verified teachers, and maintainers of popular open source projects may be eligible for free access.

  • GitHub Copilot Pro+ includes, in addition to everything in Copilot Pro, a larger allowance of premium requests, and full access to all available models in Copilot Chat. Ideal for AI power users who want access to the most advanced capabilities.

  • GitHub Copilot Business is for organizations on GitHub Free or GitHub Team plan, or enterprises on GitHub Enterprise Cloud. This plan includes Copilot cloud agent and enables centralized management and Copilot policy control for organization members.

  • GitHub Copilot Enterprise is for enterprises using GitHub Enterprise Cloud. It includes all the features of Copilot Business, plus additional enterprise-grade capabilities. Enterprise owners can assign Copilot Enterprise or Copilot Business to individual organizations, or assign Copilot Business directly to users and teams.

Copilot is not currently available for GitHub Enterprise Server.

Comparing Copilot plans

The tables below show the features available in each Copilot plan.

Copilot Free Copilot Student Copilot Pro Copilot Pro+ Copilot Business Copilot Enterprise
Pricing Not applicable Free $10 USD per month
(free for some users)		 $39 USD per month
 $19 USD per granted seat per month $39 USD per granted seat per month
Premium requests 50 per month 300 per month 300 per month 1500 per month 300 per user per month 1000 per user per month
Purchase additional premium requests at $0.04/request

Agents

Agents Copilot Free Copilot Student Copilot Pro Copilot Pro+ Copilot Business Copilot Enterprise
Copilot cloud agent
Agent mode
Copilot code review Only "Review selection" in VS Code
Model Context Protocol (MCP)
Third-party Agents (public preview)

Chat

Chat Copilot Free Copilot Student Copilot Pro Copilot Pro+ Copilot Business Copilot Enterprise
Copilot Chat in IDEs1 2 50 messages per month Unlimited with included models Unlimited with included models Unlimited with included models Unlimited with included models Unlimited with included models
Inline chat
Slash commands
Copilot Chat in GitHub Mobile
Copilot Chat in GitHub
Copilot Chat in Windows Terminal
Increased GitHub Models rate limits3
Copilot Chat skills in IDEs4

Models

[!NOTE] For Copilot Student, GPT-5.3-Codex is not available in the model picker, but remains available through auto model selection.

Available models in chat Copilot Free Copilot Student Copilot Pro Copilot Pro+ Copilot Business Copilot Enterprise

Inline suggestions

Inline suggestions Copilot Free Copilot Student Copilot Pro Copilot Pro+ Copilot Business Copilot Enterprise
Real-time code suggestions with included models5 2000 completions per month
Next edit suggestions

Customization

Customization Copilot Free Copilot Student Copilot Pro Copilot Pro+ Copilot Business Copilot Enterprise
Repository and personal custom instructions
Organization custom instructions
Prompt files
Model Context Protocol (MCP)
Block suggestions matching public code
Exclude specified files from Copilot
Organization-wide policy management

Other features

Copilot Free Copilot Student Copilot Pro Copilot Pro+ Copilot Business Copilot Enterprise
Copilot pull request summaries
Audit logs
Content exclusion
Copilot CLI
GitHub Spark (public preview)

For more information, see GitHub Copilot features.

Ready to choose a plan?

Start using Copilot by signing up for the plan that best fits your needs.

Important

  • Starting April 20, 2026, new sign-ups for Copilot Pro, Copilot Pro+, and student plans are temporarily paused.
  • Starting April 22, 2026, new self-serve sign-ups for Copilot Business for organizations on GitHub Free and GitHub Team plans are temporarily paused.

Footnotes

  1. Copilot Chat in IDEs is available in Visual Studio Code, Visual Studio, JetBrains IDEs, Eclipse, and Xcode.

  2. Response times may vary during periods of high usage.

  3. For details about the increased rate limits, see Prototyping with AI models.

  4. Copilot Chat skills in IDEs is available in Visual Studio Code and Visual Studio.

  5. Inline suggestions in IDEs is available in Visual Studio Code, Visual Studio, JetBrains IDEs, Azure Data Studio, Xcode, Vim/Neovim, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbukum1 kbukum1 Awaiting requested review from kbukum1

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

4 more reviewers

@Mac90lv Mac90lv Mac90lv left review comments

@awarraich463-code awarraich463-code awarraich463-code left review comments

@e7457166-a11y e7457166-a11y e7457166-a11y left review comments

@otsvikash343-prog otsvikash343-prog otsvikash343-prog left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@kbukum1 kbukum1

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@e7457166-a11y @adekhibek-cmyk @Mac90lv @awarraich463-code @otsvikash343-prog @kbukum1