Helping dependabot and github detect python dependencies

I wonder if packaging folks around here can give few hints to dependabot team regarding how to improve their currently ancient approach on detecting dependencies of a python repository.

Current status is quite bad as it fails to detect any dependency declared in setup.cfg but they have a https://github.com/dependabot/dependabot-core/pull/2281/files to address it.

Once done, we should start seeing dependencies between python packages on github, as now they work only for ancient python projects.

4 Likes

It’ll be standardized soon: PEP 621: how to specify dependencies?

One thing that would assist users would be the ability to select the file. My team at Datadog isn’t using it because back when I investigated the file name was assumed to be requirements.txt at the root but ours is https://github.com/DataDog/integrations-core/blob/master/datadog_checks_base/datadog_checks/base/data/agent_requirements.in