I think the problem there with dependabot is it simply wants to read static metadata from files to determine what needs updating and then submit a PR to update things. Asking dependabot to run Python code for every Python repo on GitHub is probably asking a bit too much. 
This is pro for having Structured, Exchangeable lock file format (requirements.txt 2.0?), but that’s yet another debate that I don’t think any of us want to attempt to tackle right now until the preexisting ones are settled.