Correct Dependabot Python package manager versions in docs tables (pipenv constraint + pip-compile)

[Copilot]

This updates the docs to align Python package manager versions with Dependabot’s current source of truth and corrects regressions from the prior update. Specifically, it restores the <= pipenv constraint and updates pip-compile where it was previously missed.

• dependabot-options-reference.md (package-ecosystem table)

  • Updated pip from v24.2 → 24.2
  • Updated pip-compile from 7.4.1 → 7.5.3
  • Preserved pipenv as <= 2024.4.1 (did not remove <=)
  • Updated poetry from v2 → 2.2.1
  • Left pnpm unchanged

• supported-package-managers.md (reusable package managers table)

  • Updated pip from v21.1.2 → 24.2
  • Updated pipenv from <= 2021-05-29 → <= 2024.4.1 (preserving <=)
  • Updated pip-compile from 6.1.0 → 7.5.3
  • Updated poetry from v1 → 2.2.1
  • Kept all non-version columns unchanged

• Example of corrected rows

  | pip         | `pip` | 24.2        |
  | pip-compile | `pip` | 7.5.3       |
  | pipenv      | `pip` | <= 2024.4.1 |
  | poetry      | `pip` | 2.2.1       |

Original prompt

Context

This is a corrective fix for PR #43699 which updates the dependabot Python package manager versions in the docs to match the actual source of truth at https://github.com/dependabot/dependabot-core/blob/main/python/helpers/requirements.txt

The source of truth (requirements.txt) contains:

pip==24.2
pip-tools==7.5.3
pipenv==2024.4.1
poetry==2.2.1

PR #43699 had two issues:

1. It accidentally removed the <= prefix from pipenv in dependabot-options-reference.md
2. It did not update pip-compile (which uses pip-tools) at all

Changes required

File 1: content/code-security/reference/supply-chain-security/dependabot-options-reference.md

In the package-ecosystem table (around lines 572-576 on main), update the following rows:

Current (on main):

| pip| `pip`            | v24.2          |
| pip-compile | `pip`            | 7.4.1            |
| pipenv         | `pip`            | <= 2024.4.1    |
| pnpm   | `npm`            | v7, v8 <br>v9, v10 (version updates only)    |
| poetry         | `pip`            | v2               |

Should become:

| pip         | `pip`            | 24.2             |
| pip-compile | `pip`            | 7.5.3            |
| pipenv      | `pip`            | <= 2024.4.1      |
| pnpm   | `npm`            | v7, v8 <br>v9, v10 (version updates only)    |
| poetry      | `pip`            | 2.2.1            |

Key points for this file:

• pip: Remove v prefix from version, change v24.2 to 24.2
• pip-compile: Update version from 7.4.1 to 7.5.3
• pipenv: KEEP the <= prefix. The version <= 2024.4.1 is already correct on main. Do NOT remove <=.
• poetry: Update from v2 to 2.2.1
• Do NOT change the pnpm row

File 2: data/reusables/dependabot/supported-package-managers.md

In the package managers table (around lines 41-45 on main), update the following rows:

Current (on main):

[pip](#pip-and-pip-compile) | `pip`            | v21.1.2          | ...
pipenv         | `pip`            | <= 2021-05-29    | ...
[pip-compile](#pip-and-pip-compile) | `pip`            | 6.1.0            | ...

and

poetry         | `pip`            | v1               | ...

Should become:

[pip](#pip-and-pip-compile) | `pip`            | 24.2             | ...
pipenv         | `pip`            | <= 2024.4.1      | ...
[pip-compile](#pip-and-pip-compile) | `pip`            | 7.5.3            | ...

and

poetry         | `pip`            | 2.2.1            | ...

Key points for this file:

• pip: Change v21.1.2 to 24.2
• pipenv: Change <= 2021-05-29 to <= 2024.4.1 (keep the <= prefix!)
• pip-compile: Change 6.1.0 to 7.5.3
• poetry: Change v1 to 2.2.1
• Do NOT change any other columns in these rows (the octicon check/x columns must stay the same)

Important notes

• The <= prefix on pipenv MUST be preserved in both files
• pip-compile must be updated in both files (this was missed in the original PR fix dependabot python package manager versions #43699)
• Only version numbers should change — do not alter any other table structure or content
• Fixes issue Outdated dependabot python package manager versions #43697

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Help me review and confirm the pull request by checking the code ? @github/docs/pull/43699

Assistant:

I'll start by loading the PR review abilities and then gather information about this pull request.

Assistant: Now let me verify the claimed versions against the actual source of truth in dependabot-core:

Assistant: Now I have all the data I need. Let me verify the version claims against the source of truth.

---

PR Review: fix dependabot python package manager versions

Summary

Author	@djbrown (Contributor)
State	Open, not draft
Fixes	#43697 — "Outdated dependabot python package manager versions"
Files changed	2 (+6, −6)
Reviews	None yet
CI	All checks passing ✅
Mergeable	Yes (blocked — awaiting review)
Risk	🟢 Low — content-only version number corrections

A GitHub staff member (@Sharra-writes) has commented that they've asked the Dependabot team for feedback and is waiting on a response.

---

Core Changes — Version Accuracy Verification

The PR updates Python-related package manager versions in the docs to match the actual versions defined in dependabot/dependabot-core/python/helpers/requirements.txt.

I verified the source of truth. Here is the comparison:

Package	Old (docs)	New (PR)	Actual (requirements.txt)	✅/⚠️
pip	v24.2 / v21.1.2	24.2	pip==24.2	✅ Match...

This pull request was created from Copilot chat.