dependabot-core 0.78.0 → 0.79.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95c11f6783d5750a80f0cb5733246a913f4171b771bd2543f9d7e46d3092d2c6
-  data.tar.gz: 05b220175026cecb6153863d9ed5910da8025798be814f54de4792586bc81c13
+  metadata.gz: c0186760e21dffbcb311070f5cbc6fcbe561a8f3393e6e0e1d375bb9abf7ff8b
+  data.tar.gz: 2475ed8f06f7e917068079a655af4e873085e2552fe4f45ddeb8b31c29e19e0e
 SHA512:
-  metadata.gz: 9a3eff9df94cb5ea0bc46301527bbbbd1a72cd55863c6905d323a10f701ffaad8a3b24ffd67f86e2790e4740074306e7bf4929018176d94222abb9f7beb16d04
-  data.tar.gz: 874b136db86a44268b7b5ff2ac535903d582089a71e6f6ffb614184ac496b081108a4bc21438f978c5160eb944bc11333a0bfd6b08e0f9cd0f31d7f6f1863861
+  metadata.gz: 58088f836f3e1c081e928636cfa52b19b07fc96d84db72edfb85a6f19c6ad8fe17fd1d364dbddc504cc81a44afbac3c3a2c471dd0cc8312bea8b35bf3ab1f76d
+  data.tar.gz: 352a8376aec2d9d842db210aa6810247a88b312360ea94379282a0f3fb5e6984492e02c3fe508d4df84343445e4931189ac3e474cea407f6be3a7004e2b897c2

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.79.0, 9 December 2018
+
+- Extract python logic into a separate gem
+- Yarn: Fix lockfile for invalid resolutions
+
 ## v0.78.0, 7 December 2018
 
 - Extract git_submodules logic into a separate gem

data/helpers/npm/lib/updater.js

@@ -68,15 +68,21 @@ async function updateDependencyFiles(directory, dependencies, lockfileName) {
   return { [lockfileName]: updatedLockfile };
 }
 
+function flattenAllDependencies(packageJson) {
+  return Object.assign(
+    {},
+    packageJson.optionalDependencies,
+    packageJson.peerDependencies,
+    packageJson.devDependencies,
+    packageJson.dependencies
+  );
+}
+
 function installArgs(depName, desiredVersion, requirements, oldPackage) {
   const source = (requirements.find(req => req.source) || {}).source;
 
   if (source && source.type === "git") {
-    let originalVersion =
-      (oldPackage["dependencies"] || {})[depName] ||
-      (oldPackage["devDependencies"] || {})[depName] ||
-      (oldPackage["peerDependencies"] || {})[depName] ||
-      (oldPackage["optionalDependencies"] || {})[depName];
+    let originalVersion = flattenAllDependencies(oldPackage)[depName];
 
     if (!originalVersion) {
       originalVersion = source.url;

data/helpers/npm/package.json

@@ -7,11 +7,11 @@
     "semver": "5.6.0"
   },
   "devDependencies": {
-    "eslint": "5.9.0",
+    "eslint": "5.10.0",
     "eslint-plugin-prettier": "3.0.0",
     "fs-extra": "7.0.1",
     "jest": "23.6.0",
-    "nock": "10.0.3",
+    "nock": "10.0.4",
     "prettier": "1.15.3"
   }
 }

data/helpers/npm/yarn.lock

@@ -59,18 +59,21 @@ acorn-globals@^4.1.0:
   dependencies:
     acorn "^5.0.0"
 
-acorn-jsx@^4.1.1:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-4.1.1.tgz#e8e41e48ea2fe0c896740610ab6a4ffd8add225e"
-  integrity sha512-JY+iV6r+cO21KtntVvFkD+iqjtdpRUpGqKWgfkCdZq1R+kbreEl8EcdcJR4SmiIgsIQT33s6QzheQ9a275Q8xw==
-  dependencies:
-    acorn "^5.0.3"
+acorn-jsx@^5.0.0:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.0.1.tgz#32a064fd925429216a09b141102bfdd185fae40e"
+  integrity sha512-HJ7CfNHrfJLlNTzIEUTj43LNWGkqpRLxm3YjAlcD0ACydk9XynzYsCBHxut+iqt+1aBXkx9UP/w/ZqMr13XIzg==
 
-acorn@^5.0.0, acorn@^5.0.3, acorn@^5.3.0, acorn@^5.6.0:
+acorn@^5.0.0, acorn@^5.3.0:
   version "5.7.1"
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.1.tgz#f095829297706a7c9776958c0afc8930a9b9d9d8"
   integrity sha512-d+nbxBUGKg7Arpsvbnlq61mc12ek3EY8EQldM3GPAhWJ1UVxC6TDGbIvUMNU6obBX3i1+ptCIzV4vq0gFPEGVQ==
 
+acorn@^6.0.2:
+  version "6.0.4"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.0.4.tgz#77377e7353b72ec5104550aa2d2097a2fd40b754"
+  integrity sha512-VY4i5EKSKkofY2I+6QLTbTTN/UvEQPCo6eiwzzSaSWfpaDhOmStMCMod6wmuPciNq+XS0faCglFu2lHZpdHUtg==
+
 agent-base@4, agent-base@^4.1.0, agent-base@~4.2.0:
   version "4.2.1"
   resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-4.2.1.tgz#d89e5999f797875674c07d87f260fc41e83e8ca9"
@@ -1465,10 +1468,10 @@ eslint-visitor-keys@^1.0.0:
   resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz#3f3180fb2e291017716acb4c9d6d5b5c34a6a81d"
   integrity sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ==
 
-eslint@5.9.0:
-  version "5.9.0"
-  resolved "https://registry.yarnpkg.com/eslint/-/eslint-5.9.0.tgz#b234b6d15ef84b5849c6de2af43195a2d59d408e"
-  integrity sha512-g4KWpPdqN0nth+goDNICNXGfJF7nNnepthp46CAlJoJtC5K/cLu3NgCM3AHu1CkJ5Hzt9V0Y0PBAO6Ay/gGb+w==
+eslint@5.10.0:
+  version "5.10.0"
+  resolved "https://registry.yarnpkg.com/eslint/-/eslint-5.10.0.tgz#24adcbe92bf5eb1fc2d2f2b1eebe0c5e0713903a"
+  integrity sha512-HpqzC+BHULKlnPwWae9MaVZ5AXJKpkxCVXQHrFaRw3hbDj26V/9ArYM4Rr/SQ8pi6qUPLXSSXC4RBJlyq2Z2OQ==
   dependencies:
     "@babel/code-frame" "^7.0.0"
     ajv "^6.5.3"
@@ -1479,7 +1482,7 @@ eslint@5.9.0:
     eslint-scope "^4.0.0"
     eslint-utils "^1.3.1"
     eslint-visitor-keys "^1.0.0"
-    espree "^4.0.0"
+    espree "^5.0.0"
     esquery "^1.0.1"
     esutils "^2.0.2"
     file-entry-cache "^2.0.0"
@@ -1489,7 +1492,6 @@ eslint@5.9.0:
     ignore "^4.0.6"
     imurmurhash "^0.1.4"
     inquirer "^6.1.0"
-    is-resolvable "^1.1.0"
     js-yaml "^3.12.0"
     json-stable-stringify-without-jsonify "^1.0.1"
     levn "^0.3.0"
@@ -1509,13 +1511,14 @@ eslint@5.9.0:
     table "^5.0.2"
     text-table "^0.2.0"
 
-espree@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/espree/-/espree-4.0.0.tgz#253998f20a0f82db5d866385799d912a83a36634"
-  integrity sha512-kapdTCt1bjmspxStVKX6huolXVV5ZfyZguY1lcfhVVZstce3bqxH9mcLzNn3/mlgW6wQ732+0fuG9v7h0ZQoKg==
+espree@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/espree/-/espree-5.0.0.tgz#fc7f984b62b36a0f543b13fb9cd7b9f4a7f5b65c"
+  integrity sha512-1MpUfwsdS9MMoN7ZXqAr9e9UKdVHDcvrJpyx7mm1WuQlx/ygErEQBzgi5Nh5qBHIoYweprhtMkTCb9GhcAIcsA==
   dependencies:
-    acorn "^5.6.0"
-    acorn-jsx "^4.1.1"
+    acorn "^6.0.2"
+    acorn-jsx "^5.0.0"
+    eslint-visitor-keys "^1.0.0"
 
 esprima@^3.1.3:
   version "3.1.3"
@@ -2633,11 +2636,6 @@ is-regex@^1.0.4:
   dependencies:
     has "^1.0.1"
 
-is-resolvable@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-resolvable/-/is-resolvable-1.1.0.tgz#fb18f87ce1feb925169c9a407c19318a3206ed88"
-  integrity sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg==
-
 is-retry-allowed@^1.0.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz#11a060568b67339444033d0125a61a20d564fb34"
@@ -3733,10 +3731,10 @@ nice-try@^1.0.4:
   resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.4.tgz#d93962f6c52f2c1558c0fbda6d512819f1efe1c4"
   integrity sha512-2NpiFHqC87y/zFke0fC0spBXL3bBsoh/p5H1EFhshxjCR5+0g2d6BiXbUFz9v1sAcxsk2htp2eQnNIci2dIYcA==
 
-nock@10.0.3:
-  version "10.0.3"
-  resolved "https://registry.yarnpkg.com/nock/-/nock-10.0.3.tgz#4c92596592a2f6c8a63da053fc9f81149013150d"
-  integrity sha512-nR3wVeDsEygk3qBdj8D/QLOjoXqTRGUaWaxJW+RVfcQKm0ByaYDiq9crsp02g1725V3EGOPrZPXzphqfhosrlA==
+nock@10.0.4:
+  version "10.0.4"
+  resolved "https://registry.yarnpkg.com/nock/-/nock-10.0.4.tgz#44f5dcfe0a6b09f95d541f6b3f057cfabbbd2a3a"
+  integrity sha512-+kzpiUmJHl2j/ZdJG4Mc3oHJc4F1Tm9j0KV/SLhLKZQGTQkeK2z1XxhVIbM2evP3yn0RVlp7L1xZNIy84J8/1A==
   dependencies:
     chai "^4.1.2"
     debug "^4.1.0"

data/helpers/yarn/lib/replace-lockfile-declaration.js

@@ -5,6 +5,8 @@ const stringify = require("@dependabot/yarn-lib/lib/lockfile/stringify")
 // Get an array of a dependency's requested version ranges from a lockfile
 function getRequestedVersions(depName, lockfileJson) {
   const requestedVersions = [];
+  // TODO: Rethink this regex matching, for example, we don't currently match:
+  // @dependabot/pack-core@^git+ssh://git@github.com:dependabot/pack-core.git
   const re = /^(.*)@([^@]*?)$/;
 
   Object.entries(lockfileJson).forEach(([name, _]) => {
@@ -19,7 +21,13 @@ function getRequestedVersions(depName, lockfileJson) {
   return requestedVersions;
 }
 
-module.exports = (oldLockfileContent, newLockfileContent, depName, newReq) => {
+module.exports = (
+  oldLockfileContent,
+  newLockfileContent,
+  depName,
+  newVersionRequirement,
+  existingVersionRequirement
+) => {
   const oldJson = parse(oldLockfileContent).object;
   const newJson = parse(newLockfileContent).object;
 
@@ -35,9 +43,13 @@ module.exports = (oldLockfileContent, newLockfileContent, depName, newReq) => {
     return !oldPackageReqs.includes(pattern);
   });
 
+  // If the new lockfile has entries that don't exist in the old lockfile,
+  // replace these version requirements with a range (will currently be an
+  // exact version because we tell yarn to install a specific version)
   if (reqToReplace) {
-    newJson[`${depName}@${newReq || oldPackageReqs[0]}`] =
-      newJson[`${depName}@${reqToReplace}`];
+    newJson[
+      `${depName}@${newVersionRequirement || existingVersionRequirement}`
+    ] = newJson[`${depName}@${reqToReplace}`];
     delete newJson[`${depName}@${reqToReplace}`];
   }
 

data/helpers/yarn/lib/updater.js

@@ -66,12 +66,12 @@ class LightweightInstall extends Install {
   }
 }
 
-async function allDependencyRanges(config) {
+async function flattenAllDependencies(config) {
   const manifest = await config.readRootManifest();
   return Object.assign(
     {},
-    manifest.peerDependencies,
     manifest.optionalDependencies,
+    manifest.peerDependencies,
     manifest.devDependencies,
     manifest.dependencies
   );
@@ -136,6 +136,9 @@ function installArgsWithVersion(
 ) {
   const source = requirements.source;
 
+  // TODO: Use logic from npm updater to find original version instead of doing
+  // all this mad git shorthand logic
+  // e.g. const originalVersion = flattenAllDependencies(oldPackage)[depName];
   if (source && source.type === "git") {
     // Handle packages added using the github shorthand, e.g.
     // - yarn add discord.js@discordjs/discord.js
@@ -219,14 +222,23 @@ async function updateDependencyFile(
   // Despite the innocent-sounding name, this actually does all the hard work
   await add.init();
 
-  // Dedupe the updated lockfile, and replace the version requirement in it
-  // (which will currently be an exact version, not a requirement range)
   const dedupedYarnLock = fixDuplicates(readFile("yarn.lock"), depName);
+
+  const newVersionRequirement = requirements.requirement;
+
+  const flattenedDependencies = await flattenAllDependencies(config);
+  const existingVersionRequirement = flattenedDependencies[depName];
+
+  // Replace the version requirement in the lockfile (which will currently be an
+  // exact version, not a requirement range)
+  // If we don't have new requirement (e.g. git source) use the existing version
+  // requirement from the package manifest
   const replacedDeclarationYarnLock = replaceDeclaration(
     originalYarnLock,
     dedupedYarnLock,
     depName,
-    requirements.requirement
+    newVersionRequirement,
+    existingVersionRequirement
   );
 
   // Do a normal install to ensure the lockfile doesn't change when we do

data/helpers/yarn/package.json

@@ -7,11 +7,11 @@
     "semver": "5.6.0"
   },
   "devDependencies": {
-    "eslint": "5.9.0",
+    "eslint": "5.10.0",
     "eslint-plugin-prettier": "3.0.0",
     "fs-extra": "7.0.1",
     "jest": "23.6.0",
-    "nock": "10.0.3",
+    "nock": "10.0.4",
     "prettier": "1.15.3"
   }
 }

data/helpers/yarn/yarn.lock

@@ -110,22 +110,20 @@ acorn-globals@^4.0.0:
   dependencies:
     acorn "^5.0.0"
 
-acorn-jsx@^4.1.1:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-4.1.1.tgz#e8e41e48ea2fe0c896740610ab6a4ffd8add225e"
-  integrity sha512-JY+iV6r+cO21KtntVvFkD+iqjtdpRUpGqKWgfkCdZq1R+kbreEl8EcdcJR4SmiIgsIQT33s6QzheQ9a275Q8xw==
-  dependencies:
-    acorn "^5.0.3"
+acorn-jsx@^5.0.0:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.0.1.tgz#32a064fd925429216a09b141102bfdd185fae40e"
+  integrity sha512-HJ7CfNHrfJLlNTzIEUTj43LNWGkqpRLxm3YjAlcD0ACydk9XynzYsCBHxut+iqt+1aBXkx9UP/w/ZqMr13XIzg==
 
 acorn@^5.0.0, acorn@^5.1.2:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.2.1.tgz#317ac7821826c22c702d66189ab8359675f135d7"
   integrity sha512-jG0u7c4Ly+3QkkW18V+NRDN+4bWHdln30NL1ZL2AvFZZmQe/BfopYCtghCKKVBUSetZ4QKcyA0pY6/4Gw8Pv8w==
 
-acorn@^5.0.3, acorn@^5.6.0:
-  version "5.7.1"
-  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.1.tgz#f095829297706a7c9776958c0afc8930a9b9d9d8"
-  integrity sha512-d+nbxBUGKg7Arpsvbnlq61mc12ek3EY8EQldM3GPAhWJ1UVxC6TDGbIvUMNU6obBX3i1+ptCIzV4vq0gFPEGVQ==
+acorn@^6.0.2:
+  version "6.0.4"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.0.4.tgz#77377e7353b72ec5104550aa2d2097a2fd40b754"
+  integrity sha512-VY4i5EKSKkofY2I+6QLTbTTN/UvEQPCo6eiwzzSaSWfpaDhOmStMCMod6wmuPciNq+XS0faCglFu2lHZpdHUtg==
 
 ajv@^5.1.0:
   version "5.5.2"
@@ -1283,10 +1281,10 @@ eslint-visitor-keys@^1.0.0:
   resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz#3f3180fb2e291017716acb4c9d6d5b5c34a6a81d"
   integrity sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ==
 
-eslint@5.9.0:
-  version "5.9.0"
-  resolved "https://registry.yarnpkg.com/eslint/-/eslint-5.9.0.tgz#b234b6d15ef84b5849c6de2af43195a2d59d408e"
-  integrity sha512-g4KWpPdqN0nth+goDNICNXGfJF7nNnepthp46CAlJoJtC5K/cLu3NgCM3AHu1CkJ5Hzt9V0Y0PBAO6Ay/gGb+w==
+eslint@5.10.0:
+  version "5.10.0"
+  resolved "https://registry.yarnpkg.com/eslint/-/eslint-5.10.0.tgz#24adcbe92bf5eb1fc2d2f2b1eebe0c5e0713903a"
+  integrity sha512-HpqzC+BHULKlnPwWae9MaVZ5AXJKpkxCVXQHrFaRw3hbDj26V/9ArYM4Rr/SQ8pi6qUPLXSSXC4RBJlyq2Z2OQ==
   dependencies:
     "@babel/code-frame" "^7.0.0"
     ajv "^6.5.3"
@@ -1297,7 +1295,7 @@ eslint@5.9.0:
     eslint-scope "^4.0.0"
     eslint-utils "^1.3.1"
     eslint-visitor-keys "^1.0.0"
-    espree "^4.0.0"
+    espree "^5.0.0"
     esquery "^1.0.1"
     esutils "^2.0.2"
     file-entry-cache "^2.0.0"
@@ -1307,7 +1305,6 @@ eslint@5.9.0:
     ignore "^4.0.6"
     imurmurhash "^0.1.4"
     inquirer "^6.1.0"
-    is-resolvable "^1.1.0"
     js-yaml "^3.12.0"
     json-stable-stringify-without-jsonify "^1.0.1"
     levn "^0.3.0"
@@ -1327,13 +1324,14 @@ eslint@5.9.0:
     table "^5.0.2"
     text-table "^0.2.0"
 
-espree@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/espree/-/espree-4.0.0.tgz#253998f20a0f82db5d866385799d912a83a36634"
-  integrity sha512-kapdTCt1bjmspxStVKX6huolXVV5ZfyZguY1lcfhVVZstce3bqxH9mcLzNn3/mlgW6wQ732+0fuG9v7h0ZQoKg==
+espree@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/espree/-/espree-5.0.0.tgz#fc7f984b62b36a0f543b13fb9cd7b9f4a7f5b65c"
+  integrity sha512-1MpUfwsdS9MMoN7ZXqAr9e9UKdVHDcvrJpyx7mm1WuQlx/ygErEQBzgi5Nh5qBHIoYweprhtMkTCb9GhcAIcsA==
   dependencies:
-    acorn "^5.6.0"
-    acorn-jsx "^4.1.1"
+    acorn "^6.0.2"
+    acorn-jsx "^5.0.0"
+    eslint-visitor-keys "^1.0.0"
 
 esprima@^3.1.3:
   version "3.1.3"
@@ -2305,11 +2303,6 @@ is-regex@^1.0.4:
   dependencies:
     has "^1.0.1"
 
-is-resolvable@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/is-resolvable/-/is-resolvable-1.1.0.tgz#fb18f87ce1feb925169c9a407c19318a3206ed88"
-  integrity sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg==
-
 is-stream@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-1.1.0.tgz#12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44"
@@ -3211,10 +3204,10 @@ nice-try@^1.0.4:
   resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.4.tgz#d93962f6c52f2c1558c0fbda6d512819f1efe1c4"
   integrity sha512-2NpiFHqC87y/zFke0fC0spBXL3bBsoh/p5H1EFhshxjCR5+0g2d6BiXbUFz9v1sAcxsk2htp2eQnNIci2dIYcA==
 
-nock@10.0.3:
-  version "10.0.3"
-  resolved "https://registry.yarnpkg.com/nock/-/nock-10.0.3.tgz#4c92596592a2f6c8a63da053fc9f81149013150d"
-  integrity sha512-nR3wVeDsEygk3qBdj8D/QLOjoXqTRGUaWaxJW+RVfcQKm0ByaYDiq9crsp02g1725V3EGOPrZPXzphqfhosrlA==
+nock@10.0.4:
+  version "10.0.4"
+  resolved "https://registry.yarnpkg.com/nock/-/nock-10.0.4.tgz#44f5dcfe0a6b09f95d541f6b3f057cfabbbd2a3a"
+  integrity sha512-+kzpiUmJHl2j/ZdJG4Mc3oHJc4F1Tm9j0KV/SLhLKZQGTQkeK2z1XxhVIbM2evP3yn0RVlp7L1xZNIy84J8/1A==
   dependencies:
     chai "^4.1.2"
     debug "^4.1.0"

data/lib/dependabot/file_fetchers.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "dependabot/file_fetchers/ruby/bundler"
-require "dependabot/file_fetchers/python/pip"
 require "dependabot/file_fetchers/java_script/npm_and_yarn"
 require "dependabot/file_fetchers/java/maven"
 require "dependabot/file_fetchers/java/gradle"
@@ -20,7 +19,6 @@ module Dependabot
       "npm_and_yarn" => FileFetchers::JavaScript::NpmAndYarn,
       "maven" => FileFetchers::Java::Maven,
       "gradle" => FileFetchers::Java::Gradle,
-      "pip" => FileFetchers::Python::Pip,
       "composer" => FileFetchers::Php::Composer,
       "hex" => FileFetchers::Elixir::Hex,
       "cargo" => FileFetchers::Rust::Cargo,

data/lib/dependabot/file_parsers.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "dependabot/file_parsers/ruby/bundler"
-require "dependabot/file_parsers/python/pip"
 require "dependabot/file_parsers/java_script/npm_and_yarn"
 require "dependabot/file_parsers/java/maven"
 require "dependabot/file_parsers/java/gradle"
@@ -20,7 +19,6 @@ module Dependabot
       "npm_and_yarn" => FileParsers::JavaScript::NpmAndYarn,
       "maven" => FileParsers::Java::Maven,
       "gradle" => FileParsers::Java::Gradle,
-      "pip" => FileParsers::Python::Pip,
       "composer" => FileParsers::Php::Composer,
       "hex" => FileParsers::Elixir::Hex,
       "cargo" => FileParsers::Rust::Cargo,

data/lib/dependabot/file_updaters.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "dependabot/file_updaters/ruby/bundler"
-require "dependabot/file_updaters/python/pip"
 require "dependabot/file_updaters/java_script/npm_and_yarn"
 require "dependabot/file_updaters/java/maven"
 require "dependabot/file_updaters/java/gradle"
@@ -20,7 +19,6 @@ module Dependabot
       "npm_and_yarn" => FileUpdaters::JavaScript::NpmAndYarn,
       "maven" => FileUpdaters::Java::Maven,
       "gradle" => FileUpdaters::Java::Gradle,
-      "pip" => FileUpdaters::Python::Pip,
       "composer" => FileUpdaters::Php::Composer,
       "hex" => FileUpdaters::Elixir::Hex,
       "cargo" => FileUpdaters::Rust::Cargo,

data/lib/dependabot/metadata_finders.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "dependabot/metadata_finders/ruby/bundler"
-require "dependabot/metadata_finders/python/pip"
 require "dependabot/metadata_finders/java_script/npm_and_yarn"
 require "dependabot/metadata_finders/java/maven"
 require "dependabot/metadata_finders/php/composer"
@@ -18,7 +17,6 @@ module Dependabot
       "npm_and_yarn" => MetadataFinders::JavaScript::NpmAndYarn,
       "maven" => MetadataFinders::Java::Maven,
       "gradle" => MetadataFinders::Java::Maven,
-      "pip" => MetadataFinders::Python::Pip,
       "composer" => MetadataFinders::Php::Composer,
       "hex" => MetadataFinders::Elixir::Hex,
       "cargo" => MetadataFinders::Rust::Cargo,