Dependabot-based dependency graphs for Python

Source: GitHub Changelog

Python projects will now see more complete and accurate transitive dependency trees in their dependency graphs and Software Bills of Materials (SBOMs).

This feature is based on a new type of Dependabot job that builds a dependency snapshot and uploads it to the Dependency Submission API. It’s similar to dependency autosubmission, but it does not incur charges for actions minutes and can access organization‑wide configurations for private registries you’ve set up for Dependabot.

The release supports all the major package managers for Python, including pip, uv, and Poetry (v1 and v2).

For more information, see Configuring the dependency graph.