ecosystem not being submitted as pip

[leonsparrowJM]

Thank you for fixing the mainifests.

New bug

I've labelled the picture with 1, 2, 3 using my photoshop skills:

1: this is the requirements.txt native dependabot detection. 2: this is the submission from this tool : conda-dependency-submission-action 3: this is a manual submission via Postman for comparison

You see, 2 does not submit the ecosystem as pip, so it does not raise any alerts. With #3 the postman submission, it raises alerts as it recognises it is pip.

Please can you post the ecosystem back to the api :-)

[leonsparrowJM]

It's formatted #2 correctly parsed so it recognises the ecosystem as pypi; it should be building the package_URL as pkg:pypi/mlflow@2.9.2 ( return pkg:${ecosystem}/${packageName}${version};); but somehow it's getting malformed as it shows up in dependancy graph as (unknown).

For reference, this is the environment.yaml file I am using to test:

name: testApp
channels:
  - defaults
dependencies:
  - dill=0.3.4
  - matplotlib=3.5.1
  - numpy=1.22.3
  - numpy-base=1.22.3
  - pandas=1.4.3
  - pip=22.1.2
  - python=3.9.12
  - scikit-learn=1.1.1
  - scipy=1.7.3
  - seaborn=0.11.2
  - mlflow=2.9.2
  - azureml-train-automl-runtime=1.55.0.post1
  - azureml-interpret=1.55.0
  - azureml-defaults=1.55.0
  - pytorch-transformers=1.0.0
  - spacy=2.3.9

[jhutchings1]

Thanks for providing details here. I'm not expecting to have a chance to look at this in the near future. Terribly sorry. PRs are welcome if you're able to assist