✨ Removing pyup checks

checks/dependency_update_tool_test.go

@@ -93,19 +93,6 @@ func TestDependencyUpdateTool(t *testing.T) {
 				Score:        10,
 			},
 		},
-		{
-			name:    "pyup config detected",
-			wantErr: false,
-			files: []string{
-				".pyup.yml",
-			},
-			CallSearchCommits: 0,
-			expected: scut.TestReturn{
-				NumberOfInfo: 1,
-				NumberOfWarn: 0,
-				Score:        10,
-			},
-		},
 		{
 			name:              "random committer ID not detected as dependecy tool bot",
 			wantErr:           false,

checks/evaluation/dependency_update_tool_test.go

@@ -45,7 +45,7 @@ func TestDependencyUpdateTool(t *testing.T) {
 			name: "multiple update tools both logged",
 			findings: []finding.Finding{
 				depUpdateTool("RenovateBot"),
-				depUpdateTool("PyUp"),
+				depUpdateTool("Dependabot"),
 			},
 			result: scut.TestReturn{
 				Score:        checker.MaxResultScore,

checks/raw/dependency_update_tool.go

@@ -114,19 +114,6 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
 				},
 			},
 		})
-	case ".pyup.yml":
-		*ptools = append(*ptools, checker.Tool{
-			Name: "PyUp",
-			URL:  asPointer("https://pyup.io/"),
-			Desc: asPointer("Automated dependency updates for Python."),
-			Files: []checker.File{
-				{
-					Path:   name,
-					Type:   finding.FileTypeSource,
-					Offset: checker.OffsetDefault,
-				},
-			},
-		})
 	// https://github.com/scala-steward-org/scala-steward/blob/main/docs/repo-specific-configuration.md
 	case ".scala-steward.conf",
 		"scala-steward.conf",

checks/raw/dependency_update_tool_test.go

@@ -99,12 +99,6 @@ func Test_checkDependencyFileExists(t *testing.T) {
 			want:    true,
 			wantErr: false,
 		},
-		{
-			name:    ".pyup.yml",
-			path:    ".pyup.yml",
-			want:    true,
-			wantErr: false,
-		},
 		{
 			name:    ".scala-steward.conf",
 			path:    ".scala-steward.conf",

docs/beginner-checks.md

@@ -25,7 +25,7 @@ If vulnerabilities are found in your dependencies, there are a few options:
 
 If you have handled the vulnerabilities in your dependencies and are still not satisfied with your score for this check, make sure there are no open, unfixed vulnerabilities in your project’s own codebase. Once you have dealt with those, your score should improve.
 
-Next, Scorecard’s [Dependency-Update-Tool check](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool) encourages developers to keep their dependencies up to date, which is a great way to stay on top of security updates. This check awards a high score to a project if it uses a dependency update tool such as [Dependabot](https://docs.github.com/code-security/dependabot), [Renovate bot](https://docs.renovatebot.com/), or [PyUp](https://github.com/pyupio/pyup#readme). Using one of these tools helps streamline security processes by notifying you when vulnerabilities have surfaced in your dependencies or when new versions of your dependencies become available.
+Next, Scorecard’s [Dependency-Update-Tool check](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool) encourages developers to keep their dependencies up to date, which is a great way to stay on top of security updates. This check awards a high score to a project if it uses a dependency update tool such as [Dependabot](https://docs.github.com/code-security/dependabot) or [Renovate bot](https://docs.renovatebot.com/). Using one of these tools helps streamline security processes by notifying you when vulnerabilities have surfaced in your dependencies or when new versions of your dependencies become available.
 
 Automated processes like these save you time and are highly configurable; for example, you can set your bot to update dependencies every day or every week at the same time.
 

docs/checks.md

@@ -312,7 +312,6 @@ This check tries to determine if the project uses a dependency update tool,
 specifically one of:
 - [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
 - [Renovate bot](https://docs.renovatebot.com/configuration-options/)
-- [PyUp](https://docs.pyup.io/docs) (Python)
 Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
 These tools automate the process of updating dependencies by scanning for
 outdated or insecure requirements, and opening a pull request to update them if

docs/checks/dependencyupdatetool/README.md

@@ -3,8 +3,6 @@
   * Detection is based on a `.github/dependabot.yml` or `.github/dependabot.yaml` file.
 * [Renovate](https://docs.renovatebot.com/)
   * Detection is based on the configuration files listed [here](https://docs.renovatebot.com/configuration-options/)
-* [PyUp](https://github.com/pyupio/pyup)
-  * Detection based on a `.pyup.yml` file
 * [scala-steward](https://github.com/scala-steward-org/scala-steward)
   * Detection is based on the configuration files listed [here](https://github.com/scala-steward-org/scala-steward/blob/main/docs/repo-specific-configuration.md)
 

docs/checks/internal/checks.yaml

@@ -60,7 +60,6 @@ checks:
       specifically one of:
       - [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
       - [Renovate bot](https://docs.renovatebot.com/configuration-options/)
-      - [PyUp](https://docs.pyup.io/docs) (Python)
       Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
       These tools automate the process of updating dependencies by scanning for
       outdated or insecure requirements, and opening a pull request to update them if