Dependabot Drops Python 3.9 Support Following EOL

Dependabot officially ended support for Python 3.9 on June 23, 2026, aligning with the version’s end-of-life (EOL) status. This move means developers relying on Python 3.9 may no longer receive automated dependency updates via Dependabot, increasing the risk of unpatched vulnerabilities and compatibility issues.

Python 3.9, released on October 5, 2020, adhered to Python’s five-year lifecycle, with full support lasting 18 months and security-only updates continuing until October 31, 2025. The final release, Python 3.9.25, marked the end of any upstream support, freezing the branch from future bug fixes or patches. Since then, major platforms and tools, including Heroku, which stopped supporting Python 3.9 builds as of January 7, 2026, have enforced the cutoff.

Dependabot’s discontinuation of Python 3.9 support reflects a broader trend in the software ecosystem. Package maintainers are increasingly removing Python 3.9 from their testing matrices, while enterprises still using the version are left navigating heightened security risks. Without Dependabot updates, outdated dependencies in Python 3.9 environments could expose organizations to vulnerabilities that won’t be patched, compounding compliance and operational risks.

For developers and companies still reliant on Python 3.9, the immediate priority is migrating to supported versions, such as Python 3.10 or later. Managed environments like Red Hat Enterprise Linux (RHEL 8/9) provide vendor-specific backports for extended support, but these are often tailored for enterprise customers and may not align with every organization’s needs.

The EOL of Python 3.9 isn’t just a technical milestone—it’s a wake-up call for organizations to re-evaluate their development workflows and infrastructure. Tools like Dependabot are critical for automating dependency management, and losing support for an outdated version underscores the importance of staying current with core platform updates. The cost of delaying upgrades—whether in terms of security breaches, compatibility issues, or the inability to use modern tooling—far outweighs the effort required to transition to supported versions.

As Python 3.9 fades into obsolescence, developers should leverage this opportunity to not only upgrade but also adopt best practices for future-proofing their environments. Staying proactive in tracking language lifecycles and aligning with supported versions will mitigate disruptions and ensure access to critical ecosystem tools like Dependabot.