Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

Python - pip and pip-compile

What you expected to see, versus what you actually saw

Reproducible with the following input file:

job:
  allowed-updates:
    - dependency-type: direct
      update-type: all
  package-manager: pip
  source:
    provider: github
    repo: opentracing-contrib/nginx-opentracing
    commit: 69dd153598307375363650ea301c92cb59d997f3
    api-endpoint: https://api.github.com/
    hostname: github.com
    directories:
      - "/**/*"

Run with the Dependabot CLI: dependabot update -f input.yml

The issue seems to be caused by the FileFetcher's behavior in the Python ecosystem of searching subdirectories for requirements files:

This results in the same requirements file appearing twice, thus it puts up 2 PRs.

We'll need to analyze why this behavior exists and maybe remove it. Ideally Dependabot would only process the directory it was given.