By coincidence, govuk-dependabot-merger is not auto-merging rails upgrades (because it involves a change to both Gemfile and Gemfile.lock, and the merger service only allows a change to Gemfile.lock) but it is skipping rails by coincidence rather than by design. We should play it safe and explicitly exclude Rails from the allowlist.
Rails requires manual care when upgrading, so should not be auto-merged.
By coincidence, govuk-dependabot-merger is not auto-merging rails upgrades (because it involves a change to both Gemfile and Gemfile.lock, and the merger service only allows a change to Gemfile.lock) but it is skipping rails by coincidence rather than by design. We should play it safe and explicitly exclude Rails from the allowlist.
See Slack thread.
⚠️ This repo is Continuously Deployed: make sure you follow the guidance ⚠️
Follow these steps if you are doing a Rails upgrade.