Open jonhoo opened 1 week ago
Worth pointing out that with https://github.com/dependabot/dependabot-core/issues/4009, I could get pretty close with a single rule with multiple groups
, though I'd have to settle for using a single cadence for all update types.
Is there an existing issue for this?
Feature description
After a lot of fiddling with dependabot rules for the Rust (well,
cargo
) ecosystem over the years, I thought I'd finally arrived at a dependabot configuration that follows Rust's preferred semantics for updates without too much noise:Cargo.toml
, and should happen in a timely fashion.Cargo.toml
, should happen jointly in a single PR, and should happen on a regular-but-sparse cadence.Unfortunately, no such luck; the setup I'd come up with requires multiple dependabot rules for the
cargo
package ecosystem, and that is disallowed, giving the error:They're not technically overlapping since they have
ignore
clauses that make them distinct, though I suspect it'd be quite difficult to have dependabot check for that property for arbitraryignore
blocks.Ultimately, I'd love to see dependabot approach rules the same way it approaches the new(ish)
groups
, specifically:That is, for overlapping rules to be permitted where the first one that matches takes precedence. That would unlock use-cases like mine, which as far as I can tell at least cannot be achieved with dependabot's current configuration structure.