Permit overlapping rules

[jonhoo]

Is there an existing issue for this?

• [X] I have searched the existing issues

Feature description

After a lot of fiddling with dependabot rules for the Rust (well, cargo) ecosystem over the years, I thought I'd finally arrived at a dependabot configuration that follows Rust's preferred semantics for updates without too much noise:

• Major versions should get dedicated PRs, should update Cargo.toml, and should happen in a timely fashion.
• Minor/patch version updates should never touch Cargo.toml, should happen jointly in a single PR, and should happen on a regular-but-sparse cadence.

Unfortunately, no such luck; the setup I'd come up with requires multiple dependabot rules for the cargo package ecosystem, and that is disallowed, giving the error:

Update configs must have a unique combination of 'package-ecosystem', 'directory', and 'target-branch'. Ecosystem 'cargo' has overlapping directories.

They're not technically overlapping since they have ignore clauses that make them distinct, though I suspect it'd be quite difficult to have dependabot check for that property for arbitrary ignore blocks.

Ultimately, I'd love to see dependabot approach rules the same way it approaches the new(ish) groups, specifically:

Dependabot creates groups in the order they appear in your dependabot.yml file. If a dependency update could belong to more than one group, it is only assigned to the first group it matches with.

That is, for overlapping rules to be permitted where the first one that matches takes precedence. That would unlock use-cases like mine, which as far as I can tell at least cannot be achieved with dependabot's current configuration structure.

[jonhoo]

Worth pointing out that with https://github.com/dependabot/dependabot-core/issues/4009, I could get pretty close with a single rule with multiple groups, though I'd have to settle for using a single cadence for all update types.