luzfcb
commented
1 day ago Maintainers of template projects based on https://github.com/cookiecutter/cookiecutter and https://github.com/copier-org/copier are also experiencing this issue. Both projects use the Jinja2 syntax to define placeholders in directory and file names, which involves the use of {{ and }}.
After reviewing the changelog, it seems that this particular real-world use case not have been thoroughly tested when https://github.blog/changelog/2024-06-25-simplified-dependabot-yml-configuration-with-multi-directory-key-directories-and-wildcard-glob-support/ was implemented.
Related support ticket https://support.github.com/ticket/personal/0/3007442
Is there an existing issue for this?
Package ecosystem
pip
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
https://github.com/csssuf/dependabot-special-char-glob/blob/main/.github/dependabot.yml
Updated dependency
No response
What you expected to see, versus what you actually saw
I expected dependabot to validate the configuration and run against the target directory, but instead, it reports
The property '#/updates/0/directory' must not include a glob pattern. This is true with various combinations of escape characters (escaping space, escaping{/}, and both/neither).Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
https://github.com/csssuf/dependabot-special-char-glob/runs/29485132581
Smallest manifest that reproduces the issue
The linked repo is already a minimal repro.