Directory with special characters incorrectly flagged as containing glob

[csssuf]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

pip

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

https://github.com/csssuf/dependabot-special-char-glob/blob/main/.github/dependabot.yml

Updated dependency

No response

What you expected to see, versus what you actually saw

I expected dependabot to validate the configuration and run against the target directory, but instead, it reports The property '#/updates/0/directory' must not include a glob pattern. This is true with various combinations of escape characters (escaping space, escaping {/}, and both/neither).

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/csssuf/dependabot-special-char-glob/runs/29485132581

Smallest manifest that reproduces the issue

The linked repo is already a minimal repro.

[luzfcb]

Maintainers of template projects based on https://github.com/cookiecutter/cookiecutter and https://github.com/copier-org/copier are also experiencing this issue. Both projects use the Jinja2 syntax to define placeholders in directory and file names, which involves the use of {{ and }}.

After reviewing the changelog, it seems that this particular real-world use case not have been thoroughly tested when https://github.blog/changelog/2024-06-25-simplified-dependabot-yml-configuration-with-multi-directory-key-directories-and-wildcard-glob-support/ was implemented.

Related support ticket https://support.github.com/ticket/personal/0/3007442

[luzfcb]

This error still happens in production https://github.com/cookiecutter/cookiecutter-django/runs/31435188434