dependabot-cake suggests updates to libraries that might not be compatible with the Cake runner

[augustoproiete]

@nils-a Just adding this to your radar for awareness, but doesn't seem like it's something that is worth fixing in here (and the fix would not be easy to do anyway) - and rather the Cake runner should be fixed instead.

dependabot-cake doesn't have any knowledge of what Cake runner is being used in the repo, so it always suggests updating packages to the latest version available.

Some libraries like NuGet.* are loaded by the Cake runner itself, with pinned version, and if the Cake script tries to load a newer version, it doesn't work - because Cake runner already has the older version loaded.

So now some of my repos are getting PRs from dependabot-cake suggesting bumping NuGet.* libraries, which cannot be merged.

[nils-a]

@augustoproiete yes, I was kind of aware of that..
This should probably be an issue with https://github.com/pharos/dependabot-core/ - maybe we could get @gitfool to take a look at this :-)

One way around that problem would be to do something like the nuget ecosystem does and enable ignoring of some dependencies.