Dependabot support for dependencies in hatch environments

[jorisroovers]

Something I’d like to have is dependabot support for dependencies in hatch environments, e.g. hatch.envs.test.dependencies.

Example dependencies section:

https://github.com/jorisroovers/gitlint/blob/7b0c255de3c3f51c62d8a182d7b1994450acf888/pyproject.toml#L83-L92

Related things I found:

1. I’ve read Standard Python support dependabot/dependabot-core#3290, but AFAICT, that only pertains to top-level dependencies and optional-dependencies (which works well in my experience). I couldn’t find any existing issue for environment-level dependency support within the hatch or dependabot projects, although I’d be surprised if I’m the first one asking?

2. I also had a quick glance at hatch-requirements-txt with the idea of splitting the test dependencies back out in a test-requirements.txt file so dependabot can pick them up. However, this feels like a step backwards and I think hatch-requirements-txt actually only supports project-level dependencies too (so this wouldn’t work).

3. I also found the workaround by using the features option (although Bug: detached and skip-install envs silently ignore features option #729 would need to be fixed since I use skip-install=True), but I prefer not to expose the development dependencies to users, even as optional dependencies.

Is this something you think will eventually be supported, or is there another workaround available? Thanks!

[funkyfuture]

isn't that an issue that concerns the dependabot developers?

also, what is the use-case? i'm assuming that hatch environments are used for development purposes and thus i don't see the need to prevent shipping possibly insecure software to the public. i'm also assuming that developers choose reasonable version specifications and keep their environments up-to-date, the latter is something that hatch does regularly for the developer.