Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

dart

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "pub"
    directory: "/frontend"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "flutter"
    assignees:
      - "acoutts"

Updated dependency

Dependabot correctly bumped the dependency version for the dependency it was updating, but every time it modifies the lock file it incorrectly updates the flutter constraint from the fixed value specified in pubspec.yaml, to a >= which is not the correct behavior.

pubspec.yaml:

environment:
  sdk: 3.9.2
  flutter: 3.35.6

pubspec.lock diff:

sdks:
  dart: "3.9.2"
-  flutter: "3.35.6"
+  flutter: ">=3.35.6"

If you checkout the branch from dependabot and run flutter pub get, the pub command puts the lock file constraint back to 3.35.6 like expected, so dependabot is incorrectly and unexpectedly changing this constraint.

What you expected to see, versus what you actually saw

Dependabot should produce pubspec lock files that are consistent with the output from the real pub get command.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Smallest manifest that reproduces the issue

No response