Exclude example and test paths from Dependabot pip updates (#2856)

[giac41]

Dependabot was scanning .txt files in example and test directories which are not actual dependency manifests.

The following paths are excluded from the pip ecosystem scan:

• examples/**
• flask_admin/tests/**

fixes #2856

[ElLorans]

Why excluding flask_admin/tests/**? Shouldn't we exclude license, too?

[giac41]

I excluded flask_admin/tests/** because I found several .txt files in test fixtures that clearly do not look like dependency manifests. However, I agree that excluding the whole directory is broader than necessary.

I checked recent Dependabot commits and did not find any that were clearly tied to .txt files, so I cannot confirm that these specific files have caused issues in practice.

That said, I found several .txt files in the repository that clearly do not appear to be dependency manifests:

• ./LICENSE.txt
• ./examples/bootstrap4/files/d1/dummy.txt
• ./examples/bootstrap4/static/d1/afile.txt
• ./examples/s3/localdir/yy/zz/afile.txt
• ./flask_admin/tests/tmp/inner/test1.txt
• ./flask_admin/tests/fileadmin/files/dummy.txt
• ./flask_admin/tests/sqla/files/dummy.txt

So rather than excluding whole directories, I think an explicit exclude-paths list for these files would be a safer and more targeted approach.

[ElLorans]

A simpler

 exclude-paths:
      - "*.txt"

would not require manually updating the list, though.