Fix duplicate updated dependencies in multi-directory group refresh

[markhallen]

What are you trying to accomplish?

Fix a bug where multi-directory group refresh jobs produce duplicate updated dependencies. In a terraform monorepo with 3 directories each containing 3 providers, the refresh would report 27 updated dependencies (9 per directory due to cross-directory contamination) instead of the correct 9 (3 per directory).

The root cause is that group.dependencies accumulates entries from all directories, and skip_dependency? didn't filter by directory. This PR adds a directory check to skip dependencies that don't belong to the currently-processed directory.

Additionally, this PR adds a nil-safety guard to handle ecosystems that don't populate dependency.directory, preventing them from being incorrectly skipped.

Anything you want to highlight for special attention from reviewers?

The nil-safety guard (dependency.directory && dependency.directory != job.source.directory) is important — without it, ecosystems that leave dependency.directory as nil would have all their dependencies skipped, since nil != "/some/dir" evaluates to true.

How will you know you've accomplished your goal?

• The new end-to-end spec (refresh_group_update_pull_request_multi_dir_spec.rb) demonstrates the bug scenario and verifies exactly 9 updated dependencies are produced (not 27).
• Unit tests for skip_dependency? cover: matching directory, differing directory, nil directory, single-directory regression, handled dependencies, and group refresh override.
• All existing tests continue to pass.

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[Copilot]

Pull request overview

Fixes a bug in grouped refresh jobs for multi-directory repos where dependencies from other directories were being re-processed, producing duplicate “updated dependencies” (e.g., 27 instead of 9 in a 3×3 Terraform monorepo). The fix scopes dependency processing to the currently active directory during compile_all_dependency_changes_for.

Changes:

• Add directory-aware filtering in GroupUpdateCreation#skip_dependency? to prevent cross-directory dependency processing during multi-dir group runs.
• Add an end-to-end updater spec reproducing the multi-directory duplication scenario and asserting correct updated dependency counts / uniqueness.
• Add unit specs covering skip_dependency? behavior for matching/mismatching directories, nil directories, handled deps, and refresh override behavior.

Show a summary per file

File	Description
updater/lib/dependabot/updater/group_update_creation.rb	Adds directory-based skip logic to prevent cross-directory contamination in multi-dir group runs.
updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_multi_dir_spec.rb	New end-to-end spec that reproduces the duplication bug and asserts correct behavior in a multi-dir refresh.
updater/spec/dependabot/updater/group_update_creation_spec.rb	Adds unit coverage for the new directory filtering behavior and related regressions.

Copilot's findings

• Files reviewed: 3/3 changed files
• Comments generated: 1