RubyGems - dependabot-linguist - Versions diffs - 0.212.0 → 0.217.0 - Mend

dependabot-linguist 0.212.0 → 0.217.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (215) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d36ddf66e8b3df3386480112b36a1dedf8ea46b8e6515fbf5b2b832e625f978
-  data.tar.gz: ccda911662b9b8d881f355311184ddee56dd80d054a30cb1020c042efe41aa60
+  metadata.gz: 1371e5c85071aefe956fb3ed4cc89d9c361296400858c671086105014c9db81e
+  data.tar.gz: 36d85631d93359a139ba432b5fd41c4e004641bc284d49b23dfbf508d61a3ff7
 SHA512:
-  metadata.gz: c996ab6a966d9aba1bc4e82135682c2977dfcc13a29f48c13cde1d1d13d58f6067eb6399705380a7f0564a9fd35d1a87a31e447ec068e377b32cbd03a3f78f47
-  data.tar.gz: 72285cb9735d6ca150d267f0537c2c901eb277a4464343a1f832990cc0de34eba84a6caab685e32bff978fe9e59b881d15303566ae0d31438c2bf76f44d6725c
+  metadata.gz: 56cc248e1f1ef0ea02e58b6606d91112714ae1e2b733367500aa29d644abecafff48dddf255548426dca0099a3ca0b551dbc2e38db726c73ca9b04bc9578c235
+  data.tar.gz: 832b54da74610965a93fdced801412e8cc768d469a02a2140d7b5f50ea9af18de2ff5c9bae06ef2da145dd99ae7b67a45ba32ef196d128e28042d98f2d157fb1

data/.rubocop.yml CHANGED Viewed

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.7.0
+  TargetRubyVersion: 3.1.0
   UseCache: false
   SuggestExtensions: false
   # NewCops: enable # would silence the recommendation
@@ -11,6 +11,8 @@ AllCops:
 Gemspec/DeprecatedAttributeAssignment:
   Enabled: true
+Gemspec/DevelopmentDependencies: # new in 1.44
+  Enabled: true
 Gemspec/OrderedDependencies:
   Enabled: false
 Gemspec/RequireMFA:
@@ -53,6 +55,8 @@ Metrics/BlockNesting:
   Enabled: false
 Metrics/ClassLength:
   Enabled: false
+Metrics/CollectionLiteralLength: # new in 1.47
+  Enabled: true
 Metrics/CyclomaticComplexity:
   Enabled: false
 Metrics/MethodLength:
@@ -76,6 +80,8 @@ Lint/DuplicateBranch:
   Enabled: true
 Lint/DuplicateMagicComment: # new in 1.37
   Enabled: true
+Lint/DuplicateMatchPattern: # new in 1.50
+  Enabled: true
 Lint/DuplicateRegexpCharacterClassElement:
   Enabled: true
 Lint/EmptyBlock:
@@ -116,10 +122,11 @@ Lint/UnexpectedBlockArity:
   Enabled: true
 Lint/UnmodifiedReduceAccumulator:
   Enabled: true
+Lint/UselessRescue: # new in 1.43
+  Enabled: true
 Lint/UselessRuby2Keywords:
   Enabled: true
 Style/StringLiterals:
   Enabled: true
   EnforcedStyle: double_quotes
@@ -131,10 +138,20 @@ Style/AccessModifierDeclarations:
   AllowModifiersOnSymbols: false
 Style/ArgumentsForwarding:
   Enabled: true
+Style/ArrayIntersect: # new in 1.40
+  Enabled: true
 Style/CollectionCompact:
   Enabled: true
+Style/ComparableClamp: # new in 1.44
+  Enabled: true
+Style/ConcatArrayLiterals: # new in 1.41
+  Enabled: true
 Style/ConditionalAssignment:
   Enabled: false
+Style/DataInheritance: # new in 1.49
+  Enabled: true
+Style/DirEmpty: # new in 1.48
+  Enabled: true
 Style/DocumentDynamicEvalDefinition:
   Enabled: true
 Style/EmptyHeredoc:
@@ -145,6 +162,8 @@ Style/EnvHome:
   Enabled: true
 Style/FetchEnvVar:
   Enabled: true
+Style/FileEmpty: # new in 1.48
+  Enabled: true
 Style/FileRead:
   Enabled: true
 Style/FileWrite:
@@ -155,6 +174,9 @@ Style/HashConversion:
   Enabled: true
 Style/HashExcept:
   Enabled: true
+Style/HashSyntax:
+  Enabled: true
+  EnforcedShorthandSyntax: 'never'
 Style/IfWithBooleanLiteralBranches:
   Enabled: true
 Style/IfUnlessModifier:
@@ -169,8 +191,14 @@ Style/MapCompactWithConditionalBlock:
   Enabled: true
 Style/MapToHash:
   Enabled: true
+Style/MapToSet: # new in 1.42
+  Enabled: true
+Style/MinMaxComparison: # new in 1.42
+  Enabled: true
 Style/MultilineInPatternThen:
   Enabled: true
+Style/MutableConstant:
+  Enabled: true
 Style/NegatedIfElseCondition:
   Enabled: true
 Style/NestedFileDirname:
@@ -195,10 +223,18 @@ Style/QuotedSymbols:
   Enabled: true
 Style/RedundantArgument:
   Enabled: true
+Style/RedundantConstantBase: # new in 1.40
+  Enabled: false
+Style/RedundantDoubleSplatHashBraces: # new in 1.41
+  Enabled: true
 Style/RedundantEach: # new in 1.38
   Enabled: true
+Style/RedundantHeredocDelimiterQuotes: # new in 1.45
+  Enabled: true
 Style/RedundantInitialize:
   Enabled: true
+Style/RedundantLineContinuation: # new in 1.49
+  Enabled: true
 Style/RedundantSelf:
   Enabled: false
 Style/RedundantSelfAssignmentBranch:

data/Gemfile.lock CHANGED Viewed

@@ -1,119 +1,116 @@
 PATH
   remote: .
   specs:
-    dependabot-linguist (0.212.0)
-      dependabot-omnibus (= 0.212.0)
-      github-linguist (= 7.23.0)
-      rugged (~> 1.5.0)
+    dependabot-linguist (0.217.0)
+      dependabot-omnibus (= 0.217.0)
+      github-linguist (= 7.25.0)
+      rugged (= 1.6.3)
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.4)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 1.6, < 2)
-      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.1)
+    addressable (2.8.4)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.665.0)
-    aws-sdk-codecommit (1.52.0)
+    aws-partitions (1.763.0)
+    aws-sdk-codecommit (1.53.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.168.1)
+    aws-sdk-core (3.172.0)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.5)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ecr (1.57.0)
+    aws-sdk-ecr (1.58.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.5.2)
       aws-eventstream (~> 1, >= 1.0.2)
-    cgi (0.3.5)
+    cgi (0.3.6)
     charlock_holmes (0.7.7)
     citrus (3.0.2)
-    commonmarker (0.23.6)
-    concurrent-ruby (1.1.10)
-    dependabot-bundler (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-cargo (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-common (0.212.0)
-      activesupport (>= 6.0.0)
+    commonmarker (0.23.9)
+    dependabot-bundler (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-cargo (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-common (0.217.0)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
       commonmarker (>= 0.20.1, < 0.24.0)
-      docker_registry2 (~> 1.11, >= 1.11.0)
-      excon (~> 0.75)
-      faraday (= 2.5.2)
+      docker_registry2 (~> 1.14)
+      excon (~> 0.96, < 0.100)
+      faraday (= 2.7.4)
+      faraday-retry (= 2.1.0)
       gitlab (= 4.19.0)
       nokogiri (~> 1.8)
-      octokit (>= 4.6, < 6.0)
+      octokit (>= 4.6, < 7.0)
       parser (>= 2.5, < 4.0)
+      psych (~> 5.0)
       toml-rb (>= 1.1.2, < 3.0)
-    dependabot-composer (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-docker (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-elm (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-git_submodules (0.212.0)
-      dependabot-common (= 0.212.0)
+    dependabot-composer (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-docker (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-elm (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-git_submodules (0.217.0)
+      dependabot-common (= 0.217.0)
       parseconfig (~> 1.0, < 1.1.0)
-    dependabot-github_actions (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-go_modules (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-gradle (0.212.0)
-      dependabot-common (= 0.212.0)
-      dependabot-maven (= 0.212.0)
-    dependabot-hex (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-maven (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-npm_and_yarn (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-nuget (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-omnibus (0.212.0)
-      dependabot-bundler (= 0.212.0)
-      dependabot-cargo (= 0.212.0)
-      dependabot-common (= 0.212.0)
-      dependabot-composer (= 0.212.0)
-      dependabot-docker (= 0.212.0)
-      dependabot-elm (= 0.212.0)
-      dependabot-git_submodules (= 0.212.0)
-      dependabot-github_actions (= 0.212.0)
-      dependabot-go_modules (= 0.212.0)
-      dependabot-gradle (= 0.212.0)
-      dependabot-hex (= 0.212.0)
-      dependabot-maven (= 0.212.0)
-      dependabot-npm_and_yarn (= 0.212.0)
-      dependabot-nuget (= 0.212.0)
-      dependabot-pub (= 0.212.0)
-      dependabot-python (= 0.212.0)
-      dependabot-terraform (= 0.212.0)
-    dependabot-pub (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-python (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-terraform (0.212.0)
-      dependabot-common (= 0.212.0)
+    dependabot-github_actions (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-go_modules (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-gradle (0.217.0)
+      dependabot-common (= 0.217.0)
+      dependabot-maven (= 0.217.0)
+    dependabot-hex (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-maven (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-npm_and_yarn (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-nuget (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-omnibus (0.217.0)
+      dependabot-bundler (= 0.217.0)
+      dependabot-cargo (= 0.217.0)
+      dependabot-common (= 0.217.0)
+      dependabot-composer (= 0.217.0)
+      dependabot-docker (= 0.217.0)
+      dependabot-elm (= 0.217.0)
+      dependabot-git_submodules (= 0.217.0)
+      dependabot-github_actions (= 0.217.0)
+      dependabot-go_modules (= 0.217.0)
+      dependabot-gradle (= 0.217.0)
+      dependabot-hex (= 0.217.0)
+      dependabot-maven (= 0.217.0)
+      dependabot-npm_and_yarn (= 0.217.0)
+      dependabot-nuget (= 0.217.0)
+      dependabot-pub (= 0.217.0)
+      dependabot-python (= 0.217.0)
+      dependabot-terraform (= 0.217.0)
+    dependabot-pub (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-python (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-terraform (0.217.0)
+      dependabot-common (= 0.217.0)
     diff-lcs (1.5.0)
-    docker_registry2 (1.12.0)
+    docker_registry2 (1.15.0)
       rest-client (>= 1.8.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    excon (0.94.0)
-    faraday (2.5.2)
+    excon (0.99.0)
+    faraday (2.7.4)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
-    github-linguist (7.23.0)
+    faraday-retry (2.1.0)
+      faraday (~> 2.0)
+    github-linguist (7.25.0)
       cgi
       charlock_holmes (~> 0.7.7)
       mini_mime (~> 1.0)
@@ -124,42 +121,39 @@ GEM
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    httparty (0.20.0)
-      mime-types (~> 3.0)
+    httparty (0.21.0)
+      mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    i18n (1.12.0)
-      concurrent-ruby (~> 1.0)
-    jmespath (1.6.1)
-    json (2.6.2)
+    jmespath (1.6.2)
+    json (2.6.3)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
+    mime-types-data (3.2023.0218.1)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    minitest (5.16.3)
+    mini_portile2 (2.8.2)
     multi_xml (0.6.0)
     netrc (0.11.0)
-    nokogiri (1.13.9)
+    nokogiri (1.14.4)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    nokogiri (1.13.9-x86_64-linux)
+    nokogiri (1.14.4-x86_64-linux)
       racc (~> 1.4)
-    octokit (5.6.1)
+    octokit (6.1.1)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     parallel (1.22.1)
     parseconfig (1.0.8)
-    parser (3.1.2.1)
+    parser (3.2.2.1)
       ast (~> 2.4.1)
-    psych (4.0.6)
+    psych (5.1.0)
       stringio
-    public_suffix (5.0.0)
-    racc (1.6.0)
+    public_suffix (5.0.1)
+    racc (1.6.2)
     rainbow (3.1.1)
     rake (13.0.6)
-    rdoc (6.4.0)
+    rdoc (6.5.0)
       psych (>= 4.0.0)
-    regexp_parser (2.6.0)
+    regexp_parser (2.8.0)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
@@ -179,35 +173,33 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.0)
-    rubocop (1.38.0)
+    rubocop (1.50.2)
       json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.1.2.1)
+      parser (>= 3.2.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.23.0, < 2.0)
+      rubocop-ast (>= 1.28.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.23.0)
-      parser (>= 3.1.1.0)
-    ruby-progressbar (1.11.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
-    rugged (1.5.0.1)
+    rugged (1.6.3)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    stringio (3.0.2)
+    stringio (3.0.5)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     toml-rb (2.2.0)
       citrus (~> 3.0, > 3.0)
-    tzinfo (2.0.5)
-      concurrent-ruby (~> 1.0)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8.2)
-    unicode-display_width (2.3.0)
+    unicode-display_width (2.4.2)
 PLATFORMS
   ruby

data/Makefile CHANGED Viewed

@@ -1,4 +1,4 @@
-.PHONY: setup setup_github clean docs docs_view demo test build install push_rubygems push_github
+.PHONY: setup setup_github clean docs docs_view demo test lint build install push_rubygems push_github
 SHELL:=/bin/bash
 # Assumes `gem install bundler`
@@ -27,12 +27,14 @@ demo:
 # default (just `rake`) is spec + rubocop, but be pedantic in case this changes.
 test: clean
 	bundle exec rake spec
+lint: clean
 	bundle exec rake rubocop
 # We can choose from `gem build dependabot-linguist.gemspec` or `bundle exec rake build`.
 # The gem build command creates a ./dependabot-linguist-$VER.gem file, and the rake build
 # (within bundle context) creates a ./pkg/dependabot-linguist-$VER.gem file.
-build: test
+build: test lint
 	bundle exec rake build
 # --user-install means no need for sudo or expectation of

data/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 Use [linguist](https://github.com/github/linguist) to check the contents of a **local** repository, and then scan for [dependabot-core](https://github.com/dependabot/dependabot-core) ecosystems relevant to those languages! With the list of [ecosystems](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) present in a repository, add a [dependabot.y[a]ml](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) ([configuration file](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)).
 ## Getting Started
 ### [Linguist dependencies](https://github.com/github/linguist#dependencies);
-Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/README.md).
+Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/README.md).
 ```bash
 sudo apt-get install build-essential cmake pkg-config libicu-dev zlib1g-dev libcurl4-openssl-dev libssl-dev ruby-dev
 ```
@@ -22,16 +22,22 @@ bundle add dependabot-linguist
 ```
 Or add the following line to your `Gemfile` manually
 ```ruby
-gem "dependabot-linguist", ">= 0.212.0
+gem "dependabot-linguist", ">= 0.217.0
 ```
 [Add the GitHub hosted gem](https://github.com/Skenvy/dependabot-linguist/packages/1704407);
 ```ruby
 source "https://rubygems.pkg.github.com/skenvy" do
-  gem "dependabot-linguist", ">= 0.212.0"
+  gem "dependabot-linguist", ">= 0.217.0"
 end
 ```
+### Setup external CLIs
+If you intend to use `::Dependabot::Linguist::DependabotFileValidator.commit_new_config`, you'll need to also setup the [`gh`](https://cli.github.com/manual/) CLI. You can follow instructions on [cli/cli](https://github.com/cli/cli) to install it, which for the intended use case should be [this guide](https://github.com/cli/cli/blob/trunk/docs/install_linux.md). Once you've installed it, [you'll need to log in](https://cli.github.com/manual/gh_auth_login) prior to running this script, as the credentials are expected to already be in place.
+It also expects `git` to be installed and credentialed, for pushing the branch.
 ## Usage
 The two main classes this provides, `::Dependabot::Linguist::Repository` and `::Dependabot::Linguist::DependabotFileValidator`, can be utilised independently, although the intention is that they be utilised together; to discover the contents of a repository that should be watched with a dependabot file by `Repository`, and subsequently using `DependabotFileValidator` to edit an existing, or add a new, dependabot file to watch the directories that were validated earlier. There is also a CLI tool, `dependabot-linguist`, that wraps these classes and surfaces all the available options to them, although adding automated tests for the executable is still a `#TODO`.
+The intended end goal is to use this to automatically raise a PR on GitHub with the recommended changes to the `~/.github/dependabot.y[a]ml` file. This is performed by `::Dependabot::Linguist::DependabotFileValidator.commit_new_config`, which utilises Ruby's `Kernel` to run commands in an external shell that perform actions using the `gh` cli, and `git`. If you intend to use these you'll want to follow [Setup external CLIs](https://github.com/Skenvy/dependabot-linguist#setup-external-clis).
 ### Use the classes in a ruby script, with defaults
 ```ruby
 require "dependabot/linguist"
@@ -51,6 +57,7 @@ require "dependabot/linguist"
 @validator.commit_new_config
 ```
 ### Use the CLI
+If you installed this with **bundler**, you'll need to preface these with `bundle exec`.
 ```bash
 # With no flags, it'll run "here", and print out the recommended new config.
 dependabot-linguist
@@ -60,6 +67,26 @@ dependabot-linguist ../../some/other/repo -w
 # You can also specify a name, which will be required if there isn't a "origin" remote.
 dependabot-linguist ../../some/other/repo Username/Reponame -x
 ```
+### Configure
+A yaml config file can be placed at `~/.github/.dependabot-linguist`. See this [example](https://github.com/Skenvy/dependabot-linguist/blob/main/.github/.dependabot-linguist). Although it's a dotfile, it'll be read by rugged, so for it to be utilised it should be checked in. The options available to this configuration file currently are;
+#### `ignore`
+The below options, `directory` and `ecosystem` are not mutually exclusive, and can be mixed, according to what top level catagorisation requires less verbose configuration, if you want to ignore many directories for one or two ecosystems, or many ecosystems for one or two directories!
+##### `directory`
+To ignore some ecosystems per directory, you can add
+```yaml
+ignore:
+  directory:
+    /path/to/somewhere:
+    - some_ecosystem
+```
+##### `ecosystem`
+To ignore some directories per ecosystem, you can add
+```yaml
+ignore:
+  ecosystem:
+    some_other_ecosystem:
+    - /path/to/somewhere_else
+```
 ## [RDoc generated docs](https://skenvy.github.io/dependabot-linguist/)
 ## Developing
 ### The first time setup
@@ -69,4 +96,5 @@ git clone https://github.com/Skenvy/dependabot-linguist.git && cd dependabot-lin
 ### Iterative development
 The majority of `make` recipes for this are just wrapping a `bundle` invocation of `rake`.
 * `make docs` will recreate the RDoc docs
-* `make test` will run both the RSpec tests and the RuboCop linter.
+* `make test` will run the RSpec tests.
+* `make lint` will run the RuboCop linter.

data/SECURITY.md CHANGED Viewed

@@ -1,9 +1,10 @@
 # Security Policy
 ## Supported Versions
 The `<major>.<minor>.*` versions of this are pinned to the **supported** `<major>.<minor>.*` versions of the gems that are published by the [dependabot-core](https://github.com/dependabot/dependabot-core) repository, centric to the [dependabot-common](https://rubygems.org/gems/dependabot-common) gem, with any required patches applied to each supported minor version.
-* Initially this will support version `0.212.0`, centric to [dependabot-common@0.212.0](https://rubygems.org/gems/dependabot-common/versions/0.212.0)
+* Support version `0.212.0`, centric to [dependabot-common@0.212.0](https://rubygems.org/gems/dependabot-common/versions/0.212.0)
     * This is because this is the last version to support a Ruby version of `2.7.0`.
+* Support version `0.217.0`, centric to [dependabot-common@0.217.0](https://rubygems.org/gems/dependabot-common/versions/0.217.0)
-Bugs present in any supported pinned version may be patched and contribute to successive patch versions. If a bug exists in an older version and no longer exists in a newer version, it is suggested to update to the newer version.
+Bugs present in only the most recent pinned minor version may be patched and contribute to successive patch versions. If a bug exists in an older version and no longer exists in a newer version, it is suggested to update to the newer version. As the underlying package this wraps, dependabot[-omnibus], is a live service, it makes sense for this to only roll forward.
 ## Reporting a Vulnerability
 Raise a [Security Vulnerability](https://github.com/Skenvy/dependabot-linguist/issues/new?assignees=&labels=security&template=security-vulnerability.yaml) issue.

data/dependabot-linguist.gemspec CHANGED Viewed

@@ -12,26 +12,28 @@ Gem::Specification.new do |spec|
   spec.description = "Use linguist to check the contents of a repository,
   and then scan for dependabot-core ecosystems relevant to those languages!"
   spec.homepage = "https://skenvy.github.io/dependabot-linguist"
-  spec.required_ruby_version = ">= 2.7.0"
+  # https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/dependabot-common.gemspec#L23-L24
+  spec.required_ruby_version = ">= 3.1.0"
+  spec.required_rubygems_version = ">= 3.3.7"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "https://github.com/Skenvy/dependabot-linguist/tree/main/"
   spec.require_paths = ["lib"]
   spec.files = Dir.chdir(__dir__) do
     `git ls-files -z`.split("\x0").reject do |f|
-      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features|smoke-test)/|\.(?:git|travis|circleci)|appveyor)})
     end
   end
   spec.bindir = "exe"
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-  spec.add_dependency "rugged", "~> 1.5.0"
-  spec.add_dependency "github-linguist", "7.23.0"
+  spec.add_dependency "rugged", "1.6.3"
+  spec.add_dependency "github-linguist", "7.25.0"
   # All ecosystem gems from https://rubygems.org/profiles/dependabot can be
-  # required via https://rubygems.org/gems/dependabot-omnibus/versions/0.212.0
+  # required via https://rubygems.org/gems/dependabot-omnibus/versions/0.217.0
   # which will include all dependencies of omnibus (16 ecosystems and common).
-  # https://github.com/dependabot/dependabot-core/blob/v0.212.0/omnibus/dependabot-omnibus.gemspec#L24-L40
-  spec.add_dependency "dependabot-omnibus", "0.212.0"
+  # https://github.com/dependabot/dependabot-core/blob/v0.217.0/omnibus/dependabot-omnibus.gemspec#L29-L45
+  spec.add_dependency "dependabot-omnibus", "0.217.0"
   # spec.add_development_dependency "aruba", "~> 2.1" # TODO
   spec.add_development_dependency "rake", "~> 13.0"

data/exe/dependabot-linguist CHANGED Viewed

@@ -12,7 +12,7 @@ require "yaml"
 $VERBOSE = previous_verbose
 VERSION = ::Dependabot::Linguist::VERSION
-BANNER = <<~BANNER
+BANNER = <<~BANNER.freeze
 Dependabot Linguist v#{VERSION}
 Detect dependabot ecosystems present for a given git repository, based off using
 linguist to determine the files present, that could be relevant to an ecosystem,