dependabot-linguist 0.212.0 → 0.217.0

data/lib/dependabot/linguist/dependabot_file_validator.rb

@@ -23,17 +23,21 @@ module Dependabot
 
       YML_FILE_PATH = ".github/dependabot.yml"
 
+      CONFIG_FILE_PATH = ".github/.dependabot-linguist"
+
+      # rubocop:disable Layout/IndentationWidth, Layout/ElseAlignment, Layout/EndAlignment
+
       def dependabot_file_path
         @dependabot_file_path ||= if @repo.blob_at(@repo.head.target_id, YML_FILE_PATH)
           # the yml extension is preferred by GitHub, so even though this
           # returns the same as the `else`, check it before YAML.
-          YML_FILE_PATH # rubocop:disable Layout/IndentationWidth
-        elsif @repo.blob_at(@repo.head.target_id, YAML_FILE_PATH) # rubocop:disable Layout/ElseAlignment
+          YML_FILE_PATH
+        elsif @repo.blob_at(@repo.head.target_id, YAML_FILE_PATH)
           YAML_FILE_PATH
-        else # rubocop:disable Layout/ElseAlignment
+        else
           @existing_config = { "version" => 2, "updates" => [] }
           YML_FILE_PATH
-        end # rubocop:disable Layout/EndAlignment
+        end
       end
 
       def existing_config
@@ -42,6 +46,33 @@ module Dependabot
         @existing_config ||= YAML.safe_load(@repo.blob_at(@repo.head.target_id, dependabot_file_path).content)
       end
 
+      def meta_config
+        @meta_config ||= if @repo.blob_at(@repo.head.target_id, CONFIG_FILE_PATH)
+          YAML.safe_load(@repo.blob_at(@repo.head.target_id, CONFIG_FILE_PATH).content)
+        else
+          {}
+        end
+      end
+
+      # rubocop:enable Layout/IndentationWidth, Layout/ElseAlignment, Layout/EndAlignment
+
+      # Is a yaml config file exists that looks like
+      #
+      # ignore:
+      #   directory:
+      #     /path/to/somewhere:
+      #     - some_ecosystem
+      #   ecosystem:
+      #     some_other_ecosystem:
+      #     - /path/to/somewhere_else
+      #
+      # then both (some_ecosystem, "/path/to/somewhere") and
+      # (some_other_ecosystem, "/path/to/somewhere_else")
+      # should be "ignored" by this system.
+      def ecodir_is_ignored(eco, dir)
+        ((((meta_config["ignore"] || {})["directory"] || {})[dir] || []).any? eco) || ((((meta_config["ignore"] || {})["ecosystem"] || {})[eco] || []).any? dir)
+      end
+
       def confirm_config_version_is_valid
         raise StandardError("The existing config has a version other than 2") unless existing_config["version"] == 2
       end
@@ -83,6 +114,7 @@ module Dependabot
           this[ConfigDriftStatus::UNDISCOVERED] = []
           this.freeze
           ecodir_list.each do |checking_ecodir|
+            next if ecodir_is_ignored(checking_ecodir[0], checking_ecodir[1])
             if !existing_config.empty? && !existing_config["updates"].nil?
               existed_ecodir = nil
               existing_config["updates"].each do |existing_ecodir|
@@ -105,6 +137,7 @@ module Dependabot
             existing_config["updates"].each do |existing_ecodir|
               existed_ecodir = nil
               ecodir_list.each do |checking_ecodir|
+                break if ecodir_is_ignored(checking_ecodir[0], checking_ecodir[1])
                 existed_ecodir = checking_ecodir if self.class.checking_exists(checking_ecodir, existing_ecodir)
                 break unless existed_ecodir.nil?
               end
@@ -128,7 +161,7 @@ module Dependabot
 
       def new_config
         confirm_config_version_is_valid
-        @new_config ||= existing_config.clone.tap do |this|
+        @new_config ||= YAML.safe_load(existing_config.to_yaml).tap do |this|
           this["updates"] = [] if this["updates"].nil?
           # If "remove_undiscovered" is set, then set this to reject any
           # updates that are in the list of those undiscovered. Removing
@@ -169,7 +202,9 @@ module Dependabot
       end
 
       def write_new_config
-        File.open("#{@repo.path.delete_suffix("/.git/")}/#{dependabot_file_path}", "w") { |file| file.write(new_config.to_yaml) } if new_config != existing_config
+        full_file_path = "#{@repo.path.delete_suffix("/.git/")}/#{dependabot_file_path}"
+        FileUtils.mkdir_p File.dirname(full_file_path)
+        File.open(full_file_path, "w") { |file| file.write(new_config.to_yaml) } if new_config != existing_config
       end
 
       # The expected environment to run this final step in should have 'git' AND
@@ -178,8 +213,9 @@ module Dependabot
       # credentials being provided to this class.
       def commit_new_config
         new_branch = @repo.create_branch("dependabot-linguist_auto-config-update")
+        in_repo = "cd #{@repo.path.delete_suffix("/.git/")} &&"
+        `#{"#{in_repo} git checkout #{new_branch.name}"}`
         write_new_config
-        in_repo = "cd #{@repo.path} &&"
         `#{"#{in_repo} git add #{dependabot_file_path}"}`
         `#{"#{in_repo} git commit -m \"Auto update #{dependabot_file_path} -- dependabot-linguist\""}`
         `#{"#{in_repo} git push --set-upstream #{@repo.remotes["origin"].name} #{new_branch.name}"}`

data/lib/dependabot/linguist/dependabot_patch.rb

@@ -1,8 +1,20 @@
 # frozen_string_literal: true
 
+#########################################################################################
+# _____                            _       _           _     _____      _       _       #
+# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
+# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
+# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
+# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
+# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
+#             | |                                                                       #
+#             |_|                                                                       #
+#########################################################################################
+
 # Direct the requiring of the files that patch dependabot via this.
-# https://github.com/dependabot/dependabot-core/tree/v0.212.0
+# The current target version for dependabot is 0.217.0
+# https://github.com/dependabot/dependabot-core/tree/v0.217.0
 
-require_relative "file_fetchers/base"
+require_relative "file_fetchers/bundler"
 require_relative "file_fetchers/go_modules"
 require_relative "file_fetchers/git_submodules"

data/lib/dependabot/linguist/file_fetchers/bundler.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+#########################################################################################
+# _____                            _       _           _     _____      _       _       #
+# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
+# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
+# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
+# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
+# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
+#             | |                                                                       #
+#             |_|                                                                       #
+#########################################################################################
+
+# Patches Dependabot::GitSubmodules::FileFetcher.path_gemspec_paths
+
+# To fix https://github.com/Skenvy/dependabot-linguist/issues/6 we need to patch
+# ::Dependabot::Bundler::FileFetcher::fetch_path_gemspec_paths to stop it throwing
+# a Bundler::GemfileNotFound error, thrown from assuming that ::Bundler::root will
+# be run at the location the Gemfile.lock, and thus the Gemfile, exist. Currently
+# ::Bundler::LockfileParser::initialize during fetch_path_gemspec_paths will go;
+# ::Bundler::LockfileParser::parse_source, ::Bundler::Source::Rubygems::from_lock,
+# ::Bundler::Source::Rubygems::initialize, ::Bundler::Source::Rubygems::cache_path,
+# ::Bundler::app_cache, ::Bundler::root, ::Bundler::SharedHelpers::root, before
+# landing at ::Bundler::SharedHelpers::find_gemfile where it can read from ENV
+# `ENV["BUNDLE_GEMFILE"]`, or fail to locate an adjacent "Gemfile".
+
+# See https://github.com/CloutKhan/dependabot-bundler error demo for more details.
+
+# Instead of having the entire fetch_path_gemspec_paths in here, we can just wrap
+# the only place it's used, inside path_gemspec_paths -- with setting the ENV.
+
+require "dependabot/errors"
+require "dependabot/bundler"
+
+# rubocop:disable Style/Documentation
+
+module Dependabot
+  module Bundler
+    class FileFetcher
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L148-L150
+      def path_gemspec_paths
+        swap_bundle_gemfile = ENV.fetch("BUNDLE_GEMFILE", nil)
+        repo_dir_gemfile = "#{@repo_contents_path}#{source.directory}/Gemfile"
+        ENV["BUNDLE_GEMFILE"] = repo_dir_gemfile
+        raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "Gemfile")).cleanpath.to_path) unless File.exist?(repo_dir_gemfile)
+        result = fetch_path_gemspec_paths.map { |path| Pathname.new(path) }
+        ENV["BUNDLE_GEMFILE"] = swap_bundle_gemfile
+        result
+      end
+    end
+  end
+end
+
+# rubocop:enable Style/Documentation

data/lib/dependabot/linguist/file_fetchers/git_submodules.rb

@@ -12,8 +12,6 @@
 #########################################################################################
 
 # Patches Dependabot::GitSubmodules::FileFetcher.(fetch_files, gitmodules_file)
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L21-L26
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L28-L30
 
 # This patches out the network calls that might fail if you've used a private
 # repo as a submodule. It still validates the `.gitmodules` exists. If you ARE
@@ -21,9 +19,11 @@
 # "Allowing Dependabot to access private dependencies" at the below link
 # https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies
 
-# required_files_in? only asserts the presence of a `.gitmodules` file if the
-# submodule referenced is private, then the network calls in `submodule_refs`
-# might break the runner. If Dependabot::FileFetchers::Base.load_cloned_file_if_present
+# Dependabot::GitSubmodules::FileFetcher::required_files_in? only asserts the
+# presence of a `.gitmodules` file if the submodule referenced is private, then
+# the network calls in `submodule_refs` might break the runner.
+
+# If Dependabot::FileFetchers::Base.load_cloned_file_if_present
 # can't see the file, it'll `raise Dependabot::DependencyFileNotFound`, which
 # will make Dependabot::FileFetchers::Base.fetch_file_if_present `return` which
 # will add nil to the list of fetched_files -- i.e.
@@ -36,9 +36,9 @@
 # So we need to be more cautious with this and check it first.
 
 # Dependabot::FileFetchers::Base.load_cloned_file_if_present
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L117-L137
+# https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/base.rb#L135-L155
 # Dependabot::FileFetchers::Base.fetch_file_if_present
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L93-L115
+# https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/base.rb#L111-L133
 
 require "dependabot/errors"
 require "dependabot/git_submodules"
@@ -48,11 +48,13 @@ require "dependabot/git_submodules"
 module Dependabot
   module GitSubmodules
     class FileFetcher
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L21-L26
       def fetch_files
         raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, ".gitmodules")).cleanpath.to_path) if gitmodules_file.nil?
         [gitmodules_file]
       end
 
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L28-L30
       def gitmodules_file
         @gitmodules_file ||= fetch_file_if_present(".gitmodules")
       end

data/lib/dependabot/linguist/file_fetchers/go_modules.rb

@@ -12,9 +12,8 @@
 #########################################################################################
 
 # Patches Dependabot::GoModules::FileFetcher.fetch_files
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L19-L41
 
-# Patch to remove the online requirement for fetching go modules
+# Patched to remove the online requirement for fetching go modules
 
 # See the git_submodule patch for a comment explaining the reorder pattern,
 # due to `go_mod` being acquired via `fetch_file_if_present` and hitting
@@ -28,6 +27,7 @@ require "dependabot/go_modules"
 module Dependabot
   module GoModules
     class FileFetcher
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L30-L50
       def fetch_files
         raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "go.mod")).cleanpath.to_path) if go_mod.nil?
         fetched_files = [go_mod]

data/lib/dependabot/linguist/language.rb

@@ -11,26 +11,29 @@
 #                 |___/                                             #
 #####################################################################
 
-# Patches the class Linguist::Language to selectively "ungroup"
-# and change the type of "languages" to a detectable type.
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/language.rb
-
-# Patch https://github.com/github/linguist/blob/v7.23.0/lib/linguist/blob_helper.rb#L220
-# Need to remove the "(^|/)\.gitmodules$" string (plus one of the adjacent "|") as we
-# can't rely on the gitmodules to be unvendored in a `.gitattributes` and patching
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L35-L38 or
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L56-L62
-# would be too cumbersome. It also seems easier than duplicating the vendor patterns
-# from https://github.com/github/linguist/blob/v7.23.0/lib/linguist/vendor.yml
-# See https://ruby-doc.org/core-2.7.0/Regexp.html
-# We also need to remove the "(^|/)\.github/" string (plus one of the adjacent "|"),
-# to capture yaml files under .github/workflows/*.yaml
+# Patches the class Linguist::Language to selectively "ungroup" and
+# change the type of "languages" to a detectable type. This patches
+# the class with new functions, so there are no links to the "orig".
+
+# Patch Linguist::BlobHelper::VendoredRegexp. Need to remove the
+# "(^|/)\.gitmodules$" string (plus one of the adjacent "|") as we
+# can't rely on the gitmodules to be unvendored in a `.gitattributes`.
+# Need to remove the "(^|/)\.github/" string (plus the adjacent "|"),
+# to capture yaml files under `.github/workflows/*.yaml`
+# See https://ruby-doc.org/core-3.1.0/Regexp.html
+
+# Patching either Linguist::LazyBlob::git_attributes or
+# Linguist::LazyBlob::vendored? would be too cumbersome.
+# It also seems easier than duplicating the vendor patterns from
+# https://github.com/github/linguist/blob/v7.25.0/lib/linguist/vendor.yml
 
 require "linguist"
 
 # rubocop:disable Style/Documentation
 
 module Linguist
+  # https://github.com/github/linguist/blob/v7.25.0/lib/linguist/language.rb
+
   class Language
     def ungroup_language
       @group_name = self.name
@@ -55,6 +58,7 @@ module Linguist
   end
 
   module BlobHelper
+    # https://github.com/github/linguist/blob/v7.25.0/lib/linguist/blob_helper.rb#L220
     VendoredRegexp = Regexp.new(VendoredRegexp.source.gsub("(^|/)\\.gitmodules$|", "").gsub("|(^|/)\\.github/", ""))
   end
 end

data/lib/dependabot/linguist/languages_to_ecosystems/contexts.rb

@@ -8,7 +8,7 @@
 # as it's source directory is not the directory it is valid to "fetch" from.
 
 # For a list of "linguist languages", see
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/languages.yml
+# https://github.com/github/linguist/blob/v7.25.0/lib/linguist/languages.yml
 
 require_relative "manager_ecosystem_maps"
 
@@ -23,6 +23,7 @@ module Dependabot
       # is derived from inspecting the rules the file fetcher class actually
       # uses itself to determine if it can "fetch files" for a directory.
       # Possibly also based on the `def self.required_files_message` message.
+      # Or alternatively the `def self.required_files_in?`, the actual check!
       FETCH_FILES = "def fetch_files"
       # PRIMARY_LANGUAGES implies that the language should be the main or only
       # languages that that package manager could be used for, and the presence
@@ -60,7 +61,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L24
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L24
       "Gemfile.lock", # Gemfile.lock
       "Ruby" # Gemfile or .gemspec
     ]
@@ -69,7 +70,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::CARGO][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L19-L21
       "TOML" # Cargo.toml and Cargo.lock
     ]
     CONTEXT_RULES[PackageManagers::CARGO][ContextRule::PRIMARY_LANGUAGES] = ["Rust"]
@@ -77,7 +78,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/composer/lib/dependabot/composer/file_fetcher.rb#L16-L18
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/composer/lib/dependabot/composer/file_fetcher.rb#L16-L18
       "JSON" # composer.json and composer.lock
     ]
     CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::PRIMARY_LANGUAGES] = ["PHP"]
@@ -85,7 +86,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/docker/lib/dependabot/docker/file_fetcher.rb#L17-L19
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/docker/lib/dependabot/docker/file_fetcher.rb#L19-L21
       "Dockerfile", # Dockerfile
       "YAML" # .yaml, if kubernetes option is set
     ]
@@ -94,7 +95,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::HEX][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/hex/lib/dependabot/hex/file_fetcher.rb#L20-L22
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/hex/lib/dependabot/hex/file_fetcher.rb#L19-L21
       "Elixir" # mix.lock and mix.exs by extension
     ]
     CONTEXT_RULES[PackageManagers::HEX][ContextRule::PRIMARY_LANGUAGES] = ["Elixir"]
@@ -102,7 +103,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/elm/lib/dependabot/elm/file_fetcher.rb#L13-L15
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/elm/lib/dependabot/elm/file_fetcher.rb#L13-L15
       "JSON" # elm-package.json or an elm.json, only seeks via .json extension though.
     ]
     CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::PRIMARY_LANGUAGES] = ["Elm"]
@@ -110,7 +111,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L15-L17
       "Git Config" # ".gitmodules"
     ]
     CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::PRIMARY_LANGUAGES] = []
@@ -118,7 +119,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L15-L17
       # "YAML", but this is handled without linguist
     ]
     CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::PRIMARY_LANGUAGES] = []
@@ -126,7 +127,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L13-L15
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L13-L15
       "Go Checksums", # go.sum
       "Go Module" # go.mod
     ]
@@ -134,7 +135,7 @@ module Dependabot
     CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::RELEVANT_LANGUAGES] = []
 
     CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L23-L25
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L27-L29
       "Gradle", # for any `.gradle` file
       "Kotlin" # for any `.kts` file"
     ]
@@ -144,7 +145,7 @@ module Dependabot
     ]
 
     CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/maven/lib/dependabot/maven/file_fetcher.rb#L17-L19
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/maven/lib/dependabot/maven/file_fetcher.rb#L17-L19
       "Maven POM" # for `pom.xml` files
     ]
     CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::PRIMARY_LANGUAGES] = []
@@ -154,7 +155,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::NPM][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L31-L33
       "JSON", # "package.json" or "package-lock.json" or "npm-shrinkwrap.json" but only by extension
       "NPM Config" # ".npmrc"
     ]
@@ -163,7 +164,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::NUGET][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L20-L22
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L20-L22
       "XML" # .csproj, .vbproj and .fsproj
       # Nothing looks for a packages.config
     ]
@@ -172,7 +173,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIP][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       # Besides the other pip related package managers, there is no language for `requirements` files. RIP.
       "Text" # for `.txt`
     ]
@@ -181,7 +182,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       "JSON", # Pipfile.lock
       "TOML" # Pipfile
     ]
@@ -190,7 +191,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       # Already captured by the other pip related package manager paths
     ]
     CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
@@ -198,7 +199,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::POETRY][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       # pyproject.lock has none and setup.py is vague.
       "TOML" # poetry.lock and pyproject.toml by extension
     ]
@@ -207,7 +208,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PUB][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/pub/lib/dependabot/pub/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/pub/lib/dependabot/pub/file_fetcher.rb#L15-L17
       "YAML" # pubspec.yaml, but only by extension.
     ]
     CONTEXT_RULES[PackageManagers::PUB][ContextRule::PRIMARY_LANGUAGES] = ["Dart"]
@@ -215,7 +216,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L19-L21
       "HCL" # .tf and .hcl
     ]
     CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::PRIMARY_LANGUAGES] = []
@@ -223,7 +224,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::YARN][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L31-L33
       "YAML" # yarn.lock
     ]
     CONTEXT_RULES[PackageManagers::YARN][ContextRule::PRIMARY_LANGUAGES] = ["JavaScript", "TypeScript"]