dependabot-linguist 0.212.1 → 0.217.0

data/lib/dependabot/linguist/file_fetchers/git_submodules.rb

@@ -12,8 +12,6 @@
 #########################################################################################
 
 # Patches Dependabot::GitSubmodules::FileFetcher.(fetch_files, gitmodules_file)
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L21-L26
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L28-L30
 
 # This patches out the network calls that might fail if you've used a private
 # repo as a submodule. It still validates the `.gitmodules` exists. If you ARE
@@ -21,9 +19,11 @@
 # "Allowing Dependabot to access private dependencies" at the below link
 # https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private-dependencies
 
-# required_files_in? only asserts the presence of a `.gitmodules` file if the
-# submodule referenced is private, then the network calls in `submodule_refs`
-# might break the runner. If Dependabot::FileFetchers::Base.load_cloned_file_if_present
+# Dependabot::GitSubmodules::FileFetcher::required_files_in? only asserts the
+# presence of a `.gitmodules` file if the submodule referenced is private, then
+# the network calls in `submodule_refs` might break the runner.
+
+# If Dependabot::FileFetchers::Base.load_cloned_file_if_present
 # can't see the file, it'll `raise Dependabot::DependencyFileNotFound`, which
 # will make Dependabot::FileFetchers::Base.fetch_file_if_present `return` which
 # will add nil to the list of fetched_files -- i.e.
@@ -36,9 +36,9 @@
 # So we need to be more cautious with this and check it first.
 
 # Dependabot::FileFetchers::Base.load_cloned_file_if_present
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L117-L137
+# https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/base.rb#L135-L155
 # Dependabot::FileFetchers::Base.fetch_file_if_present
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb#L93-L115
+# https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/base.rb#L111-L133
 
 require "dependabot/errors"
 require "dependabot/git_submodules"
@@ -48,11 +48,13 @@ require "dependabot/git_submodules"
 module Dependabot
   module GitSubmodules
     class FileFetcher
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L21-L26
       def fetch_files
         raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, ".gitmodules")).cleanpath.to_path) if gitmodules_file.nil?
         [gitmodules_file]
       end
 
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L28-L30
       def gitmodules_file
         @gitmodules_file ||= fetch_file_if_present(".gitmodules")
       end

data/lib/dependabot/linguist/file_fetchers/go_modules.rb

@@ -12,9 +12,8 @@
 #########################################################################################
 
 # Patches Dependabot::GoModules::FileFetcher.fetch_files
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L19-L41
 
-# Patch to remove the online requirement for fetching go modules
+# Patched to remove the online requirement for fetching go modules
 
 # See the git_submodule patch for a comment explaining the reorder pattern,
 # due to `go_mod` being acquired via `fetch_file_if_present` and hitting
@@ -28,6 +27,7 @@ require "dependabot/go_modules"
 module Dependabot
   module GoModules
     class FileFetcher
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L30-L50
       def fetch_files
         raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "go.mod")).cleanpath.to_path) if go_mod.nil?
         fetched_files = [go_mod]

data/lib/dependabot/linguist/language.rb

@@ -11,26 +11,29 @@
 #                 |___/                                             #
 #####################################################################
 
-# Patches the class Linguist::Language to selectively "ungroup"
-# and change the type of "languages" to a detectable type.
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/language.rb
-
-# Patch https://github.com/github/linguist/blob/v7.23.0/lib/linguist/blob_helper.rb#L220
-# Need to remove the "(^|/)\.gitmodules$" string (plus one of the adjacent "|") as we
-# can't rely on the gitmodules to be unvendored in a `.gitattributes` and patching
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L35-L38 or
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/lazy_blob.rb#L56-L62
-# would be too cumbersome. It also seems easier than duplicating the vendor patterns
-# from https://github.com/github/linguist/blob/v7.23.0/lib/linguist/vendor.yml
-# See https://ruby-doc.org/core-2.7.0/Regexp.html
-# We also need to remove the "(^|/)\.github/" string (plus one of the adjacent "|"),
-# to capture yaml files under .github/workflows/*.yaml
+# Patches the class Linguist::Language to selectively "ungroup" and
+# change the type of "languages" to a detectable type. This patches
+# the class with new functions, so there are no links to the "orig".
+
+# Patch Linguist::BlobHelper::VendoredRegexp. Need to remove the
+# "(^|/)\.gitmodules$" string (plus one of the adjacent "|") as we
+# can't rely on the gitmodules to be unvendored in a `.gitattributes`.
+# Need to remove the "(^|/)\.github/" string (plus the adjacent "|"),
+# to capture yaml files under `.github/workflows/*.yaml`
+# See https://ruby-doc.org/core-3.1.0/Regexp.html
+
+# Patching either Linguist::LazyBlob::git_attributes or
+# Linguist::LazyBlob::vendored? would be too cumbersome.
+# It also seems easier than duplicating the vendor patterns from
+# https://github.com/github/linguist/blob/v7.25.0/lib/linguist/vendor.yml
 
 require "linguist"
 
 # rubocop:disable Style/Documentation
 
 module Linguist
+  # https://github.com/github/linguist/blob/v7.25.0/lib/linguist/language.rb
+
   class Language
     def ungroup_language
       @group_name = self.name
@@ -55,6 +58,7 @@ module Linguist
   end
 
   module BlobHelper
+    # https://github.com/github/linguist/blob/v7.25.0/lib/linguist/blob_helper.rb#L220
     VendoredRegexp = Regexp.new(VendoredRegexp.source.gsub("(^|/)\\.gitmodules$|", "").gsub("|(^|/)\\.github/", ""))
   end
 end

data/lib/dependabot/linguist/languages_to_ecosystems/contexts.rb

@@ -8,7 +8,7 @@
 # as it's source directory is not the directory it is valid to "fetch" from.
 
 # For a list of "linguist languages", see
-# https://github.com/github/linguist/blob/v7.23.0/lib/linguist/languages.yml
+# https://github.com/github/linguist/blob/v7.25.0/lib/linguist/languages.yml
 
 require_relative "manager_ecosystem_maps"
 
@@ -23,6 +23,7 @@ module Dependabot
       # is derived from inspecting the rules the file fetcher class actually
       # uses itself to determine if it can "fetch files" for a directory.
       # Possibly also based on the `def self.required_files_message` message.
+      # Or alternatively the `def self.required_files_in?`, the actual check!
       FETCH_FILES = "def fetch_files"
       # PRIMARY_LANGUAGES implies that the language should be the main or only
       # languages that that package manager could be used for, and the presence
@@ -60,7 +61,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L24
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L24
       "Gemfile.lock", # Gemfile.lock
       "Ruby" # Gemfile or .gemspec
     ]
@@ -69,7 +70,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::CARGO][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L19-L21
       "TOML" # Cargo.toml and Cargo.lock
     ]
     CONTEXT_RULES[PackageManagers::CARGO][ContextRule::PRIMARY_LANGUAGES] = ["Rust"]
@@ -77,7 +78,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/composer/lib/dependabot/composer/file_fetcher.rb#L16-L18
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/composer/lib/dependabot/composer/file_fetcher.rb#L16-L18
       "JSON" # composer.json and composer.lock
     ]
     CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::PRIMARY_LANGUAGES] = ["PHP"]
@@ -85,7 +86,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/docker/lib/dependabot/docker/file_fetcher.rb#L17-L19
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/docker/lib/dependabot/docker/file_fetcher.rb#L19-L21
       "Dockerfile", # Dockerfile
       "YAML" # .yaml, if kubernetes option is set
     ]
@@ -94,7 +95,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::HEX][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/hex/lib/dependabot/hex/file_fetcher.rb#L20-L22
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/hex/lib/dependabot/hex/file_fetcher.rb#L19-L21
       "Elixir" # mix.lock and mix.exs by extension
     ]
     CONTEXT_RULES[PackageManagers::HEX][ContextRule::PRIMARY_LANGUAGES] = ["Elixir"]
@@ -102,7 +103,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/elm/lib/dependabot/elm/file_fetcher.rb#L13-L15
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/elm/lib/dependabot/elm/file_fetcher.rb#L13-L15
       "JSON" # elm-package.json or an elm.json, only seeks via .json extension though.
     ]
     CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::PRIMARY_LANGUAGES] = ["Elm"]
@@ -110,7 +111,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L15-L17
       "Git Config" # ".gitmodules"
     ]
     CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::PRIMARY_LANGUAGES] = []
@@ -118,7 +119,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L15-L17
       # "YAML", but this is handled without linguist
     ]
     CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::PRIMARY_LANGUAGES] = []
@@ -126,7 +127,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L13-L15
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L13-L15
       "Go Checksums", # go.sum
       "Go Module" # go.mod
     ]
@@ -134,7 +135,7 @@ module Dependabot
     CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::RELEVANT_LANGUAGES] = []
 
     CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L23-L25
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L27-L29
       "Gradle", # for any `.gradle` file
       "Kotlin" # for any `.kts` file"
     ]
@@ -144,7 +145,7 @@ module Dependabot
     ]
 
     CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/maven/lib/dependabot/maven/file_fetcher.rb#L17-L19
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/maven/lib/dependabot/maven/file_fetcher.rb#L17-L19
       "Maven POM" # for `pom.xml` files
     ]
     CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::PRIMARY_LANGUAGES] = []
@@ -154,7 +155,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::NPM][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L31-L33
       "JSON", # "package.json" or "package-lock.json" or "npm-shrinkwrap.json" but only by extension
       "NPM Config" # ".npmrc"
     ]
@@ -163,7 +164,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::NUGET][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L20-L22
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L20-L22
       "XML" # .csproj, .vbproj and .fsproj
       # Nothing looks for a packages.config
     ]
@@ -172,7 +173,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIP][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       # Besides the other pip related package managers, there is no language for `requirements` files. RIP.
       "Text" # for `.txt`
     ]
@@ -181,7 +182,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       "JSON", # Pipfile.lock
       "TOML" # Pipfile
     ]
@@ -190,7 +191,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       # Already captured by the other pip related package manager paths
     ]
     CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
@@ -198,7 +199,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::POETRY][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
       # pyproject.lock has none and setup.py is vague.
       "TOML" # poetry.lock and pyproject.toml by extension
     ]
@@ -207,7 +208,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PUB][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/pub/lib/dependabot/pub/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/pub/lib/dependabot/pub/file_fetcher.rb#L15-L17
       "YAML" # pubspec.yaml, but only by extension.
     ]
     CONTEXT_RULES[PackageManagers::PUB][ContextRule::PRIMARY_LANGUAGES] = ["Dart"]
@@ -215,7 +216,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L19-L21
       "HCL" # .tf and .hcl
     ]
     CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::PRIMARY_LANGUAGES] = []
@@ -223,7 +224,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::YARN][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L36-L51
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L31-L33
       "YAML" # yarn.lock
     ]
     CONTEXT_RULES[PackageManagers::YARN][ContextRule::PRIMARY_LANGUAGES] = ["JavaScript", "TypeScript"]