dependabot-linguist 0.212.1 → 0.303.0

data/lib/dependabot/linguist/languages_to_ecosystems/manager_ecosystem_maps.rb

@@ -4,10 +4,12 @@
 # subsequently to the "file fetcher registry keys"
 
 # For the list of package managers and which ecosystems they map to, see
-# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-
+# TODO: This project is still only using the package managers that existed in
+# version 0.217.0 -- it still needs to be updated to include those added since
 
 # For the file_fetchers' register function, whose keys we map to, see
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers.rb#L14-L16
+# https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/lib/dependabot/file_fetchers.rb#L21-L24
 
 module Dependabot
   module Linguist
@@ -80,7 +82,7 @@ module Dependabot
       MAVEN = "maven"
       MIX = "mix"
       NPM = "npm"
-      NUGET = "nuget"
+      # NUGET = "nuget"
       PIP = "pip"
       PUB = "pub"
       TERRAFORM = "terraform"
@@ -92,37 +94,38 @@ module Dependabot
     # so each mapping |K,V| element should have a comment linking to the place
     # that its value was registered!
     PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY = {
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L216
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L253
       PackageEcosystems::BUNDLER => "bundler",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L295
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L410
       PackageEcosystems::CARGO => "cargo",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/composer/lib/dependabot/composer/file_fetcher.rb#L183
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/composer/lib/dependabot/composer/file_fetcher.rb#L241
       PackageEcosystems::COMPOSER => "composer",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/docker/lib/dependabot/docker/file_fetcher.rb#L103
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/docker/lib/dependabot/docker/file_fetcher.rb#L77
       PackageEcosystems::DOCKER => "docker",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/elm/lib/dependabot/elm/file_fetcher.rb#L46
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/elm/lib/dependabot/elm/file_fetcher.rb#L50
       PackageEcosystems::ELM => "elm",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L72-L73
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L106-L107
       PackageEcosystems::GITHUB_ACTIONS => "github_actions",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L84-L85
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L111-L112
       PackageEcosystems::GIT_SUBMODULE => "submodules",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L54-L55
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L63-L64
       PackageEcosystems::GOMOD => "go_modules",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L131
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L203
       PackageEcosystems::GRADLE => "gradle",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/maven/lib/dependabot/maven/file_fetcher.rb#L142
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/maven/lib/dependabot/maven/file_fetcher.rb#L179
       PackageEcosystems::MAVEN => "maven",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/hex/lib/dependabot/hex/file_fetcher.rb#L98
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/hex/lib/dependabot/hex/file_fetcher.rb#L114
       PackageEcosystems::MIX => "hex",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L419-L420
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L737-L738
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb#L18
       PackageEcosystems::NPM => "npm_and_yarn",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L271
-      PackageEcosystems::NUGET => "nuget",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/python/lib/dependabot/python/file_fetcher.rb#L409
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L46
+      # PackageEcosystems::NUGET => "nuget",
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/python/lib/dependabot/python/file_fetcher.rb#L463
       PackageEcosystems::PIP => "pip",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/pub/lib/dependabot/pub/file_fetcher.rb#L46
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/pub/lib/dependabot/pub/file_fetcher.rb#L58
       PackageEcosystems::PUB => "pub",
-      # https://github.com/dependabot/dependabot-core/blob/v0.212.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L90-L91
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L111-L112
       PackageEcosystems::TERRAFORM => "terraform"
     }.freeze
 
@@ -141,7 +144,16 @@ module Dependabot
       PackageManagers::GRADLE => PackageEcosystems::GRADLE,
       PackageManagers::MAVEN => PackageEcosystems::MAVEN,
       PackageManagers::NPM => PackageEcosystems::NPM,
-      PackageManagers::NUGET => PackageEcosystems::NUGET,
+      # TODO: NuGets file fetcher utility within dependabot since this was last
+      # updated has been heavily geared, far more than any other file fetcher,
+      # to a state where it expects to be running within the service container
+      # e.g. the NuGet file fetcher requires several env vars with little to no
+      # explanation, it attempts to install .Net SDKs, and run pwsh scripts via
+      # calling out of the ruby program to a subshell. I've tried a few methods
+      # for circumventing it similar to the way I've patched the other fetchers
+      # in the past, but none of them worked, and I'm just updating the version
+      # here before archiving this repo because it's already served its purpose
+      # PackageManagers::NUGET => PackageEcosystems::NUGET,
       PackageManagers::PIP => PackageEcosystems::PIP,
       PackageManagers::PIPENV => PackageEcosystems::PIP,
       PackageManagers::PIP_COMPILE => PackageEcosystems::PIP,

data/lib/dependabot/linguist/languages_to_patch.txt

@@ -30,6 +30,7 @@ Kotlin
 Objective-C++
 PHP
 Python
+Pip Requirements
 Ruby
 Rust
 Scala

data/lib/dependabot/linguist/linguist_patch.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 # Direct the requiring of the files that patch linguist via this.
-# https://github.com/github/linguist/tree/v7.23.0
+# https://github.com/github/linguist/tree/v9.0.0
 
 require_relative "language"

data/lib/dependabot/linguist/repository.rb

@@ -5,6 +5,7 @@ require_relative "linguist_patch"
 require_relative "languages_to_ecosystems/main"
 require "dependabot/source"
 require "dependabot/errors"
+require "dependabot/shared_helpers"
 require "dependabot/omnibus"
 require_relative "dependabot_patch"
 
@@ -16,7 +17,9 @@ module Dependabot
     # the languages it thought was relevant to each dependabot ecosystem.
     class Repository
       def initialize(repo_path, repo_name, ignore_linguist: 0, verbose: false)
-        @repo_path = repo_path.chomp.delete_suffix("/")
+        @repo_path = repo_path.chomp.delete_suffix("/") unless repo_path.nil?
+        # If repo_path is nil, say that the current workdir is the path.
+        @repo_path ||= "."
         @repo_name = repo_name
         begin
           @repo = Rugged::Repository.new(@repo_path)
@@ -24,9 +27,12 @@ module Dependabot
           # Either the folder doesn't exist, or it does and doesn't have a `.git/`
           # Try to clone into it, if it's public
           puts "Repository #{@repo_name} not found at #{@repo_path}; falling back to cloning public url"
+          # If the current path isn't empty, make a temporary repository path.
+          @repo_path = "./tmp/#{@repo_name}" unless Dir.empty? @repo_path
+          puts "Cloning https://github.com/#{@repo_name}.git into #{@repo_path}"
           @repo = Rugged::Repository.clone_at("https://github.com/#{@repo_name}.git", @repo_path)
         end
-        @ignore_linguist = [[0, ignore_linguist].max, 2].min
+        @ignore_linguist = ignore_linguist.clamp(0, 2)
         @verbose = verbose
         @linguist = ::Linguist::Repository.new(@repo, @repo.head.target_id)
       end
@@ -212,14 +218,17 @@ module Dependabot
             sources.each do |source|
               fetcher = file_fetcher_class.new(source: source, credentials: [], repo_contents_path: @repo_path, options: enable_options)
               begin
+                # https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/lib/dependabot/file_fetchers/base.rb#L136-L148
                 unless fetcher.files.map(&:name).empty?
                   @directories_per_ecosystem_validated_by_dependabot[package_ecosystem] |= [source.directory]
                   puts "-- Dependency files FOUND for package-ecosystem #{package_ecosystem} at #{source.directory}; #{fetcher.files.map(&:name)}" if @verbose
                 end
+              rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
+                puts "-- Caught a DependabotError, #{e.class}, for package-ecosystem #{package_ecosystem} at #{source.directory}: Context #{e.error_context} + Message :: #{e.message}" if @verbose # rubocop:disable Layout/LineLength
               rescue Dependabot::DependabotError => e
                 # Most of these will be Dependabot::DependencyFileNotFound
                 # or Dependabot::PathDependenciesNotReachable
-                puts "-- Caught a DependabotError, #{e.class}, for package-ecosystem #{package_ecosystem} at #{source.directory}: #{e.message}" if @verbose
+                puts "-- Caught a DependabotError, #{e.class}, for package-ecosystem #{package_ecosystem} at #{source.directory}: Message :: #{e.message}" if @verbose
               end
             end
           end

data/lib/dependabot/linguist/version.rb

@@ -2,6 +2,6 @@
 
 module Dependabot
   module Linguist
-    VERSION = "0.212.1"
+    VERSION = "0.303.0"
   end
 end

metadata

@@ -1,113 +1,154 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-linguist
 version: !ruby/object:Gem::Version
-  version: 0.212.1
+  version: 0.303.0
 platform: ruby
 authors:
 - Nathan Levett
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-11-29 00:00:00.000000000 Z
+date: 2025-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rugged
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.9.0
 - !ruby/object:Gem::Dependency
   name: github-linguist
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.23.0
+        version: 9.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.23.0
+        version: 9.0.0
 - !ruby/object:Gem::Dependency
   name: dependabot-omnibus
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.212.0
+        version: 0.303.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.212.0
+        version: 0.303.0
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.6.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.6.3
+- !ruby/object:Gem::Dependency
+  name: stringio
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.1.5
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '13.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '13.2'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '6.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '6.12'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3.13'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.37'
+        version: '1.73'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.37'
+        version: '1.73'
 description: |-
   Use linguist to check the contents of a repository,
     and then scan for dependabot-core ecosystems relevant to those languages!
@@ -118,8 +159,10 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".nvmrc"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
@@ -137,7 +180,7 @@ files:
 - lib/dependabot/linguist.rb
 - lib/dependabot/linguist/dependabot_file_validator.rb
 - lib/dependabot/linguist/dependabot_patch.rb
-- lib/dependabot/linguist/file_fetchers/base.rb
+- lib/dependabot/linguist/file_fetchers/bundler.rb
 - lib/dependabot/linguist/file_fetchers/git_submodules.rb
 - lib/dependabot/linguist/file_fetchers/go_modules.rb
 - lib/dependabot/linguist/language.rb
@@ -157,7 +200,7 @@ licenses:
 metadata:
   homepage_uri: https://skenvy.github.io/dependabot-linguist
   source_code_uri: https://github.com/Skenvy/dependabot-linguist/tree/main/
-post_install_message:
+  github_repo: https://github.com/Skenvy/dependabot-linguist
 rdoc_options: []
 require_paths:
 - lib
@@ -165,15 +208,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 3.3.7
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.6.5
 specification_version: 4
 summary: Automate generating dependabot config with linguist and dependabot-core!
 test_files: []

data/lib/dependabot/linguist/file_fetchers/base.rb

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-
-#########################################################################################
-# _____                            _       _           _     _____      _       _       #
-# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
-# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
-# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
-# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
-# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
-#             | |                                                                       #
-#             |_|                                                                       #
-#########################################################################################
-
-# Patches the class Dependabot::FileFetchers::Base that all file fetching classes sub class.
-# https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/base.rb
-
-# cloned_commit was added in 0.213.0; so we need to patch it in for 0.212.0 with an edit that
-# removes the `SharedHelpers.with_git_configured(credentials: credentials) do` wrap
-
-require "dependabot/file_fetchers"
-
-# rubocop:disable Style/Documentation
-
-module Dependabot
-  module FileFetchers
-    class Base
-      def cloned_commit
-        return if repo_contents_path.nil? || !File.directory?(File.join(repo_contents_path, ".git"))
-        Dir.chdir(repo_contents_path) do
-          return SharedHelpers.run_shell_command("git rev-parse HEAD")&.strip
-        end
-      end
-
-      def commit
-        return cloned_commit if cloned_commit
-        return source.commit if source.commit
-        branch = target_branch || default_branch_for_repo
-        @commit ||= client_for_provider.fetch_commit(repo, branch)
-      rescue *CLIENT_NOT_FOUND_ERRORS
-        raise Dependabot::BranchNotFound, branch
-      rescue Octokit::Conflict => e
-        raise unless e.message.include?("Repository is empty")
-      end
-    end
-  end
-end
-
-# rubocop:enable Style/Documentation