dependabot-linguist 0.217.0 → 0.303.0

data/README.md

@@ -2,10 +2,16 @@
 Use [linguist](https://github.com/github/linguist) to check the contents of a **local** repository, and then scan for [dependabot-core](https://github.com/dependabot/dependabot-core) ecosystems relevant to those languages! With the list of [ecosystems](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) present in a repository, add a [dependabot.y[a]ml](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) ([configuration file](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)).
 ## Getting Started
 ### [Linguist dependencies](https://github.com/github/linguist#dependencies);
-Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/README.md).
+Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/lib/dependabot/file_fetchers/README.md).
 ```bash
 sudo apt-get install build-essential cmake pkg-config libicu-dev zlib1g-dev libcurl4-openssl-dev libssl-dev ruby-dev
 ```
+### Dependabot dependencies;
+The `npm`/`yarn` module requires [`corepack`](https://www.npmjs.com/package/corepack), so it will be necessary to install, either with npm or yarn. Ensuring you have the _right version_ of `corepack` is important. Your best bet is to ensure you have the latest version.
+```bash
+nvm install 22 && nvm use 22 && npm i -g corepack@latest
+# you'll need to `nvm use 22` to load that node before running this gem
+```
 ### Install _this_
 [To install the latest from RubyGems](https://rubygems.org/gems/dependabot-linguist);
 ```sh
@@ -22,12 +28,12 @@ bundle add dependabot-linguist
 ```
 Or add the following line to your `Gemfile` manually
 ```ruby
-gem "dependabot-linguist", ">= 0.217.0
+gem "dependabot-linguist", ">= 0.303.0
 ```
 [Add the GitHub hosted gem](https://github.com/Skenvy/dependabot-linguist/packages/1704407);
 ```ruby
 source "https://rubygems.pkg.github.com/skenvy" do
-  gem "dependabot-linguist", ">= 0.217.0"
+  gem "dependabot-linguist", ">= 0.303.0"
 end
 ```
 ### Setup external CLIs
@@ -89,9 +95,31 @@ ignore:
 ```
 ## [RDoc generated docs](https://skenvy.github.io/dependabot-linguist/)
 ## Developing
+### Install Ruby
+You will need to install [rvm](https://rvm.io/) and one of its [ruby binaries](https://rvm.io/binaries/).
+
+You'll also need to set the `RVM_DIR` in your shell profile e.g. [like this](https://github.com/Skenvy/dotfiles/blob/1de61272c588a30b634a03a7d304ef51e40c72f1/.bash_login#L17). RVM will set some basic initialisation in your shell profile, but changing what it sets to instead use `RVM_DIR` like this allows you to install it somewhere other than the default.
+
+The `make setup` in [first time setup](#the-first-time-setup) will install the intended development version for you, but it might not be a precompiled binary, depending on your OS and architecture ~ if it isn't precompiled, contributing your time in compiling to [publish the binary for rvm](https://github.com/rvm/rvm/issues/4921) is probably more worth your time than this lol.
+
+RVM is locally how we manage proctoring the ruby environment. It is not on the [github runners](https://github.com/actions/runner-images), so the make invocations in the workflows set the RVM proctors empty. If you want to manage your own ruby installs you can set `_=''` on each `make ...`.
+
+You should also read the requirements for the gems this uses, see [Linguist dependencies](#linguist-dependencies) and [Dependabot dependencies](#dependabot-dependencies). `Linguist`'s can be acquired with `make preinit` done once. 
+### Install Corepack
+[Dependabot dependencies](#dependabot-dependencies) are managed in this project via [`nvm`](https://github.com/nvm-sh/nvm), so `corepack` can be loaded into every subshell the `Makefile` spawns. If you don't want to install `nvm` but would rather manage your own `corepack` install, set `__=''` on each `make ...`.
+
+For the currently targetted version of `dependabot` that this is using, the existing reference versions of `corepack` are;
+* [bun/Dockerfile](https://github.com/dependabot/dependabot-core/blob/v0.303.0/bun/Dockerfile#L4)
+* [npm_and_yarn/Dockerfile](https://github.com/dependabot/dependabot-core/blob/v0.303.0/npm_and_yarn/Dockerfile#L4)
+
+Both currently (as of writing) set their `corepack` version to `0.31.0`. However, it's possible for the changes in versions in `corepack` to outstrip the rate of changes of this gem, so don't rely on _this_ to determine what the most suitable version of `corepack` is.
+
+> [!CAUTION]
+> `make setup` / `initialise` / `initialise_corepack` will install to your _global_ `node`. If you're using the recommended `nvm` then each `node` install can be treated eseentially ephemeral. If you aren't using `nvm`, this might hijack your global `corepack` install.
 ### The first time setup
+If you have `rvm` and `nvm` installed and you have `apt`, you should be able to;
 ```sh
-git clone https://github.com/Skenvy/dependabot-linguist.git && cd dependabot-linguist && make setup
+git clone https://github.com/Skenvy/dependabot-linguist.git && cd dependabot-linguist && make preinit && make setup
 ```
 ### Iterative development
 The majority of `make` recipes for this are just wrapping a `bundle` invocation of `rake`.

data/SECURITY.md

@@ -4,6 +4,7 @@ The `<major>.<minor>.*` versions of this are pinned to the **supported** `<major
 * Support version `0.212.0`, centric to [dependabot-common@0.212.0](https://rubygems.org/gems/dependabot-common/versions/0.212.0)
     * This is because this is the last version to support a Ruby version of `2.7.0`.
 * Support version `0.217.0`, centric to [dependabot-common@0.217.0](https://rubygems.org/gems/dependabot-common/versions/0.217.0)
+* Version `0.303.0` is a partial update to [dependabot-common@0.303.0](https://rubygems.org/gems/dependabot-common/versions/0.303.0)
 
 Bugs present in only the most recent pinned minor version may be patched and contribute to successive patch versions. If a bug exists in an older version and no longer exists in a newer version, it is suggested to update to the newer version. As the underlying package this wraps, dependabot[-omnibus], is a live service, it makes sense for this to only roll forward.
 ## Reporting a Vulnerability

data/dependabot-linguist.gemspec

@@ -12,11 +12,12 @@ Gem::Specification.new do |spec|
   spec.description = "Use linguist to check the contents of a repository,
   and then scan for dependabot-core ecosystems relevant to those languages!"
   spec.homepage = "https://skenvy.github.io/dependabot-linguist"
-  # https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/dependabot-common.gemspec#L23-L24
+  # https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/dependabot-common.gemspec#L23-L24
   spec.required_ruby_version = ">= 3.1.0"
   spec.required_rubygems_version = ">= 3.3.7"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "https://github.com/Skenvy/dependabot-linguist/tree/main/"
+  spec.metadata["github_repo"] = "https://github.com/Skenvy/dependabot-linguist"
 
   spec.require_paths = ["lib"]
   spec.files = Dir.chdir(__dir__) do
@@ -27,17 +28,24 @@ Gem::Specification.new do |spec|
   spec.bindir = "exe"
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
 
-  spec.add_dependency "rugged", "1.6.3"
-  spec.add_dependency "github-linguist", "7.25.0"
+  spec.add_dependency "rugged", "1.9.0"
+  spec.add_dependency "github-linguist", "9.0.0"
   # All ecosystem gems from https://rubygems.org/profiles/dependabot can be
-  # required via https://rubygems.org/gems/dependabot-omnibus/versions/0.217.0
+  # required via https://rubygems.org/gems/dependabot-omnibus/versions/0.303.0
   # which will include all dependencies of omnibus (16 ecosystems and common).
-  # https://github.com/dependabot/dependabot-core/blob/v0.217.0/omnibus/dependabot-omnibus.gemspec#L29-L45
-  spec.add_dependency "dependabot-omnibus", "0.217.0"
+  # https://github.com/dependabot/dependabot-core/blob/v0.303.0/omnibus/dependabot-omnibus.gemspec#L29-L52
+  spec.add_dependency "dependabot-omnibus", "0.303.0"
+  # We can't update from this json version without getting some weird
+  # uninitialized constant Dependabot::FileFetchers::Base::OpenStruct
+  # ~= https://github.com/ruby/json/compare/v2.7.1...v2.7.2 but idk
+  # But also dependabot-* >= 0.238.0 introduce requiring json < 2.7
+  spec.add_dependency "json", "2.6.3"
+  # stringio (>= 0) leads to ambiguous spec so lock it too.
+  spec.add_dependency "stringio", "3.1.5"
 
-  # spec.add_development_dependency "aruba", "~> 2.1" # TODO
-  spec.add_development_dependency "rake", "~> 13.0"
-  spec.add_development_dependency "rdoc", "~> 6.0"
-  spec.add_development_dependency "rspec", "~> 3.12"
-  spec.add_development_dependency "rubocop", "~> 1.37"
+  spec.add_development_dependency "aruba", "~> 2.3"
+  spec.add_development_dependency "rake", "~> 13.2"
+  spec.add_development_dependency "rdoc", "~> 6.12"
+  spec.add_development_dependency "rspec", "~> 3.13"
+  spec.add_development_dependency "rubocop", "~> 1.73"
 end

data/lib/dependabot/linguist/dependabot_patch.rb

@@ -12,8 +12,8 @@
 #########################################################################################
 
 # Direct the requiring of the files that patch dependabot via this.
-# The current target version for dependabot is 0.217.0
-# https://github.com/dependabot/dependabot-core/tree/v0.217.0
+# The current target version for dependabot is 0.303.0
+# https://github.com/dependabot/dependabot-core/tree/v0.303.0
 
 require_relative "file_fetchers/bundler"
 require_relative "file_fetchers/go_modules"

data/lib/dependabot/linguist/file_fetchers/bundler.rb

@@ -37,7 +37,7 @@ require "dependabot/bundler"
 module Dependabot
   module Bundler
     class FileFetcher
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L148-L150
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L162-L165
       def path_gemspec_paths
         swap_bundle_gemfile = ENV.fetch("BUNDLE_GEMFILE", nil)
         repo_dir_gemfile = "#{@repo_contents_path}#{source.directory}/Gemfile"

data/lib/dependabot/linguist/file_fetchers/git_submodules.rb

@@ -36,9 +36,9 @@
 # So we need to be more cautious with this and check it first.
 
 # Dependabot::FileFetchers::Base.load_cloned_file_if_present
-# https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/base.rb#L135-L155
+# https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/lib/dependabot/file_fetchers/base.rb#L218-L240
 # Dependabot::FileFetchers::Base.fetch_file_if_present
-# https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/base.rb#L111-L133
+# https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/lib/dependabot/file_fetchers/base.rb#L194-L216
 
 require "dependabot/errors"
 require "dependabot/git_submodules"
@@ -48,13 +48,13 @@ require "dependabot/git_submodules"
 module Dependabot
   module GitSubmodules
     class FileFetcher
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L21-L26
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L26-L32
       def fetch_files
         raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, ".gitmodules")).cleanpath.to_path) if gitmodules_file.nil?
         [gitmodules_file]
       end
 
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L28-L30
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L36-L43
       def gitmodules_file
         @gitmodules_file ||= fetch_file_if_present(".gitmodules")
       end

data/lib/dependabot/linguist/file_fetchers/go_modules.rb

@@ -27,7 +27,7 @@ require "dependabot/go_modules"
 module Dependabot
   module GoModules
     class FileFetcher
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L30-L50
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L33-L46
       def fetch_files
         raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "go.mod")).cleanpath.to_path) if go_mod.nil?
         fetched_files = [go_mod]

data/lib/dependabot/linguist/language.rb

@@ -25,14 +25,14 @@
 # Patching either Linguist::LazyBlob::git_attributes or
 # Linguist::LazyBlob::vendored? would be too cumbersome.
 # It also seems easier than duplicating the vendor patterns from
-# https://github.com/github/linguist/blob/v7.25.0/lib/linguist/vendor.yml
+# https://github.com/github/linguist/blob/v9.0.0/lib/linguist/vendor.yml
 
 require "linguist"
 
 # rubocop:disable Style/Documentation
 
 module Linguist
-  # https://github.com/github/linguist/blob/v7.25.0/lib/linguist/language.rb
+  # https://github.com/github/linguist/blob/v9.0.0/lib/linguist/language.rb
 
   class Language
     def ungroup_language
@@ -58,7 +58,7 @@ module Linguist
   end
 
   module BlobHelper
-    # https://github.com/github/linguist/blob/v7.25.0/lib/linguist/blob_helper.rb#L220
+    # https://github.com/github/linguist/blob/v9.0.0/lib/linguist/blob_helper.rb#L220
     VendoredRegexp = Regexp.new(VendoredRegexp.source.gsub("(^|/)\\.gitmodules$|", "").gsub("|(^|/)\\.github/", ""))
   end
 end

data/lib/dependabot/linguist/languages_to_ecosystems/contexts.rb

@@ -8,7 +8,7 @@
 # as it's source directory is not the directory it is valid to "fetch" from.
 
 # For a list of "linguist languages", see
-# https://github.com/github/linguist/blob/v7.25.0/lib/linguist/languages.yml
+# https://github.com/github/linguist/blob/v9.0.0/lib/linguist/languages.yml
 
 require_relative "manager_ecosystem_maps"
 
@@ -61,7 +61,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::BUNDLER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L24
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L22-L32
       "Gemfile.lock", # Gemfile.lock
       "Ruby" # Gemfile or .gemspec
     ]
@@ -70,7 +70,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::CARGO][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L20-L26
       "TOML" # Cargo.toml and Cargo.lock
     ]
     CONTEXT_RULES[PackageManagers::CARGO][ContextRule::PRIMARY_LANGUAGES] = ["Rust"]
@@ -78,7 +78,8 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/composer/lib/dependabot/composer/file_fetcher.rb#L16-L18
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/composer/lib/dependabot/composer/file_fetcher.rb#L18-L24
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/composer/lib/dependabot/composer/package_manager.rb#L16
       "JSON" # composer.json and composer.lock
     ]
     CONTEXT_RULES[PackageManagers::COMPOSER][ContextRule::PRIMARY_LANGUAGES] = ["PHP"]
@@ -86,7 +87,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::DOCKER][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/docker/lib/dependabot/docker/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/docker/lib/dependabot/docker/file_fetcher.rb#L19-L28
       "Dockerfile", # Dockerfile
       "YAML" # .yaml, if kubernetes option is set
     ]
@@ -95,7 +96,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::HEX][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/hex/lib/dependabot/hex/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/hex/lib/dependabot/hex/file_fetcher.rb#L20-L28
       "Elixir" # mix.lock and mix.exs by extension
     ]
     CONTEXT_RULES[PackageManagers::HEX][ContextRule::PRIMARY_LANGUAGES] = ["Elixir"]
@@ -103,7 +104,8 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/elm/lib/dependabot/elm/file_fetcher.rb#L13-L15
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/elm/lib/dependabot/elm/file_fetcher.rb#L14-L22
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/elm/lib/dependabot/elm/package_manager.rb#L14
       "JSON" # elm-package.json or an elm.json, only seeks via .json extension though.
     ]
     CONTEXT_RULES[PackageManagers::ELM_PACKAGE][ContextRule::PRIMARY_LANGUAGES] = ["Elm"]
@@ -111,7 +113,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L16-L24
       "Git Config" # ".gitmodules"
     ]
     CONTEXT_RULES[PackageManagers::GIT_SUBMODULE][ContextRule::PRIMARY_LANGUAGES] = []
@@ -119,7 +121,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L16-L24
       # "YAML", but this is handled without linguist
     ]
     CONTEXT_RULES[PackageManagers::GITHUB_ACTIONS][ContextRule::PRIMARY_LANGUAGES] = []
@@ -127,7 +129,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L13-L15
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L14-L22
       "Go Checksums", # go.sum
       "Go Module" # go.mod
     ]
@@ -135,7 +137,7 @@ module Dependabot
     CONTEXT_RULES[PackageManagers::GO_MODULES][ContextRule::RELEVANT_LANGUAGES] = []
 
     CONTEXT_RULES[PackageManagers::GRADLE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L27-L29
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L44-L54
       "Gradle", # for any `.gradle` file
       "Kotlin" # for any `.kts` file"
     ]
@@ -145,7 +147,7 @@ module Dependabot
     ]
 
     CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/maven/lib/dependabot/maven/file_fetcher.rb#L17-L19
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/maven/lib/dependabot/maven/file_fetcher.rb#L19-L27
       "Maven POM" # for `pom.xml` files
     ]
     CONTEXT_RULES[PackageManagers::MAVEN][ContextRule::PRIMARY_LANGUAGES] = []
@@ -155,7 +157,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::NPM][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L31-L33
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L35-L43
       "JSON", # "package.json" or "package-lock.json" or "npm-shrinkwrap.json" but only by extension
       "NPM Config" # ".npmrc"
     ]
@@ -164,7 +166,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::NUGET][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L20-L22
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L17-L25
       "XML" # .csproj, .vbproj and .fsproj
       # Nothing looks for a packages.config
     ]
@@ -173,8 +175,9 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIP][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/python/lib/dependabot/python/file_fetcher.rb#L26-L46
       # Besides the other pip related package managers, there is no language for `requirements` files. RIP.
+      "Pip Requirements", # Added in https://github.com/github-linguist/linguist/pull/6739 to specifically match what this pkg mngr is about
       "Text" # for `.txt`
     ]
     CONTEXT_RULES[PackageManagers::PIP][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
@@ -182,7 +185,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIPENV][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/python/lib/dependabot/python/file_fetcher.rb#L26-L46
       "JSON", # Pipfile.lock
       "TOML" # Pipfile
     ]
@@ -191,7 +194,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/python/lib/dependabot/python/file_fetcher.rb#L26-L46
       # Already captured by the other pip related package manager paths
     ]
     CONTEXT_RULES[PackageManagers::PIP_COMPILE][ContextRule::PRIMARY_LANGUAGES] = ["Python"]
@@ -199,7 +202,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::POETRY][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L35-L38
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/python/lib/dependabot/python/file_fetcher.rb#L26-L46
       # pyproject.lock has none and setup.py is vague.
       "TOML" # poetry.lock and pyproject.toml by extension
     ]
@@ -208,7 +211,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::PUB][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/pub/lib/dependabot/pub/file_fetcher.rb#L15-L17
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/pub/lib/dependabot/pub/file_fetcher.rb#L16-L24
       "YAML" # pubspec.yaml, but only by extension.
     ]
     CONTEXT_RULES[PackageManagers::PUB][ContextRule::PRIMARY_LANGUAGES] = ["Dart"]
@@ -216,7 +219,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L19-L21
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L21-L29
       "HCL" # .tf and .hcl
     ]
     CONTEXT_RULES[PackageManagers::TERRAFORM][ContextRule::PRIMARY_LANGUAGES] = []
@@ -224,7 +227,7 @@ module Dependabot
 
     ##
     CONTEXT_RULES[PackageManagers::YARN][ContextRule::FETCH_FILES] = [
-      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L31-L33
+      # https://github.com/dependabot/dependabot-core/blob/v0.303.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L35-L43
       "YAML" # yarn.lock
     ]
     CONTEXT_RULES[PackageManagers::YARN][ContextRule::PRIMARY_LANGUAGES] = ["JavaScript", "TypeScript"]

data/lib/dependabot/linguist/languages_to_ecosystems/contexts_applied.rb

@@ -21,7 +21,7 @@ module Dependabot
     LANGUAGE_TO_PACKAGE_MANAGER = languages.to_h { |name, _| [name, nil] }.tap do |this|
       # Now apply the context rules to "this"
       CONTEXT_RULES.each do |package_manager, context_map|
-        context_map.each do |_context_rule, linguist_languages|
+        context_map.each_value do |linguist_languages|
           linguist_languages.each do |linguist_language|
             if this[linguist_language].nil?
               this[linguist_language] = [package_manager]