dependabot-linguist 0.217.0 → 0.303.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. checksums.yaml +4 -4
  2. data/.nvmrc +1 -0
  3. data/.rubocop.yml +100 -7
  4. data/.ruby-version +1 -0
  5. data/CONTRIBUTING.md +2 -0
  6. data/Gemfile.lock +261 -145
  7. data/Makefile +90 -18
  8. data/README.md +32 -4
  9. data/SECURITY.md +1 -0
  10. data/dependabot-linguist.gemspec +19 -11
  11. data/lib/dependabot/linguist/dependabot_patch.rb +2 -2
  12. data/lib/dependabot/linguist/file_fetchers/bundler.rb +1 -1
  13. data/lib/dependabot/linguist/file_fetchers/git_submodules.rb +4 -4
  14. data/lib/dependabot/linguist/file_fetchers/go_modules.rb +1 -1
  15. data/lib/dependabot/linguist/language.rb +3 -3
  16. data/lib/dependabot/linguist/languages_to_ecosystems/contexts.rb +24 -21
  17. data/lib/dependabot/linguist/languages_to_ecosystems/contexts_applied.rb +1 -1
  18. data/lib/dependabot/linguist/languages_to_ecosystems/languages.yaml +672 -42
  19. data/lib/dependabot/linguist/languages_to_ecosystems/manager_ecosystem_maps.rb +33 -21
  20. data/lib/dependabot/linguist/languages_to_patch.txt +1 -0
  21. data/lib/dependabot/linguist/linguist_patch.rb +1 -1
  22. data/lib/dependabot/linguist/repository.rb +5 -1
  23. data/lib/dependabot/linguist/version.rb +1 -1
  24. metadata +62 -20
data/lib/dependabot/linguist/languages_to_ecosystems/manager_ecosystem_maps.rb CHANGED
@@ -4,10 +4,12 @@
4
4
  # subsequently to the "file fetcher registry keys"
5
5
 
6
6
  # For the list of package managers and which ecosystems they map to, see
7
- # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
7
+ # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-
8
+ # TODO: This project is still only using the package managers that existed in
9
+ # version 0.217.0 -- it still needs to be updated to include those added since
8
10
 
9
11
  # For the file_fetchers' register function, whose keys we map to, see
10
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers.rb#L14-L16
12
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/lib/dependabot/file_fetchers.rb#L21-L24
11
13
 
12
14
  module Dependabot
13
15
  module Linguist
@@ -80,7 +82,7 @@ module Dependabot
80
82
  MAVEN = "maven"
81
83
  MIX = "mix"
82
84
  NPM = "npm"
83
- NUGET = "nuget"
85
+ # NUGET = "nuget"
84
86
  PIP = "pip"
85
87
  PUB = "pub"
86
88
  TERRAFORM = "terraform"
@@ -92,37 +94,38 @@ module Dependabot
92
94
  # so each mapping |K,V| element should have a comment linking to the place
93
95
  # that its value was registered!
94
96
  PACKAGE_ECOSYSTEM_TO_FILE_FETCHERS_REGISTRY_KEY = {
95
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L225
97
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L253
96
98
  PackageEcosystems::BUNDLER => "bundler",
97
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L324
99
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/cargo/lib/dependabot/cargo/file_fetcher.rb#L410
98
100
  PackageEcosystems::CARGO => "cargo",
99
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/composer/lib/dependabot/composer/file_fetcher.rb#L183
101
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/composer/lib/dependabot/composer/file_fetcher.rb#L241
100
102
  PackageEcosystems::COMPOSER => "composer",
101
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/docker/lib/dependabot/docker/file_fetcher.rb#L101
103
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/docker/lib/dependabot/docker/file_fetcher.rb#L77
102
104
  PackageEcosystems::DOCKER => "docker",
103
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/elm/lib/dependabot/elm/file_fetcher.rb#L46
105
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/elm/lib/dependabot/elm/file_fetcher.rb#L50
104
106
  PackageEcosystems::ELM => "elm",
105
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L79-L80
107
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/github_actions/lib/dependabot/github_actions/file_fetcher.rb#L106-L107
106
108
  PackageEcosystems::GITHUB_ACTIONS => "github_actions",
107
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L88-L89
109
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/git_submodules/lib/dependabot/git_submodules/file_fetcher.rb#L111-L112
108
110
  PackageEcosystems::GIT_SUBMODULE => "submodules",
109
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L67-L68
111
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/go_modules/lib/dependabot/go_modules/file_fetcher.rb#L63-L64
110
112
  PackageEcosystems::GOMOD => "go_modules",
111
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L176
113
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/gradle/lib/dependabot/gradle/file_fetcher.rb#L203
112
114
  PackageEcosystems::GRADLE => "gradle",
113
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/maven/lib/dependabot/maven/file_fetcher.rb#L162
115
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/maven/lib/dependabot/maven/file_fetcher.rb#L179
114
116
  PackageEcosystems::MAVEN => "maven",
115
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/hex/lib/dependabot/hex/file_fetcher.rb#L97
117
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/hex/lib/dependabot/hex/file_fetcher.rb#L114
116
118
  PackageEcosystems::MIX => "hex",
117
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L527-L528
119
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb#L737-L738
120
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb#L18
118
121
  PackageEcosystems::NPM => "npm_and_yarn",
119
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L278
120
- PackageEcosystems::NUGET => "nuget",
121
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/python/lib/dependabot/python/file_fetcher.rb#L418
122
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/nuget/lib/dependabot/nuget/file_fetcher.rb#L46
123
+ # PackageEcosystems::NUGET => "nuget",
124
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/python/lib/dependabot/python/file_fetcher.rb#L463
122
125
  PackageEcosystems::PIP => "pip",
123
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/pub/lib/dependabot/pub/file_fetcher.rb#L46
126
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/pub/lib/dependabot/pub/file_fetcher.rb#L58
124
127
  PackageEcosystems::PUB => "pub",
125
- # https://github.com/dependabot/dependabot-core/blob/v0.217.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L90-L91
128
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/terraform/lib/dependabot/terraform/file_fetcher.rb#L111-L112
126
129
  PackageEcosystems::TERRAFORM => "terraform"
127
130
  }.freeze
128
131
 
@@ -141,7 +144,16 @@ module Dependabot
141
144
  PackageManagers::GRADLE => PackageEcosystems::GRADLE,
142
145
  PackageManagers::MAVEN => PackageEcosystems::MAVEN,
143
146
  PackageManagers::NPM => PackageEcosystems::NPM,
144
- PackageManagers::NUGET => PackageEcosystems::NUGET,
147
+ # TODO: NuGets file fetcher utility within dependabot since this was last
148
+ # updated has been heavily geared, far more than any other file fetcher,
149
+ # to a state where it expects to be running within the service container
150
+ # e.g. the NuGet file fetcher requires several env vars with little to no
151
+ # explanation, it attempts to install .Net SDKs, and run pwsh scripts via
152
+ # calling out of the ruby program to a subshell. I've tried a few methods
153
+ # for circumventing it similar to the way I've patched the other fetchers
154
+ # in the past, but none of them worked, and I'm just updating the version
155
+ # here before archiving this repo because it's already served its purpose
156
+ # PackageManagers::NUGET => PackageEcosystems::NUGET,
145
157
  PackageManagers::PIP => PackageEcosystems::PIP,
146
158
  PackageManagers::PIPENV => PackageEcosystems::PIP,
147
159
  PackageManagers::PIP_COMPILE => PackageEcosystems::PIP,
data/lib/dependabot/linguist/languages_to_patch.txt CHANGED
@@ -30,6 +30,7 @@ Kotlin
30
30
  Objective-C++
31
31
  PHP
32
32
  Python
33
+ Pip Requirements
33
34
  Ruby
34
35
  Rust
35
36
  Scala
data/lib/dependabot/linguist/linguist_patch.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  # Direct the requiring of the files that patch linguist via this.
4
- # https://github.com/github/linguist/tree/v7.25.0
4
+ # https://github.com/github/linguist/tree/v9.0.0
5
5
 
6
6
  require_relative "language"
data/lib/dependabot/linguist/repository.rb CHANGED
@@ -5,6 +5,7 @@ require_relative "linguist_patch"
5
5
  require_relative "languages_to_ecosystems/main"
6
6
  require "dependabot/source"
7
7
  require "dependabot/errors"
8
+ require "dependabot/shared_helpers"
8
9
  require "dependabot/omnibus"
9
10
  require_relative "dependabot_patch"
10
11
 
@@ -217,14 +218,17 @@ module Dependabot
217
218
  sources.each do |source|
218
219
  fetcher = file_fetcher_class.new(source: source, credentials: [], repo_contents_path: @repo_path, options: enable_options)
219
220
  begin
221
+ # https://github.com/dependabot/dependabot-core/blob/v0.303.0/common/lib/dependabot/file_fetchers/base.rb#L136-L148
220
222
  unless fetcher.files.map(&:name).empty?
221
223
  @directories_per_ecosystem_validated_by_dependabot[package_ecosystem] |= [source.directory]
222
224
  puts "-- Dependency files FOUND for package-ecosystem #{package_ecosystem} at #{source.directory}; #{fetcher.files.map(&:name)}" if @verbose
223
225
  end
226
+ rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
227
+ puts "-- Caught a DependabotError, #{e.class}, for package-ecosystem #{package_ecosystem} at #{source.directory}: Context #{e.error_context} + Message :: #{e.message}" if @verbose # rubocop:disable Layout/LineLength
224
228
  rescue Dependabot::DependabotError => e
225
229
  # Most of these will be Dependabot::DependencyFileNotFound
226
230
  # or Dependabot::PathDependenciesNotReachable
227
- puts "-- Caught a DependabotError, #{e.class}, for package-ecosystem #{package_ecosystem} at #{source.directory}: #{e.message}" if @verbose
231
+ puts "-- Caught a DependabotError, #{e.class}, for package-ecosystem #{package_ecosystem} at #{source.directory}: Message :: #{e.message}" if @verbose
228
232
  end
229
233
  end
230
234
  end
data/lib/dependabot/linguist/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Dependabot
4
4
  module Linguist
5
- VERSION = "0.217.0"
5
+ VERSION = "0.303.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-linguist
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.217.0
4
+ version: 0.303.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Levett
8
- autorequire:
9
8
  bindir: exe
10
9
  cert_chain: []
11
- date: 2023-05-15 00:00:00.000000000 Z
10
+ date: 2025-04-02 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: rugged
@@ -16,98 +15,140 @@ dependencies:
16
15
  requirements:
17
16
  - - '='
18
17
  - !ruby/object:Gem::Version
19
- version: 1.6.3
18
+ version: 1.9.0
20
19
  type: :runtime
21
20
  prerelease: false
22
21
  version_requirements: !ruby/object:Gem::Requirement
23
22
  requirements:
24
23
  - - '='
25
24
  - !ruby/object:Gem::Version
26
- version: 1.6.3
25
+ version: 1.9.0
27
26
  - !ruby/object:Gem::Dependency
28
27
  name: github-linguist
29
28
  requirement: !ruby/object:Gem::Requirement
30
29
  requirements:
31
30
  - - '='
32
31
  - !ruby/object:Gem::Version
33
- version: 7.25.0
32
+ version: 9.0.0
34
33
  type: :runtime
35
34
  prerelease: false
36
35
  version_requirements: !ruby/object:Gem::Requirement
37
36
  requirements:
38
37
  - - '='
39
38
  - !ruby/object:Gem::Version
40
- version: 7.25.0
39
+ version: 9.0.0
41
40
  - !ruby/object:Gem::Dependency
42
41
  name: dependabot-omnibus
43
42
  requirement: !ruby/object:Gem::Requirement
44
43
  requirements:
45
44
  - - '='
46
45
  - !ruby/object:Gem::Version
47
- version: 0.217.0
46
+ version: 0.303.0
48
47
  type: :runtime
49
48
  prerelease: false
50
49
  version_requirements: !ruby/object:Gem::Requirement
51
50
  requirements:
52
51
  - - '='
53
52
  - !ruby/object:Gem::Version
54
- version: 0.217.0
53
+ version: 0.303.0
54
+ - !ruby/object:Gem::Dependency
55
+ name: json
56
+ requirement: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - '='
59
+ - !ruby/object:Gem::Version
60
+ version: 2.6.3
61
+ type: :runtime
62
+ prerelease: false
63
+ version_requirements: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - '='
66
+ - !ruby/object:Gem::Version
67
+ version: 2.6.3
68
+ - !ruby/object:Gem::Dependency
69
+ name: stringio
70
+ requirement: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - '='
73
+ - !ruby/object:Gem::Version
74
+ version: 3.1.5
75
+ type: :runtime
76
+ prerelease: false
77
+ version_requirements: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - '='
80
+ - !ruby/object:Gem::Version
81
+ version: 3.1.5
82
+ - !ruby/object:Gem::Dependency
83
+ name: aruba
84
+ requirement: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - "~>"
87
+ - !ruby/object:Gem::Version
88
+ version: '2.3'
89
+ type: :development
90
+ prerelease: false
91
+ version_requirements: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - "~>"
94
+ - !ruby/object:Gem::Version
95
+ version: '2.3'
55
96
  - !ruby/object:Gem::Dependency
56
97
  name: rake
57
98
  requirement: !ruby/object:Gem::Requirement
58
99
  requirements:
59
100
  - - "~>"
60
101
  - !ruby/object:Gem::Version
61
- version: '13.0'
102
+ version: '13.2'
62
103
  type: :development
63
104
  prerelease: false
64
105
  version_requirements: !ruby/object:Gem::Requirement
65
106
  requirements:
66
107
  - - "~>"
67
108
  - !ruby/object:Gem::Version
68
- version: '13.0'
109
+ version: '13.2'
69
110
  - !ruby/object:Gem::Dependency
70
111
  name: rdoc
71
112
  requirement: !ruby/object:Gem::Requirement
72
113
  requirements:
73
114
  - - "~>"
74
115
  - !ruby/object:Gem::Version
75
- version: '6.0'
116
+ version: '6.12'
76
117
  type: :development
77
118
  prerelease: false
78
119
  version_requirements: !ruby/object:Gem::Requirement
79
120
  requirements:
80
121
  - - "~>"
81
122
  - !ruby/object:Gem::Version
82
- version: '6.0'
123
+ version: '6.12'
83
124
  - !ruby/object:Gem::Dependency
84
125
  name: rspec
85
126
  requirement: !ruby/object:Gem::Requirement
86
127
  requirements:
87
128
  - - "~>"
88
129
  - !ruby/object:Gem::Version
89
- version: '3.12'
130
+ version: '3.13'
90
131
  type: :development
91
132
  prerelease: false
92
133
  version_requirements: !ruby/object:Gem::Requirement
93
134
  requirements:
94
135
  - - "~>"
95
136
  - !ruby/object:Gem::Version
96
- version: '3.12'
137
+ version: '3.13'
97
138
  - !ruby/object:Gem::Dependency
98
139
  name: rubocop
99
140
  requirement: !ruby/object:Gem::Requirement
100
141
  requirements:
101
142
  - - "~>"
102
143
  - !ruby/object:Gem::Version
103
- version: '1.37'
144
+ version: '1.73'
104
145
  type: :development
105
146
  prerelease: false
106
147
  version_requirements: !ruby/object:Gem::Requirement
107
148
  requirements:
108
149
  - - "~>"
109
150
  - !ruby/object:Gem::Version
110
- version: '1.37'
151
+ version: '1.73'
111
152
  description: |-
112
153
  Use linguist to check the contents of a repository,
113
154
  and then scan for dependabot-core ecosystems relevant to those languages!
@@ -118,8 +159,10 @@ executables:
118
159
  extensions: []
119
160
  extra_rdoc_files: []
120
161
  files:
162
+ - ".nvmrc"
121
163
  - ".rspec"
122
164
  - ".rubocop.yml"
165
+ - ".ruby-version"
123
166
  - CODE_OF_CONDUCT.md
124
167
  - CONTRIBUTING.md
125
168
  - Gemfile
@@ -157,7 +200,7 @@ licenses:
157
200
  metadata:
158
201
  homepage_uri: https://skenvy.github.io/dependabot-linguist
159
202
  source_code_uri: https://github.com/Skenvy/dependabot-linguist/tree/main/
160
- post_install_message:
203
+ github_repo: https://github.com/Skenvy/dependabot-linguist
161
204
  rdoc_options: []
162
205
  require_paths:
163
206
  - lib
@@ -172,8 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
172
215
  - !ruby/object:Gem::Version
173
216
  version: 3.3.7
174
217
  requirements: []
175
- rubygems_version: 3.4.12
176
- signing_key:
218
+ rubygems_version: 3.6.5
177
219
  specification_version: 4
178
220
  summary: Automate generating dependabot config with linguist and dependabot-core!
179
221
  test_files: []