dependabot-linguist 0.212.1 → 0.217.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6e4b9d290d48ec36257a2fa25074269e76f9604f8683d6d3883c8dc190c0365
-  data.tar.gz: 2de3d9561c2630dcf5d14f8f6340a7c8c9077d5962b4bd72efe7fa467a8db4bb
+  metadata.gz: 1371e5c85071aefe956fb3ed4cc89d9c361296400858c671086105014c9db81e
+  data.tar.gz: 36d85631d93359a139ba432b5fd41c4e004641bc284d49b23dfbf508d61a3ff7
 SHA512:
-  metadata.gz: 703ba177b6cbcd215ebd918313d58f79d22f25fa62dcba0c698cd83ec0b481906922f718c8498034b71a2f9fd54c76dd5b94ae0f28b3daae4ddd38a692f38b22
-  data.tar.gz: 190889bc78fc791ff520538c397ff5b8f4f7c451903300ac6e309226d2204a2e2f7de97f64653c717425959ce31c202ec0b9ad219495206642853414206fed3a
+  metadata.gz: 56cc248e1f1ef0ea02e58b6606d91112714ae1e2b733367500aa29d644abecafff48dddf255548426dca0099a3ca0b551dbc2e38db726c73ca9b04bc9578c235
+  data.tar.gz: 832b54da74610965a93fdced801412e8cc768d469a02a2140d7b5f50ea9af18de2ff5c9bae06ef2da145dd99ae7b67a45ba32ef196d128e28042d98f2d157fb1

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.7.0
+  TargetRubyVersion: 3.1.0
   UseCache: false
   SuggestExtensions: false
   # NewCops: enable # would silence the recommendation
@@ -11,6 +11,8 @@ AllCops:
 
 Gemspec/DeprecatedAttributeAssignment:
   Enabled: true
+Gemspec/DevelopmentDependencies: # new in 1.44
+  Enabled: true
 Gemspec/OrderedDependencies:
   Enabled: false
 Gemspec/RequireMFA:
@@ -53,6 +55,8 @@ Metrics/BlockNesting:
   Enabled: false
 Metrics/ClassLength:
   Enabled: false
+Metrics/CollectionLiteralLength: # new in 1.47
+  Enabled: true
 Metrics/CyclomaticComplexity:
   Enabled: false
 Metrics/MethodLength:
@@ -76,6 +80,8 @@ Lint/DuplicateBranch:
   Enabled: true
 Lint/DuplicateMagicComment: # new in 1.37
   Enabled: true
+Lint/DuplicateMatchPattern: # new in 1.50
+  Enabled: true
 Lint/DuplicateRegexpCharacterClassElement:
   Enabled: true
 Lint/EmptyBlock:
@@ -116,10 +122,11 @@ Lint/UnexpectedBlockArity:
   Enabled: true
 Lint/UnmodifiedReduceAccumulator:
   Enabled: true
+Lint/UselessRescue: # new in 1.43
+  Enabled: true
 Lint/UselessRuby2Keywords:
   Enabled: true
 
-
 Style/StringLiterals:
   Enabled: true
   EnforcedStyle: double_quotes
@@ -131,10 +138,20 @@ Style/AccessModifierDeclarations:
   AllowModifiersOnSymbols: false
 Style/ArgumentsForwarding:
   Enabled: true
+Style/ArrayIntersect: # new in 1.40
+  Enabled: true
 Style/CollectionCompact:
   Enabled: true
+Style/ComparableClamp: # new in 1.44
+  Enabled: true
+Style/ConcatArrayLiterals: # new in 1.41
+  Enabled: true
 Style/ConditionalAssignment:
   Enabled: false
+Style/DataInheritance: # new in 1.49
+  Enabled: true
+Style/DirEmpty: # new in 1.48
+  Enabled: true
 Style/DocumentDynamicEvalDefinition:
   Enabled: true
 Style/EmptyHeredoc:
@@ -145,6 +162,8 @@ Style/EnvHome:
   Enabled: true
 Style/FetchEnvVar:
   Enabled: true
+Style/FileEmpty: # new in 1.48
+  Enabled: true
 Style/FileRead:
   Enabled: true
 Style/FileWrite:
@@ -155,6 +174,9 @@ Style/HashConversion:
   Enabled: true
 Style/HashExcept:
   Enabled: true
+Style/HashSyntax:
+  Enabled: true
+  EnforcedShorthandSyntax: 'never'
 Style/IfWithBooleanLiteralBranches:
   Enabled: true
 Style/IfUnlessModifier:
@@ -169,8 +191,14 @@ Style/MapCompactWithConditionalBlock:
   Enabled: true
 Style/MapToHash:
   Enabled: true
+Style/MapToSet: # new in 1.42
+  Enabled: true
+Style/MinMaxComparison: # new in 1.42
+  Enabled: true
 Style/MultilineInPatternThen:
   Enabled: true
+Style/MutableConstant:
+  Enabled: true
 Style/NegatedIfElseCondition:
   Enabled: true
 Style/NestedFileDirname:
@@ -195,10 +223,18 @@ Style/QuotedSymbols:
   Enabled: true
 Style/RedundantArgument:
   Enabled: true
+Style/RedundantConstantBase: # new in 1.40
+  Enabled: false
+Style/RedundantDoubleSplatHashBraces: # new in 1.41
+  Enabled: true
 Style/RedundantEach: # new in 1.38
   Enabled: true
+Style/RedundantHeredocDelimiterQuotes: # new in 1.45
+  Enabled: true
 Style/RedundantInitialize:
   Enabled: true
+Style/RedundantLineContinuation: # new in 1.49
+  Enabled: true
 Style/RedundantSelf:
   Enabled: false
 Style/RedundantSelfAssignmentBranch:

data/Gemfile.lock

@@ -1,33 +1,28 @@
 PATH
   remote: .
   specs:
-    dependabot-linguist (0.212.1)
-      dependabot-omnibus (= 0.212.0)
-      github-linguist (= 7.23.0)
-      rugged (~> 1.5.0)
+    dependabot-linguist (0.217.0)
+      dependabot-omnibus (= 0.217.0)
+      github-linguist (= 7.25.0)
+      rugged (= 1.6.3)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.4)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 1.6, < 2)
-      minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.1)
+    addressable (2.8.4)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.668.0)
-    aws-sdk-codecommit (1.52.0)
+    aws-partitions (1.763.0)
+    aws-sdk-codecommit (1.53.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.168.2)
+    aws-sdk-core (3.172.0)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.5)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ecr (1.57.0)
+    aws-sdk-ecr (1.58.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.5.2)
@@ -35,85 +30,87 @@ GEM
     cgi (0.3.6)
     charlock_holmes (0.7.7)
     citrus (3.0.2)
-    commonmarker (0.23.6)
-    concurrent-ruby (1.1.10)
-    dependabot-bundler (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-cargo (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-common (0.212.0)
-      activesupport (>= 6.0.0)
+    commonmarker (0.23.9)
+    dependabot-bundler (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-cargo (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-common (0.217.0)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
       commonmarker (>= 0.20.1, < 0.24.0)
-      docker_registry2 (~> 1.11, >= 1.11.0)
-      excon (~> 0.75)
-      faraday (= 2.5.2)
+      docker_registry2 (~> 1.14)
+      excon (~> 0.96, < 0.100)
+      faraday (= 2.7.4)
+      faraday-retry (= 2.1.0)
       gitlab (= 4.19.0)
       nokogiri (~> 1.8)
-      octokit (>= 4.6, < 6.0)
+      octokit (>= 4.6, < 7.0)
       parser (>= 2.5, < 4.0)
+      psych (~> 5.0)
       toml-rb (>= 1.1.2, < 3.0)
-    dependabot-composer (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-docker (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-elm (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-git_submodules (0.212.0)
-      dependabot-common (= 0.212.0)
+    dependabot-composer (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-docker (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-elm (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-git_submodules (0.217.0)
+      dependabot-common (= 0.217.0)
       parseconfig (~> 1.0, < 1.1.0)
-    dependabot-github_actions (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-go_modules (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-gradle (0.212.0)
-      dependabot-common (= 0.212.0)
-      dependabot-maven (= 0.212.0)
-    dependabot-hex (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-maven (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-npm_and_yarn (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-nuget (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-omnibus (0.212.0)
-      dependabot-bundler (= 0.212.0)
-      dependabot-cargo (= 0.212.0)
-      dependabot-common (= 0.212.0)
-      dependabot-composer (= 0.212.0)
-      dependabot-docker (= 0.212.0)
-      dependabot-elm (= 0.212.0)
-      dependabot-git_submodules (= 0.212.0)
-      dependabot-github_actions (= 0.212.0)
-      dependabot-go_modules (= 0.212.0)
-      dependabot-gradle (= 0.212.0)
-      dependabot-hex (= 0.212.0)
-      dependabot-maven (= 0.212.0)
-      dependabot-npm_and_yarn (= 0.212.0)
-      dependabot-nuget (= 0.212.0)
-      dependabot-pub (= 0.212.0)
-      dependabot-python (= 0.212.0)
-      dependabot-terraform (= 0.212.0)
-    dependabot-pub (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-python (0.212.0)
-      dependabot-common (= 0.212.0)
-    dependabot-terraform (0.212.0)
-      dependabot-common (= 0.212.0)
+    dependabot-github_actions (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-go_modules (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-gradle (0.217.0)
+      dependabot-common (= 0.217.0)
+      dependabot-maven (= 0.217.0)
+    dependabot-hex (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-maven (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-npm_and_yarn (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-nuget (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-omnibus (0.217.0)
+      dependabot-bundler (= 0.217.0)
+      dependabot-cargo (= 0.217.0)
+      dependabot-common (= 0.217.0)
+      dependabot-composer (= 0.217.0)
+      dependabot-docker (= 0.217.0)
+      dependabot-elm (= 0.217.0)
+      dependabot-git_submodules (= 0.217.0)
+      dependabot-github_actions (= 0.217.0)
+      dependabot-go_modules (= 0.217.0)
+      dependabot-gradle (= 0.217.0)
+      dependabot-hex (= 0.217.0)
+      dependabot-maven (= 0.217.0)
+      dependabot-npm_and_yarn (= 0.217.0)
+      dependabot-nuget (= 0.217.0)
+      dependabot-pub (= 0.217.0)
+      dependabot-python (= 0.217.0)
+      dependabot-terraform (= 0.217.0)
+    dependabot-pub (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-python (0.217.0)
+      dependabot-common (= 0.217.0)
+    dependabot-terraform (0.217.0)
+      dependabot-common (= 0.217.0)
     diff-lcs (1.5.0)
-    docker_registry2 (1.12.0)
+    docker_registry2 (1.15.0)
       rest-client (>= 1.8.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    excon (0.94.0)
-    faraday (2.5.2)
+    excon (0.99.0)
+    faraday (2.7.4)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
-    github-linguist (7.23.0)
+    faraday-retry (2.1.0)
+      faraday (~> 2.0)
+    github-linguist (7.25.0)
       cgi
       charlock_holmes (~> 0.7.7)
       mini_mime (~> 1.0)
@@ -124,42 +121,39 @@ GEM
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    httparty (0.20.0)
-      mime-types (~> 3.0)
+    httparty (0.21.0)
+      mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    i18n (1.12.0)
-      concurrent-ruby (~> 1.0)
     jmespath (1.6.2)
-    json (2.6.2)
+    json (2.6.3)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
+    mime-types-data (3.2023.0218.1)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    minitest (5.16.3)
+    mini_portile2 (2.8.2)
     multi_xml (0.6.0)
     netrc (0.11.0)
-    nokogiri (1.13.9)
+    nokogiri (1.14.4)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    nokogiri (1.13.9-x86_64-linux)
+    nokogiri (1.14.4-x86_64-linux)
       racc (~> 1.4)
-    octokit (5.6.1)
+    octokit (6.1.1)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     parallel (1.22.1)
     parseconfig (1.0.8)
-    parser (3.1.2.1)
+    parser (3.2.2.1)
       ast (~> 2.4.1)
-    psych (4.0.6)
+    psych (5.1.0)
       stringio
-    public_suffix (5.0.0)
-    racc (1.6.0)
+    public_suffix (5.0.1)
+    racc (1.6.2)
     rainbow (3.1.1)
     rake (13.0.6)
-    rdoc (6.4.0)
+    rdoc (6.5.0)
       psych (>= 4.0.0)
-    regexp_parser (2.6.1)
+    regexp_parser (2.8.0)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
@@ -179,35 +173,33 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.0)
-    rubocop (1.39.0)
+    rubocop (1.50.2)
       json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.1.2.1)
+      parser (>= 3.2.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.23.0, < 2.0)
+      rubocop-ast (>= 1.28.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.23.0)
-      parser (>= 3.1.1.0)
-    ruby-progressbar (1.11.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
-    rugged (1.5.0.1)
+    rugged (1.6.3)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    stringio (3.0.2)
+    stringio (3.0.5)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     toml-rb (2.2.0)
       citrus (~> 3.0, > 3.0)
-    tzinfo (2.0.5)
-      concurrent-ruby (~> 1.0)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8.2)
-    unicode-display_width (2.3.0)
+    unicode-display_width (2.4.2)
 
 PLATFORMS
   ruby

data/Makefile

@@ -1,4 +1,4 @@
-.PHONY: setup setup_github clean docs docs_view demo test build install push_rubygems push_github
+.PHONY: setup setup_github clean docs docs_view demo test lint build install push_rubygems push_github
 SHELL:=/bin/bash
 
 # Assumes `gem install bundler`
@@ -27,12 +27,14 @@ demo:
 # default (just `rake`) is spec + rubocop, but be pedantic in case this changes.
 test: clean
 	bundle exec rake spec
+
+lint: clean
 	bundle exec rake rubocop
 
 # We can choose from `gem build dependabot-linguist.gemspec` or `bundle exec rake build`.
 # The gem build command creates a ./dependabot-linguist-$VER.gem file, and the rake build
 # (within bundle context) creates a ./pkg/dependabot-linguist-$VER.gem file.
-build: test
+build: test lint
 	bundle exec rake build
 
 # --user-install means no need for sudo or expectation of

data/README.md

@@ -2,7 +2,7 @@
 Use [linguist](https://github.com/github/linguist) to check the contents of a **local** repository, and then scan for [dependabot-core](https://github.com/dependabot/dependabot-core) ecosystems relevant to those languages! With the list of [ecosystems](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) present in a repository, add a [dependabot.y[a]ml](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) ([configuration file](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)).
 ## Getting Started
 ### [Linguist dependencies](https://github.com/github/linguist#dependencies);
-Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.212.0/common/lib/dependabot/file_fetchers/README.md).
+Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/README.md).
 ```bash
 sudo apt-get install build-essential cmake pkg-config libicu-dev zlib1g-dev libcurl4-openssl-dev libssl-dev ruby-dev
 ```
@@ -22,12 +22,12 @@ bundle add dependabot-linguist
 ```
 Or add the following line to your `Gemfile` manually
 ```ruby
-gem "dependabot-linguist", ">= 0.212.0
+gem "dependabot-linguist", ">= 0.217.0
 ```
 [Add the GitHub hosted gem](https://github.com/Skenvy/dependabot-linguist/packages/1704407);
 ```ruby
 source "https://rubygems.pkg.github.com/skenvy" do
-  gem "dependabot-linguist", ">= 0.212.0"
+  gem "dependabot-linguist", ">= 0.217.0"
 end
 ```
 ### Setup external CLIs
@@ -96,4 +96,5 @@ git clone https://github.com/Skenvy/dependabot-linguist.git && cd dependabot-lin
 ### Iterative development
 The majority of `make` recipes for this are just wrapping a `bundle` invocation of `rake`.
 * `make docs` will recreate the RDoc docs
-* `make test` will run both the RSpec tests and the RuboCop linter.
+* `make test` will run the RSpec tests.
+* `make lint` will run the RuboCop linter.

data/SECURITY.md

@@ -1,9 +1,10 @@
 # Security Policy
 ## Supported Versions
 The `<major>.<minor>.*` versions of this are pinned to the **supported** `<major>.<minor>.*` versions of the gems that are published by the [dependabot-core](https://github.com/dependabot/dependabot-core) repository, centric to the [dependabot-common](https://rubygems.org/gems/dependabot-common) gem, with any required patches applied to each supported minor version.
-* Initially this will support version `0.212.0`, centric to [dependabot-common@0.212.0](https://rubygems.org/gems/dependabot-common/versions/0.212.0)
+* Support version `0.212.0`, centric to [dependabot-common@0.212.0](https://rubygems.org/gems/dependabot-common/versions/0.212.0)
     * This is because this is the last version to support a Ruby version of `2.7.0`.
+* Support version `0.217.0`, centric to [dependabot-common@0.217.0](https://rubygems.org/gems/dependabot-common/versions/0.217.0)
 
-Bugs present in any supported pinned version may be patched and contribute to successive patch versions. If a bug exists in an older version and no longer exists in a newer version, it is suggested to update to the newer version.
+Bugs present in only the most recent pinned minor version may be patched and contribute to successive patch versions. If a bug exists in an older version and no longer exists in a newer version, it is suggested to update to the newer version. As the underlying package this wraps, dependabot[-omnibus], is a live service, it makes sense for this to only roll forward.
 ## Reporting a Vulnerability
 Raise a [Security Vulnerability](https://github.com/Skenvy/dependabot-linguist/issues/new?assignees=&labels=security&template=security-vulnerability.yaml) issue.

data/dependabot-linguist.gemspec

@@ -12,7 +12,9 @@ Gem::Specification.new do |spec|
   spec.description = "Use linguist to check the contents of a repository,
   and then scan for dependabot-core ecosystems relevant to those languages!"
   spec.homepage = "https://skenvy.github.io/dependabot-linguist"
-  spec.required_ruby_version = ">= 2.7.0"
+  # https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/dependabot-common.gemspec#L23-L24
+  spec.required_ruby_version = ">= 3.1.0"
+  spec.required_rubygems_version = ">= 3.3.7"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "https://github.com/Skenvy/dependabot-linguist/tree/main/"
 
@@ -25,13 +27,13 @@ Gem::Specification.new do |spec|
   spec.bindir = "exe"
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
 
-  spec.add_dependency "rugged", "~> 1.5.0"
-  spec.add_dependency "github-linguist", "7.23.0"
+  spec.add_dependency "rugged", "1.6.3"
+  spec.add_dependency "github-linguist", "7.25.0"
   # All ecosystem gems from https://rubygems.org/profiles/dependabot can be
-  # required via https://rubygems.org/gems/dependabot-omnibus/versions/0.212.0
+  # required via https://rubygems.org/gems/dependabot-omnibus/versions/0.217.0
   # which will include all dependencies of omnibus (16 ecosystems and common).
-  # https://github.com/dependabot/dependabot-core/blob/v0.212.0/omnibus/dependabot-omnibus.gemspec#L24-L40
-  spec.add_dependency "dependabot-omnibus", "0.212.0"
+  # https://github.com/dependabot/dependabot-core/blob/v0.217.0/omnibus/dependabot-omnibus.gemspec#L29-L45
+  spec.add_dependency "dependabot-omnibus", "0.217.0"
 
   # spec.add_development_dependency "aruba", "~> 2.1" # TODO
   spec.add_development_dependency "rake", "~> 13.0"

data/exe/dependabot-linguist

@@ -12,7 +12,7 @@ require "yaml"
 $VERBOSE = previous_verbose
 
 VERSION = ::Dependabot::Linguist::VERSION
-BANNER = <<~BANNER
+BANNER = <<~BANNER.freeze
 Dependabot Linguist v#{VERSION}
 Detect dependabot ecosystems present for a given git repository, based off using
 linguist to determine the files present, that could be relevant to an ecosystem,

data/lib/dependabot/linguist/dependabot_file_validator.rb

@@ -202,7 +202,9 @@ module Dependabot
       end
 
       def write_new_config
-        File.open("#{@repo.path.delete_suffix("/.git/")}/#{dependabot_file_path}", "w") { |file| file.write(new_config.to_yaml) } if new_config != existing_config
+        full_file_path = "#{@repo.path.delete_suffix("/.git/")}/#{dependabot_file_path}"
+        FileUtils.mkdir_p File.dirname(full_file_path)
+        File.open(full_file_path, "w") { |file| file.write(new_config.to_yaml) } if new_config != existing_config
       end
 
       # The expected environment to run this final step in should have 'git' AND

data/lib/dependabot/linguist/dependabot_patch.rb

@@ -1,8 +1,20 @@
 # frozen_string_literal: true
 
+#########################################################################################
+# _____                            _       _           _     _____      _       _       #
+# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
+# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
+# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
+# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
+# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
+#             | |                                                                       #
+#             |_|                                                                       #
+#########################################################################################
+
 # Direct the requiring of the files that patch dependabot via this.
-# https://github.com/dependabot/dependabot-core/tree/v0.212.0
+# The current target version for dependabot is 0.217.0
+# https://github.com/dependabot/dependabot-core/tree/v0.217.0
 
-require_relative "file_fetchers/base"
+require_relative "file_fetchers/bundler"
 require_relative "file_fetchers/go_modules"
 require_relative "file_fetchers/git_submodules"

data/lib/dependabot/linguist/file_fetchers/bundler.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+#########################################################################################
+# _____                            _       _           _     _____      _       _       #
+# |  __ \                          | |     | |         | |   |  __ \    | |     | |     #
+# | |  | | ___ _ __   ___ _ __   __| | __ _| |__   ___ | |_  | |__) |_ _| |_ ___| |__   #
+# | |  | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| |  ___/ _` | __/ __| '_ \  #
+# | |__| |  __/ |_) |  __/ | | | (_| | (_| | |_) | (_) | |_  | |  | (_| | || (__| | | | #
+# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_|   \__,_|\__\___|_| |_| #
+#             | |                                                                       #
+#             |_|                                                                       #
+#########################################################################################
+
+# Patches Dependabot::GitSubmodules::FileFetcher.path_gemspec_paths
+
+# To fix https://github.com/Skenvy/dependabot-linguist/issues/6 we need to patch
+# ::Dependabot::Bundler::FileFetcher::fetch_path_gemspec_paths to stop it throwing
+# a Bundler::GemfileNotFound error, thrown from assuming that ::Bundler::root will
+# be run at the location the Gemfile.lock, and thus the Gemfile, exist. Currently
+# ::Bundler::LockfileParser::initialize during fetch_path_gemspec_paths will go;
+# ::Bundler::LockfileParser::parse_source, ::Bundler::Source::Rubygems::from_lock,
+# ::Bundler::Source::Rubygems::initialize, ::Bundler::Source::Rubygems::cache_path,
+# ::Bundler::app_cache, ::Bundler::root, ::Bundler::SharedHelpers::root, before
+# landing at ::Bundler::SharedHelpers::find_gemfile where it can read from ENV
+# `ENV["BUNDLE_GEMFILE"]`, or fail to locate an adjacent "Gemfile".
+
+# See https://github.com/CloutKhan/dependabot-bundler error demo for more details.
+
+# Instead of having the entire fetch_path_gemspec_paths in here, we can just wrap
+# the only place it's used, inside path_gemspec_paths -- with setting the ENV.
+
+require "dependabot/errors"
+require "dependabot/bundler"
+
+# rubocop:disable Style/Documentation
+
+module Dependabot
+  module Bundler
+    class FileFetcher
+      # https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L148-L150
+      def path_gemspec_paths
+        swap_bundle_gemfile = ENV.fetch("BUNDLE_GEMFILE", nil)
+        repo_dir_gemfile = "#{@repo_contents_path}#{source.directory}/Gemfile"
+        ENV["BUNDLE_GEMFILE"] = repo_dir_gemfile
+        raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "Gemfile")).cleanpath.to_path) unless File.exist?(repo_dir_gemfile)
+        result = fetch_path_gemspec_paths.map { |path| Pathname.new(path) }
+        ENV["BUNDLE_GEMFILE"] = swap_bundle_gemfile
+        result
+      end
+    end
+  end
+end
+
+# rubocop:enable Style/Documentation