dependabot-linguist 0.212.1 → 0.217.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +38 -2
- data/Gemfile.lock +98 -106
- data/Makefile +4 -2
- data/README.md +5 -4
- data/SECURITY.md +3 -2
- data/dependabot-linguist.gemspec +8 -6
- data/exe/dependabot-linguist +1 -1
- data/lib/dependabot/linguist/dependabot_file_validator.rb +3 -1
- data/lib/dependabot/linguist/dependabot_patch.rb +14 -2
- data/lib/dependabot/linguist/file_fetchers/bundler.rb +54 -0
- data/lib/dependabot/linguist/file_fetchers/git_submodules.rb +9 -7
- data/lib/dependabot/linguist/file_fetchers/go_modules.rb +2 -2
- data/lib/dependabot/linguist/language.rb +18 -14
- data/lib/dependabot/linguist/languages_to_ecosystems/contexts.rb +22 -21
- data/lib/dependabot/linguist/languages_to_ecosystems/languages.yaml +172 -21
- data/lib/dependabot/linguist/languages_to_ecosystems/manager_ecosystem_maps.rb +17 -17
- data/lib/dependabot/linguist/linguist_patch.rb +1 -1
- data/lib/dependabot/linguist/repository.rb +7 -2
- data/lib/dependabot/linguist/version.rb +1 -1
- metadata +17 -17
- data/lib/dependabot/linguist/file_fetchers/base.rb +0 -48
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1371e5c85071aefe956fb3ed4cc89d9c361296400858c671086105014c9db81e
|
4
|
+
data.tar.gz: 36d85631d93359a139ba432b5fd41c4e004641bc284d49b23dfbf508d61a3ff7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 56cc248e1f1ef0ea02e58b6606d91112714ae1e2b733367500aa29d644abecafff48dddf255548426dca0099a3ca0b551dbc2e38db726c73ca9b04bc9578c235
|
7
|
+
data.tar.gz: 832b54da74610965a93fdced801412e8cc768d469a02a2140d7b5f50ea9af18de2ff5c9bae06ef2da145dd99ae7b67a45ba32ef196d128e28042d98f2d157fb1
|
data/.rubocop.yml
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
AllCops:
|
2
|
-
TargetRubyVersion:
|
2
|
+
TargetRubyVersion: 3.1.0
|
3
3
|
UseCache: false
|
4
4
|
SuggestExtensions: false
|
5
5
|
# NewCops: enable # would silence the recommendation
|
@@ -11,6 +11,8 @@ AllCops:
|
|
11
11
|
|
12
12
|
Gemspec/DeprecatedAttributeAssignment:
|
13
13
|
Enabled: true
|
14
|
+
Gemspec/DevelopmentDependencies: # new in 1.44
|
15
|
+
Enabled: true
|
14
16
|
Gemspec/OrderedDependencies:
|
15
17
|
Enabled: false
|
16
18
|
Gemspec/RequireMFA:
|
@@ -53,6 +55,8 @@ Metrics/BlockNesting:
|
|
53
55
|
Enabled: false
|
54
56
|
Metrics/ClassLength:
|
55
57
|
Enabled: false
|
58
|
+
Metrics/CollectionLiteralLength: # new in 1.47
|
59
|
+
Enabled: true
|
56
60
|
Metrics/CyclomaticComplexity:
|
57
61
|
Enabled: false
|
58
62
|
Metrics/MethodLength:
|
@@ -76,6 +80,8 @@ Lint/DuplicateBranch:
|
|
76
80
|
Enabled: true
|
77
81
|
Lint/DuplicateMagicComment: # new in 1.37
|
78
82
|
Enabled: true
|
83
|
+
Lint/DuplicateMatchPattern: # new in 1.50
|
84
|
+
Enabled: true
|
79
85
|
Lint/DuplicateRegexpCharacterClassElement:
|
80
86
|
Enabled: true
|
81
87
|
Lint/EmptyBlock:
|
@@ -116,10 +122,11 @@ Lint/UnexpectedBlockArity:
|
|
116
122
|
Enabled: true
|
117
123
|
Lint/UnmodifiedReduceAccumulator:
|
118
124
|
Enabled: true
|
125
|
+
Lint/UselessRescue: # new in 1.43
|
126
|
+
Enabled: true
|
119
127
|
Lint/UselessRuby2Keywords:
|
120
128
|
Enabled: true
|
121
129
|
|
122
|
-
|
123
130
|
Style/StringLiterals:
|
124
131
|
Enabled: true
|
125
132
|
EnforcedStyle: double_quotes
|
@@ -131,10 +138,20 @@ Style/AccessModifierDeclarations:
|
|
131
138
|
AllowModifiersOnSymbols: false
|
132
139
|
Style/ArgumentsForwarding:
|
133
140
|
Enabled: true
|
141
|
+
Style/ArrayIntersect: # new in 1.40
|
142
|
+
Enabled: true
|
134
143
|
Style/CollectionCompact:
|
135
144
|
Enabled: true
|
145
|
+
Style/ComparableClamp: # new in 1.44
|
146
|
+
Enabled: true
|
147
|
+
Style/ConcatArrayLiterals: # new in 1.41
|
148
|
+
Enabled: true
|
136
149
|
Style/ConditionalAssignment:
|
137
150
|
Enabled: false
|
151
|
+
Style/DataInheritance: # new in 1.49
|
152
|
+
Enabled: true
|
153
|
+
Style/DirEmpty: # new in 1.48
|
154
|
+
Enabled: true
|
138
155
|
Style/DocumentDynamicEvalDefinition:
|
139
156
|
Enabled: true
|
140
157
|
Style/EmptyHeredoc:
|
@@ -145,6 +162,8 @@ Style/EnvHome:
|
|
145
162
|
Enabled: true
|
146
163
|
Style/FetchEnvVar:
|
147
164
|
Enabled: true
|
165
|
+
Style/FileEmpty: # new in 1.48
|
166
|
+
Enabled: true
|
148
167
|
Style/FileRead:
|
149
168
|
Enabled: true
|
150
169
|
Style/FileWrite:
|
@@ -155,6 +174,9 @@ Style/HashConversion:
|
|
155
174
|
Enabled: true
|
156
175
|
Style/HashExcept:
|
157
176
|
Enabled: true
|
177
|
+
Style/HashSyntax:
|
178
|
+
Enabled: true
|
179
|
+
EnforcedShorthandSyntax: 'never'
|
158
180
|
Style/IfWithBooleanLiteralBranches:
|
159
181
|
Enabled: true
|
160
182
|
Style/IfUnlessModifier:
|
@@ -169,8 +191,14 @@ Style/MapCompactWithConditionalBlock:
|
|
169
191
|
Enabled: true
|
170
192
|
Style/MapToHash:
|
171
193
|
Enabled: true
|
194
|
+
Style/MapToSet: # new in 1.42
|
195
|
+
Enabled: true
|
196
|
+
Style/MinMaxComparison: # new in 1.42
|
197
|
+
Enabled: true
|
172
198
|
Style/MultilineInPatternThen:
|
173
199
|
Enabled: true
|
200
|
+
Style/MutableConstant:
|
201
|
+
Enabled: true
|
174
202
|
Style/NegatedIfElseCondition:
|
175
203
|
Enabled: true
|
176
204
|
Style/NestedFileDirname:
|
@@ -195,10 +223,18 @@ Style/QuotedSymbols:
|
|
195
223
|
Enabled: true
|
196
224
|
Style/RedundantArgument:
|
197
225
|
Enabled: true
|
226
|
+
Style/RedundantConstantBase: # new in 1.40
|
227
|
+
Enabled: false
|
228
|
+
Style/RedundantDoubleSplatHashBraces: # new in 1.41
|
229
|
+
Enabled: true
|
198
230
|
Style/RedundantEach: # new in 1.38
|
199
231
|
Enabled: true
|
232
|
+
Style/RedundantHeredocDelimiterQuotes: # new in 1.45
|
233
|
+
Enabled: true
|
200
234
|
Style/RedundantInitialize:
|
201
235
|
Enabled: true
|
236
|
+
Style/RedundantLineContinuation: # new in 1.49
|
237
|
+
Enabled: true
|
202
238
|
Style/RedundantSelf:
|
203
239
|
Enabled: false
|
204
240
|
Style/RedundantSelfAssignmentBranch:
|
data/Gemfile.lock
CHANGED
@@ -1,33 +1,28 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
dependabot-linguist (0.
|
5
|
-
dependabot-omnibus (= 0.
|
6
|
-
github-linguist (= 7.
|
7
|
-
rugged (
|
4
|
+
dependabot-linguist (0.217.0)
|
5
|
+
dependabot-omnibus (= 0.217.0)
|
6
|
+
github-linguist (= 7.25.0)
|
7
|
+
rugged (= 1.6.3)
|
8
8
|
|
9
9
|
GEM
|
10
10
|
remote: https://rubygems.org/
|
11
11
|
specs:
|
12
|
-
|
13
|
-
concurrent-ruby (~> 1.0, >= 1.0.2)
|
14
|
-
i18n (>= 1.6, < 2)
|
15
|
-
minitest (>= 5.1)
|
16
|
-
tzinfo (~> 2.0)
|
17
|
-
addressable (2.8.1)
|
12
|
+
addressable (2.8.4)
|
18
13
|
public_suffix (>= 2.0.2, < 6.0)
|
19
14
|
ast (2.4.2)
|
20
15
|
aws-eventstream (1.2.0)
|
21
|
-
aws-partitions (1.
|
22
|
-
aws-sdk-codecommit (1.
|
16
|
+
aws-partitions (1.763.0)
|
17
|
+
aws-sdk-codecommit (1.53.0)
|
23
18
|
aws-sdk-core (~> 3, >= 3.165.0)
|
24
19
|
aws-sigv4 (~> 1.1)
|
25
|
-
aws-sdk-core (3.
|
20
|
+
aws-sdk-core (3.172.0)
|
26
21
|
aws-eventstream (~> 1, >= 1.0.2)
|
27
22
|
aws-partitions (~> 1, >= 1.651.0)
|
28
23
|
aws-sigv4 (~> 1.5)
|
29
24
|
jmespath (~> 1, >= 1.6.1)
|
30
|
-
aws-sdk-ecr (1.
|
25
|
+
aws-sdk-ecr (1.58.0)
|
31
26
|
aws-sdk-core (~> 3, >= 3.165.0)
|
32
27
|
aws-sigv4 (~> 1.1)
|
33
28
|
aws-sigv4 (1.5.2)
|
@@ -35,85 +30,87 @@ GEM
|
|
35
30
|
cgi (0.3.6)
|
36
31
|
charlock_holmes (0.7.7)
|
37
32
|
citrus (3.0.2)
|
38
|
-
commonmarker (0.23.
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
dependabot-common (0.212.0)
|
45
|
-
activesupport (>= 6.0.0)
|
33
|
+
commonmarker (0.23.9)
|
34
|
+
dependabot-bundler (0.217.0)
|
35
|
+
dependabot-common (= 0.217.0)
|
36
|
+
dependabot-cargo (0.217.0)
|
37
|
+
dependabot-common (= 0.217.0)
|
38
|
+
dependabot-common (0.217.0)
|
46
39
|
aws-sdk-codecommit (~> 1.28)
|
47
40
|
aws-sdk-ecr (~> 1.5)
|
48
41
|
bundler (>= 1.16, < 3.0.0)
|
49
42
|
commonmarker (>= 0.20.1, < 0.24.0)
|
50
|
-
docker_registry2 (~> 1.
|
51
|
-
excon (~> 0.
|
52
|
-
faraday (= 2.
|
43
|
+
docker_registry2 (~> 1.14)
|
44
|
+
excon (~> 0.96, < 0.100)
|
45
|
+
faraday (= 2.7.4)
|
46
|
+
faraday-retry (= 2.1.0)
|
53
47
|
gitlab (= 4.19.0)
|
54
48
|
nokogiri (~> 1.8)
|
55
|
-
octokit (>= 4.6, <
|
49
|
+
octokit (>= 4.6, < 7.0)
|
56
50
|
parser (>= 2.5, < 4.0)
|
51
|
+
psych (~> 5.0)
|
57
52
|
toml-rb (>= 1.1.2, < 3.0)
|
58
|
-
dependabot-composer (0.
|
59
|
-
dependabot-common (= 0.
|
60
|
-
dependabot-docker (0.
|
61
|
-
dependabot-common (= 0.
|
62
|
-
dependabot-elm (0.
|
63
|
-
dependabot-common (= 0.
|
64
|
-
dependabot-git_submodules (0.
|
65
|
-
dependabot-common (= 0.
|
53
|
+
dependabot-composer (0.217.0)
|
54
|
+
dependabot-common (= 0.217.0)
|
55
|
+
dependabot-docker (0.217.0)
|
56
|
+
dependabot-common (= 0.217.0)
|
57
|
+
dependabot-elm (0.217.0)
|
58
|
+
dependabot-common (= 0.217.0)
|
59
|
+
dependabot-git_submodules (0.217.0)
|
60
|
+
dependabot-common (= 0.217.0)
|
66
61
|
parseconfig (~> 1.0, < 1.1.0)
|
67
|
-
dependabot-github_actions (0.
|
68
|
-
dependabot-common (= 0.
|
69
|
-
dependabot-go_modules (0.
|
70
|
-
dependabot-common (= 0.
|
71
|
-
dependabot-gradle (0.
|
72
|
-
dependabot-common (= 0.
|
73
|
-
dependabot-maven (= 0.
|
74
|
-
dependabot-hex (0.
|
75
|
-
dependabot-common (= 0.
|
76
|
-
dependabot-maven (0.
|
77
|
-
dependabot-common (= 0.
|
78
|
-
dependabot-npm_and_yarn (0.
|
79
|
-
dependabot-common (= 0.
|
80
|
-
dependabot-nuget (0.
|
81
|
-
dependabot-common (= 0.
|
82
|
-
dependabot-omnibus (0.
|
83
|
-
dependabot-bundler (= 0.
|
84
|
-
dependabot-cargo (= 0.
|
85
|
-
dependabot-common (= 0.
|
86
|
-
dependabot-composer (= 0.
|
87
|
-
dependabot-docker (= 0.
|
88
|
-
dependabot-elm (= 0.
|
89
|
-
dependabot-git_submodules (= 0.
|
90
|
-
dependabot-github_actions (= 0.
|
91
|
-
dependabot-go_modules (= 0.
|
92
|
-
dependabot-gradle (= 0.
|
93
|
-
dependabot-hex (= 0.
|
94
|
-
dependabot-maven (= 0.
|
95
|
-
dependabot-npm_and_yarn (= 0.
|
96
|
-
dependabot-nuget (= 0.
|
97
|
-
dependabot-pub (= 0.
|
98
|
-
dependabot-python (= 0.
|
99
|
-
dependabot-terraform (= 0.
|
100
|
-
dependabot-pub (0.
|
101
|
-
dependabot-common (= 0.
|
102
|
-
dependabot-python (0.
|
103
|
-
dependabot-common (= 0.
|
104
|
-
dependabot-terraform (0.
|
105
|
-
dependabot-common (= 0.
|
62
|
+
dependabot-github_actions (0.217.0)
|
63
|
+
dependabot-common (= 0.217.0)
|
64
|
+
dependabot-go_modules (0.217.0)
|
65
|
+
dependabot-common (= 0.217.0)
|
66
|
+
dependabot-gradle (0.217.0)
|
67
|
+
dependabot-common (= 0.217.0)
|
68
|
+
dependabot-maven (= 0.217.0)
|
69
|
+
dependabot-hex (0.217.0)
|
70
|
+
dependabot-common (= 0.217.0)
|
71
|
+
dependabot-maven (0.217.0)
|
72
|
+
dependabot-common (= 0.217.0)
|
73
|
+
dependabot-npm_and_yarn (0.217.0)
|
74
|
+
dependabot-common (= 0.217.0)
|
75
|
+
dependabot-nuget (0.217.0)
|
76
|
+
dependabot-common (= 0.217.0)
|
77
|
+
dependabot-omnibus (0.217.0)
|
78
|
+
dependabot-bundler (= 0.217.0)
|
79
|
+
dependabot-cargo (= 0.217.0)
|
80
|
+
dependabot-common (= 0.217.0)
|
81
|
+
dependabot-composer (= 0.217.0)
|
82
|
+
dependabot-docker (= 0.217.0)
|
83
|
+
dependabot-elm (= 0.217.0)
|
84
|
+
dependabot-git_submodules (= 0.217.0)
|
85
|
+
dependabot-github_actions (= 0.217.0)
|
86
|
+
dependabot-go_modules (= 0.217.0)
|
87
|
+
dependabot-gradle (= 0.217.0)
|
88
|
+
dependabot-hex (= 0.217.0)
|
89
|
+
dependabot-maven (= 0.217.0)
|
90
|
+
dependabot-npm_and_yarn (= 0.217.0)
|
91
|
+
dependabot-nuget (= 0.217.0)
|
92
|
+
dependabot-pub (= 0.217.0)
|
93
|
+
dependabot-python (= 0.217.0)
|
94
|
+
dependabot-terraform (= 0.217.0)
|
95
|
+
dependabot-pub (0.217.0)
|
96
|
+
dependabot-common (= 0.217.0)
|
97
|
+
dependabot-python (0.217.0)
|
98
|
+
dependabot-common (= 0.217.0)
|
99
|
+
dependabot-terraform (0.217.0)
|
100
|
+
dependabot-common (= 0.217.0)
|
106
101
|
diff-lcs (1.5.0)
|
107
|
-
docker_registry2 (1.
|
102
|
+
docker_registry2 (1.15.0)
|
108
103
|
rest-client (>= 1.8.0)
|
109
104
|
domain_name (0.5.20190701)
|
110
105
|
unf (>= 0.0.5, < 1.0.0)
|
111
|
-
excon (0.
|
112
|
-
faraday (2.
|
106
|
+
excon (0.99.0)
|
107
|
+
faraday (2.7.4)
|
113
108
|
faraday-net_http (>= 2.0, < 3.1)
|
114
109
|
ruby2_keywords (>= 0.0.4)
|
115
110
|
faraday-net_http (3.0.2)
|
116
|
-
|
111
|
+
faraday-retry (2.1.0)
|
112
|
+
faraday (~> 2.0)
|
113
|
+
github-linguist (7.25.0)
|
117
114
|
cgi
|
118
115
|
charlock_holmes (~> 0.7.7)
|
119
116
|
mini_mime (~> 1.0)
|
@@ -124,42 +121,39 @@ GEM
|
|
124
121
|
http-accept (1.7.0)
|
125
122
|
http-cookie (1.0.5)
|
126
123
|
domain_name (~> 0.5)
|
127
|
-
httparty (0.
|
128
|
-
|
124
|
+
httparty (0.21.0)
|
125
|
+
mini_mime (>= 1.0.0)
|
129
126
|
multi_xml (>= 0.5.2)
|
130
|
-
i18n (1.12.0)
|
131
|
-
concurrent-ruby (~> 1.0)
|
132
127
|
jmespath (1.6.2)
|
133
|
-
json (2.6.
|
128
|
+
json (2.6.3)
|
134
129
|
mime-types (3.4.1)
|
135
130
|
mime-types-data (~> 3.2015)
|
136
|
-
mime-types-data (3.
|
131
|
+
mime-types-data (3.2023.0218.1)
|
137
132
|
mini_mime (1.1.2)
|
138
|
-
mini_portile2 (2.8.
|
139
|
-
minitest (5.16.3)
|
133
|
+
mini_portile2 (2.8.2)
|
140
134
|
multi_xml (0.6.0)
|
141
135
|
netrc (0.11.0)
|
142
|
-
nokogiri (1.
|
136
|
+
nokogiri (1.14.4)
|
143
137
|
mini_portile2 (~> 2.8.0)
|
144
138
|
racc (~> 1.4)
|
145
|
-
nokogiri (1.
|
139
|
+
nokogiri (1.14.4-x86_64-linux)
|
146
140
|
racc (~> 1.4)
|
147
|
-
octokit (
|
141
|
+
octokit (6.1.1)
|
148
142
|
faraday (>= 1, < 3)
|
149
143
|
sawyer (~> 0.9)
|
150
144
|
parallel (1.22.1)
|
151
145
|
parseconfig (1.0.8)
|
152
|
-
parser (3.
|
146
|
+
parser (3.2.2.1)
|
153
147
|
ast (~> 2.4.1)
|
154
|
-
psych (
|
148
|
+
psych (5.1.0)
|
155
149
|
stringio
|
156
|
-
public_suffix (5.0.
|
157
|
-
racc (1.6.
|
150
|
+
public_suffix (5.0.1)
|
151
|
+
racc (1.6.2)
|
158
152
|
rainbow (3.1.1)
|
159
153
|
rake (13.0.6)
|
160
|
-
rdoc (6.
|
154
|
+
rdoc (6.5.0)
|
161
155
|
psych (>= 4.0.0)
|
162
|
-
regexp_parser (2.
|
156
|
+
regexp_parser (2.8.0)
|
163
157
|
rest-client (2.1.0)
|
164
158
|
http-accept (>= 1.7.0, < 2.0)
|
165
159
|
http-cookie (>= 1.0.2, < 2.0)
|
@@ -179,35 +173,33 @@ GEM
|
|
179
173
|
diff-lcs (>= 1.2.0, < 2.0)
|
180
174
|
rspec-support (~> 3.12.0)
|
181
175
|
rspec-support (3.12.0)
|
182
|
-
rubocop (1.
|
176
|
+
rubocop (1.50.2)
|
183
177
|
json (~> 2.3)
|
184
178
|
parallel (~> 1.10)
|
185
|
-
parser (>= 3.
|
179
|
+
parser (>= 3.2.0.0)
|
186
180
|
rainbow (>= 2.2.2, < 4.0)
|
187
181
|
regexp_parser (>= 1.8, < 3.0)
|
188
182
|
rexml (>= 3.2.5, < 4.0)
|
189
|
-
rubocop-ast (>= 1.
|
183
|
+
rubocop-ast (>= 1.28.0, < 2.0)
|
190
184
|
ruby-progressbar (~> 1.7)
|
191
|
-
unicode-display_width (>=
|
192
|
-
rubocop-ast (1.
|
193
|
-
parser (>= 3.
|
194
|
-
ruby-progressbar (1.
|
185
|
+
unicode-display_width (>= 2.4.0, < 3.0)
|
186
|
+
rubocop-ast (1.28.0)
|
187
|
+
parser (>= 3.2.1.0)
|
188
|
+
ruby-progressbar (1.13.0)
|
195
189
|
ruby2_keywords (0.0.5)
|
196
|
-
rugged (1.
|
190
|
+
rugged (1.6.3)
|
197
191
|
sawyer (0.9.2)
|
198
192
|
addressable (>= 2.3.5)
|
199
193
|
faraday (>= 0.17.3, < 3)
|
200
|
-
stringio (3.0.
|
194
|
+
stringio (3.0.5)
|
201
195
|
terminal-table (3.0.2)
|
202
196
|
unicode-display_width (>= 1.1.1, < 3)
|
203
197
|
toml-rb (2.2.0)
|
204
198
|
citrus (~> 3.0, > 3.0)
|
205
|
-
tzinfo (2.0.5)
|
206
|
-
concurrent-ruby (~> 1.0)
|
207
199
|
unf (0.1.4)
|
208
200
|
unf_ext
|
209
201
|
unf_ext (0.0.8.2)
|
210
|
-
unicode-display_width (2.
|
202
|
+
unicode-display_width (2.4.2)
|
211
203
|
|
212
204
|
PLATFORMS
|
213
205
|
ruby
|
data/Makefile
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
.PHONY: setup setup_github clean docs docs_view demo test build install push_rubygems push_github
|
1
|
+
.PHONY: setup setup_github clean docs docs_view demo test lint build install push_rubygems push_github
|
2
2
|
SHELL:=/bin/bash
|
3
3
|
|
4
4
|
# Assumes `gem install bundler`
|
@@ -27,12 +27,14 @@ demo:
|
|
27
27
|
# default (just `rake`) is spec + rubocop, but be pedantic in case this changes.
|
28
28
|
test: clean
|
29
29
|
bundle exec rake spec
|
30
|
+
|
31
|
+
lint: clean
|
30
32
|
bundle exec rake rubocop
|
31
33
|
|
32
34
|
# We can choose from `gem build dependabot-linguist.gemspec` or `bundle exec rake build`.
|
33
35
|
# The gem build command creates a ./dependabot-linguist-$VER.gem file, and the rake build
|
34
36
|
# (within bundle context) creates a ./pkg/dependabot-linguist-$VER.gem file.
|
35
|
-
build: test
|
37
|
+
build: test lint
|
36
38
|
bundle exec rake build
|
37
39
|
|
38
40
|
# --user-install means no need for sudo or expectation of
|
data/README.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
Use [linguist](https://github.com/github/linguist) to check the contents of a **local** repository, and then scan for [dependabot-core](https://github.com/dependabot/dependabot-core) ecosystems relevant to those languages! With the list of [ecosystems](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem) present in a repository, add a [dependabot.y[a]ml](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) ([configuration file](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)).
|
3
3
|
## Getting Started
|
4
4
|
### [Linguist dependencies](https://github.com/github/linguist#dependencies);
|
5
|
-
Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.
|
5
|
+
Before installing this gem, which will install the [github-linguist gem](https://rubygems.org/gems/github-linguist), linguists dependencies should be installed. A number of these are enabling [rugged](https://rubygems.org/gems/rugged), so they can't be "ignored" like [dependabot's setup](https://github.com/dependabot/dependabot-core#setup), which _can_ be ignored for the purpose of **this** gem, which only intends to use the [file fetchers](https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/lib/dependabot/file_fetchers/README.md).
|
6
6
|
```bash
|
7
7
|
sudo apt-get install build-essential cmake pkg-config libicu-dev zlib1g-dev libcurl4-openssl-dev libssl-dev ruby-dev
|
8
8
|
```
|
@@ -22,12 +22,12 @@ bundle add dependabot-linguist
|
|
22
22
|
```
|
23
23
|
Or add the following line to your `Gemfile` manually
|
24
24
|
```ruby
|
25
|
-
gem "dependabot-linguist", ">= 0.
|
25
|
+
gem "dependabot-linguist", ">= 0.217.0
|
26
26
|
```
|
27
27
|
[Add the GitHub hosted gem](https://github.com/Skenvy/dependabot-linguist/packages/1704407);
|
28
28
|
```ruby
|
29
29
|
source "https://rubygems.pkg.github.com/skenvy" do
|
30
|
-
gem "dependabot-linguist", ">= 0.
|
30
|
+
gem "dependabot-linguist", ">= 0.217.0"
|
31
31
|
end
|
32
32
|
```
|
33
33
|
### Setup external CLIs
|
@@ -96,4 +96,5 @@ git clone https://github.com/Skenvy/dependabot-linguist.git && cd dependabot-lin
|
|
96
96
|
### Iterative development
|
97
97
|
The majority of `make` recipes for this are just wrapping a `bundle` invocation of `rake`.
|
98
98
|
* `make docs` will recreate the RDoc docs
|
99
|
-
* `make test` will run
|
99
|
+
* `make test` will run the RSpec tests.
|
100
|
+
* `make lint` will run the RuboCop linter.
|
data/SECURITY.md
CHANGED
@@ -1,9 +1,10 @@
|
|
1
1
|
# Security Policy
|
2
2
|
## Supported Versions
|
3
3
|
The `<major>.<minor>.*` versions of this are pinned to the **supported** `<major>.<minor>.*` versions of the gems that are published by the [dependabot-core](https://github.com/dependabot/dependabot-core) repository, centric to the [dependabot-common](https://rubygems.org/gems/dependabot-common) gem, with any required patches applied to each supported minor version.
|
4
|
-
*
|
4
|
+
* Support version `0.212.0`, centric to [dependabot-common@0.212.0](https://rubygems.org/gems/dependabot-common/versions/0.212.0)
|
5
5
|
* This is because this is the last version to support a Ruby version of `2.7.0`.
|
6
|
+
* Support version `0.217.0`, centric to [dependabot-common@0.217.0](https://rubygems.org/gems/dependabot-common/versions/0.217.0)
|
6
7
|
|
7
|
-
Bugs present in
|
8
|
+
Bugs present in only the most recent pinned minor version may be patched and contribute to successive patch versions. If a bug exists in an older version and no longer exists in a newer version, it is suggested to update to the newer version. As the underlying package this wraps, dependabot[-omnibus], is a live service, it makes sense for this to only roll forward.
|
8
9
|
## Reporting a Vulnerability
|
9
10
|
Raise a [Security Vulnerability](https://github.com/Skenvy/dependabot-linguist/issues/new?assignees=&labels=security&template=security-vulnerability.yaml) issue.
|
data/dependabot-linguist.gemspec
CHANGED
@@ -12,7 +12,9 @@ Gem::Specification.new do |spec|
|
|
12
12
|
spec.description = "Use linguist to check the contents of a repository,
|
13
13
|
and then scan for dependabot-core ecosystems relevant to those languages!"
|
14
14
|
spec.homepage = "https://skenvy.github.io/dependabot-linguist"
|
15
|
-
|
15
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.217.0/common/dependabot-common.gemspec#L23-L24
|
16
|
+
spec.required_ruby_version = ">= 3.1.0"
|
17
|
+
spec.required_rubygems_version = ">= 3.3.7"
|
16
18
|
spec.metadata["homepage_uri"] = spec.homepage
|
17
19
|
spec.metadata["source_code_uri"] = "https://github.com/Skenvy/dependabot-linguist/tree/main/"
|
18
20
|
|
@@ -25,13 +27,13 @@ Gem::Specification.new do |spec|
|
|
25
27
|
spec.bindir = "exe"
|
26
28
|
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
|
27
29
|
|
28
|
-
spec.add_dependency "rugged", "
|
29
|
-
spec.add_dependency "github-linguist", "7.
|
30
|
+
spec.add_dependency "rugged", "1.6.3"
|
31
|
+
spec.add_dependency "github-linguist", "7.25.0"
|
30
32
|
# All ecosystem gems from https://rubygems.org/profiles/dependabot can be
|
31
|
-
# required via https://rubygems.org/gems/dependabot-omnibus/versions/0.
|
33
|
+
# required via https://rubygems.org/gems/dependabot-omnibus/versions/0.217.0
|
32
34
|
# which will include all dependencies of omnibus (16 ecosystems and common).
|
33
|
-
# https://github.com/dependabot/dependabot-core/blob/v0.
|
34
|
-
spec.add_dependency "dependabot-omnibus", "0.
|
35
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.217.0/omnibus/dependabot-omnibus.gemspec#L29-L45
|
36
|
+
spec.add_dependency "dependabot-omnibus", "0.217.0"
|
35
37
|
|
36
38
|
# spec.add_development_dependency "aruba", "~> 2.1" # TODO
|
37
39
|
spec.add_development_dependency "rake", "~> 13.0"
|
data/exe/dependabot-linguist
CHANGED
@@ -12,7 +12,7 @@ require "yaml"
|
|
12
12
|
$VERBOSE = previous_verbose
|
13
13
|
|
14
14
|
VERSION = ::Dependabot::Linguist::VERSION
|
15
|
-
BANNER = <<~BANNER
|
15
|
+
BANNER = <<~BANNER.freeze
|
16
16
|
Dependabot Linguist v#{VERSION}
|
17
17
|
Detect dependabot ecosystems present for a given git repository, based off using
|
18
18
|
linguist to determine the files present, that could be relevant to an ecosystem,
|
@@ -202,7 +202,9 @@ module Dependabot
|
|
202
202
|
end
|
203
203
|
|
204
204
|
def write_new_config
|
205
|
-
|
205
|
+
full_file_path = "#{@repo.path.delete_suffix("/.git/")}/#{dependabot_file_path}"
|
206
|
+
FileUtils.mkdir_p File.dirname(full_file_path)
|
207
|
+
File.open(full_file_path, "w") { |file| file.write(new_config.to_yaml) } if new_config != existing_config
|
206
208
|
end
|
207
209
|
|
208
210
|
# The expected environment to run this final step in should have 'git' AND
|
@@ -1,8 +1,20 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
#########################################################################################
|
4
|
+
# _____ _ _ _ _____ _ _ #
|
5
|
+
# | __ \ | | | | | | | __ \ | | | | #
|
6
|
+
# | | | | ___ _ __ ___ _ __ __| | __ _| |__ ___ | |_ | |__) |_ _| |_ ___| |__ #
|
7
|
+
# | | | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| | ___/ _` | __/ __| '_ \ #
|
8
|
+
# | |__| | __/ |_) | __/ | | | (_| | (_| | |_) | (_) | |_ | | | (_| | || (__| | | | #
|
9
|
+
# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_| \__,_|\__\___|_| |_| #
|
10
|
+
# | | #
|
11
|
+
# |_| #
|
12
|
+
#########################################################################################
|
13
|
+
|
3
14
|
# Direct the requiring of the files that patch dependabot via this.
|
4
|
-
#
|
15
|
+
# The current target version for dependabot is 0.217.0
|
16
|
+
# https://github.com/dependabot/dependabot-core/tree/v0.217.0
|
5
17
|
|
6
|
-
require_relative "file_fetchers/
|
18
|
+
require_relative "file_fetchers/bundler"
|
7
19
|
require_relative "file_fetchers/go_modules"
|
8
20
|
require_relative "file_fetchers/git_submodules"
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#########################################################################################
|
4
|
+
# _____ _ _ _ _____ _ _ #
|
5
|
+
# | __ \ | | | | | | | __ \ | | | | #
|
6
|
+
# | | | | ___ _ __ ___ _ __ __| | __ _| |__ ___ | |_ | |__) |_ _| |_ ___| |__ #
|
7
|
+
# | | | |/ _ \ '_ \ / _ \ '_ \ / _` |/ _` | '_ \ / _ \| __| | ___/ _` | __/ __| '_ \ #
|
8
|
+
# | |__| | __/ |_) | __/ | | | (_| | (_| | |_) | (_) | |_ | | | (_| | || (__| | | | #
|
9
|
+
# |_____/ \___| .__/ \___|_| |_|\__,_|\__,_|_.__/ \___/ \__| |_| \__,_|\__\___|_| |_| #
|
10
|
+
# | | #
|
11
|
+
# |_| #
|
12
|
+
#########################################################################################
|
13
|
+
|
14
|
+
# Patches Dependabot::GitSubmodules::FileFetcher.path_gemspec_paths
|
15
|
+
|
16
|
+
# To fix https://github.com/Skenvy/dependabot-linguist/issues/6 we need to patch
|
17
|
+
# ::Dependabot::Bundler::FileFetcher::fetch_path_gemspec_paths to stop it throwing
|
18
|
+
# a Bundler::GemfileNotFound error, thrown from assuming that ::Bundler::root will
|
19
|
+
# be run at the location the Gemfile.lock, and thus the Gemfile, exist. Currently
|
20
|
+
# ::Bundler::LockfileParser::initialize during fetch_path_gemspec_paths will go;
|
21
|
+
# ::Bundler::LockfileParser::parse_source, ::Bundler::Source::Rubygems::from_lock,
|
22
|
+
# ::Bundler::Source::Rubygems::initialize, ::Bundler::Source::Rubygems::cache_path,
|
23
|
+
# ::Bundler::app_cache, ::Bundler::root, ::Bundler::SharedHelpers::root, before
|
24
|
+
# landing at ::Bundler::SharedHelpers::find_gemfile where it can read from ENV
|
25
|
+
# `ENV["BUNDLE_GEMFILE"]`, or fail to locate an adjacent "Gemfile".
|
26
|
+
|
27
|
+
# See https://github.com/CloutKhan/dependabot-bundler error demo for more details.
|
28
|
+
|
29
|
+
# Instead of having the entire fetch_path_gemspec_paths in here, we can just wrap
|
30
|
+
# the only place it's used, inside path_gemspec_paths -- with setting the ENV.
|
31
|
+
|
32
|
+
require "dependabot/errors"
|
33
|
+
require "dependabot/bundler"
|
34
|
+
|
35
|
+
# rubocop:disable Style/Documentation
|
36
|
+
|
37
|
+
module Dependabot
|
38
|
+
module Bundler
|
39
|
+
class FileFetcher
|
40
|
+
# https://github.com/dependabot/dependabot-core/blob/v0.217.0/bundler/lib/dependabot/bundler/file_fetcher.rb#L148-L150
|
41
|
+
def path_gemspec_paths
|
42
|
+
swap_bundle_gemfile = ENV.fetch("BUNDLE_GEMFILE", nil)
|
43
|
+
repo_dir_gemfile = "#{@repo_contents_path}#{source.directory}/Gemfile"
|
44
|
+
ENV["BUNDLE_GEMFILE"] = repo_dir_gemfile
|
45
|
+
raise(Dependabot::DependencyFileNotFound, Pathname.new(File.join(directory, "Gemfile")).cleanpath.to_path) unless File.exist?(repo_dir_gemfile)
|
46
|
+
result = fetch_path_gemspec_paths.map { |path| Pathname.new(path) }
|
47
|
+
ENV["BUNDLE_GEMFILE"] = swap_bundle_gemfile
|
48
|
+
result
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
# rubocop:enable Style/Documentation
|