From 8c48d4bc9d4f8ceb73c977d08f94f161a31a08a1 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Sat, 20 Feb 2021 21:44:32 +0100
Subject: [PATCH] refactor: vulnerability matchFiles (#8786)

---
 .../__snapshots__/vulnerability.spec.ts.snap     |  1 -
 lib/workers/repository/init/vulnerability.ts     | 16 ----------------
 2 files changed, 17 deletions(-)

diff --git a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
index 6cdcea1729..83f053130d 100644
--- a/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
+++ b/lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap
@@ -20,7 +20,6 @@ Array [
     ],
     "matchFiles": Array [
       "backend/package-lock.json",
-      "backend/package.json",
     ],
     "matchPackageNames": Array [
       "electron",
diff --git a/lib/workers/repository/init/vulnerability.ts b/lib/workers/repository/init/vulnerability.ts
index df14e9bad7..57a880e00a 100644
--- a/lib/workers/repository/init/vulnerability.ts
+++ b/lib/workers/repository/init/vulnerability.ts
@@ -9,7 +9,6 @@ import { logger } from '../../../logger';
 import { platform } from '../../../platform';
 import { SecurityAdvisory } from '../../../types';
 import { sanitizeMarkdown } from '../../../util/markdown';
-import { regEx } from '../../../util/regex';
 import * as allVersioning from '../../../versioning';
 import * as mavenVersioning from '../../../versioning/maven';
 import * as npmVersioning from '../../../versioning/npm';
@@ -184,21 +183,6 @@ export async function detectVulnerabilityAlerts(
           },
         };
         matchRule.matchFiles = [fileName];
-        // The following list based off https://docs.github.com/en/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems
-        const lockToPackageFile = {
-          'package-lock.json': 'package.json',
-          'composer.lock': 'composer.json',
-          'pipfile.lock': 'Pipfile',
-          'Gemfile.lock': 'Gemfile',
-          'yarn.lock': 'package.json',
-        };
-        for (const [lock, packageFile] of Object.entries(lockToPackageFile)) {
-          if (fileName.endsWith(lock)) {
-            matchRule.matchFiles.push(
-              fileName.replace(regEx(`${lock}$`), packageFile)
-            );
-          }
-        }
         alertPackageRules.push(matchRule);
       }
     }
-- 
GitLab