refactor: vulnerability matchFiles (#8786)

lib/workers/repository/init/__snapshots__/vulnerability.spec.ts.snap

@@ -20,7 +20,6 @@ Array [
     ],
     "matchFiles": Array [
       "backend/package-lock.json",
-      "backend/package.json",
     ],
     "matchPackageNames": Array [
       "electron",

lib/workers/repository/init/vulnerability.ts

@@ -9,7 +9,6 @@ import { logger } from '../../../logger';
 import { platform } from '../../../platform';
 import { SecurityAdvisory } from '../../../types';
 import { sanitizeMarkdown } from '../../../util/markdown';
-import { regEx } from '../../../util/regex';
 import * as allVersioning from '../../../versioning';
 import * as mavenVersioning from '../../../versioning/maven';
 import * as npmVersioning from '../../../versioning/npm';
@@ -184,21 +183,6 @@ export async function detectVulnerabilityAlerts(
           },
         };
         matchRule.matchFiles = [fileName];
-        // The following list based off https://docs.github.com/en/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems
-        const lockToPackageFile = {
-          'package-lock.json': 'package.json',
-          'composer.lock': 'composer.json',
-          'pipfile.lock': 'Pipfile',
-          'Gemfile.lock': 'Gemfile',
-          'yarn.lock': 'package.json',
-        };
-        for (const [lock, packageFile] of Object.entries(lockToPackageFile)) {
-          if (fileName.endsWith(lock)) {
-            matchRule.matchFiles.push(
-              fileName.replace(regEx(`${lock}$`), packageFile)
-            );
-          }
-        }
         alertPackageRules.push(matchRule);
       }
     }