dependabot-common 0.116.0 → 0.116.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f1b9cb2bd8bf9391721e626564812e1dffa308b51fd3023c9631817bcd2dd20
-  data.tar.gz: 90dfafff6a319d75c2dd4de314c6c2a72dfb90281930d358dc6233dbaeecca0d
+  metadata.gz: 999a78c5cab8fb23387cadf8a8ccb5d2dee82979a3858f8762db6dc99b168693
+  data.tar.gz: 8cfbffcaf398f3a5c311347b68412a009b2020e2ebac5e01c04b43f834dd7e99
 SHA512:
-  metadata.gz: 629d5848c54b3ec4bd03669ae54dff41f2402e2ee316b4ac983c45606545d441f65f5adcf6fd6dbf46607a540296693bee3a4682de0836d3bc0aa7c6900b2c27
-  data.tar.gz: 36b4c87aaad25745bc0b461bbf93f7e8794da97e7d220616f45a646c139f97308941b9f39838b099d5ffd84d306c8b729d3b90699956b3b0c6ad7bb5ebcb1a29
+  metadata.gz: '098cc18aff2efd626f1d6505ac8242063807105431768dd94279f2902e64bbe7fe84e5fdf6109ce6ce3a347487c2eea0250ad76b187152f21b1251b40a58b1c5'
+  data.tar.gz: e90e52811aad8725153e05ceb562a66d641d5b6701a3c77c0376a0feaae458ddbd0f533428830037e7d3bc40d4a0a7de20c9b5c769f6925f011997624823bcbb

data/lib/dependabot/git_metadata_fetcher.rb

@@ -156,16 +156,26 @@ module Dependabot
       cred = credentials.select { |c| c["type"] == "git_source" }.
              find { |c| bare_uri.start_with?(c["host"]) }
 
+      scheme = scheme_for_uri(uri)
+
       if bare_uri.match?(%r{[^/]+:[^/]+@})
         # URI already has authentication details
-        "https://#{bare_uri}"
+        "#{scheme}://#{bare_uri}"
       elsif cred&.fetch("username", nil) && cred&.fetch("password", nil)
         # URI doesn't have authentication details, but we have credentials
         auth_string = "#{cred.fetch('username')}:#{cred.fetch('password')}"
-        "https://#{auth_string}@#{bare_uri}"
+        "#{scheme}://#{auth_string}@#{bare_uri}"
+      else
+        # No credentials, so just return the http(s) URI
+        "#{scheme}://#{bare_uri}"
+      end
+    end
+
+    def scheme_for_uri(uri)
+      if uri.match?(%r{^http://})
+        "http"
       else
-        # No credentials, so just return the https URI
-        "https://#{bare_uri}"
+        "https"
       end
     end
 

data/lib/dependabot/update_checkers/base.rb

@@ -13,13 +13,15 @@ module Dependabot
 
       def initialize(dependency:, dependency_files:, credentials:,
                      ignored_versions: [], security_advisories: [],
-                     requirements_update_strategy: nil)
+                     requirements_update_strategy: nil,
+                     security_updates_only: false)
         @dependency = dependency
         @dependency_files = dependency_files
         @credentials = credentials
         @requirements_update_strategy = requirements_update_strategy
         @ignored_versions = ignored_versions
         @security_advisories = security_advisories
+        @security_updates_only = security_updates_only
       end
 
       def up_to_date?

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.116.0"
+  VERSION = "0.116.5"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.116.0
+  version: 0.116.5
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-08 00:00:00.000000000 Z
+date: 2020-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -62,16 +62,22 @@ dependencies:
   name: commonmarker
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.20.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.20.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.22.0
 - !ruby/object:Gem::Dependency
   name: docker_registry2
   requirement: !ruby/object:Gem::Requirement