Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump org.jenkins-ci.plugins:credentials-binding from 631.v861c06d062b_4 to 636.v55f1275c7b_27 in /bom-weekly #2509

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 15, 2023

Bumps org.jenkins-ci.plugins:credentials-binding from 631.v861c06d062b_4 to 636.v55f1275c7b_27.

Release notes

Sourced from org.jenkins-ci.plugins:credentials-binding's releases.

636.v55f1275c7b_27

🚀 New features and improvements

📦 Dependency updates

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.jenkins-ci.plugins:credentials-binding](https://github.com/jenkinsci/credentials-binding-plugin) from 631.v861c06d062b_4 to 636.v55f1275c7b_27.
- [Release notes](https://github.com/jenkinsci/credentials-binding-plugin/releases)
- [Changelog](https://github.com/jenkinsci/credentials-binding-plugin/blob/master/old-changelog.md)
- [Commits](https://github.com/jenkinsci/credentials-binding-plugin/commits)

---
updated-dependencies:
- dependency-name: org.jenkins-ci.plugins:credentials-binding
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner September 15, 2023 22:18
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 15, 2023
@github-actions github-actions bot enabled auto-merge (squash) September 15, 2023 22:18
@github-actions github-actions bot merged commit bab8257 into master Sep 15, 2023
@github-actions github-actions bot deleted the dependabot/maven/bom-weekly/org.jenkins-ci.plugins-credentials-binding-636.v55f1275c7b_27 branch September 15, 2023 22:31
MarkEWaite added a commit to MarkEWaite/bom that referenced this pull request Sep 16, 2023
The most recent release of the credentials-binding plugin adds masking
for base64 credentials.  That's a nice improvement.  Unfortunately,
it causes one of the config-file-provider tests to fail.

Adapt older bom profiles to "Bump credentials-binding (jenkinsci#2509)" by
retaining the current version of the credentials binding plugin on
the weekly release and pinning the previous credentials binding plugin
release on the LTS releases.

Could exclude the test failure on all releases, but it seemed better
to be able to detect test failures from the weekly release even if we
can't yet test the new version with the LTS releases.

This partially reverts commit bab8257.
MarkEWaite added a commit that referenced this pull request Sep 17, 2023
The most recent release of the credentials-binding plugin adds masking
for base64 credentials.  That's a nice improvement.  Unfortunately,
it causes one of the config-file-provider tests to fail.

Adapt older bom profiles to "Bump credentials-binding (#2509)" by
retaining the current version of the credentials binding plugin on
the weekly release and pinning the previous credentials binding plugin
release on the LTS releases.

Could exclude the test failure on all releases, but it seemed better
to be able to detect test failures from the weekly release even if we
can't yet test the new version with the LTS releases.

This partially reverts commit bab8257.
MarkEWaite added a commit that referenced this pull request Sep 17, 2023
* Pin previous credentials-binding release for LTS profiles

The most recent release of the credentials-binding plugin adds masking
for base64 credentials.  That's a nice improvement.  Unfortunately,
it causes one of the config-file-provider tests to fail.

Adapt older bom profiles to "Bump credentials-binding (#2509)" by
retaining the current version of the credentials binding plugin on
the weekly release and pinning the previous credentials binding plugin
release on the LTS releases.

Could exclude the test failure on all releases, but it seemed better
to be able to detect test failures from the weekly release even if we
can't yet test the new version with the LTS releases.

This partially reverts commit bab8257.

* Revert "Bump checks-api.version from 2.0.0 to 2.0.1 in /bom-weekly (#2471)"

#2484 describes the unexpected
addition of commons-text-api as a new dependency for many consumers of
the plugin bill of materials.

Rather than having more and more plugins adding dependencies on the
commons-text-api or the commons-lang3-api plugin, let's keep the
checks-api dependency at 2.0.0 instead of 2.0.1.

jenkinsci/checks-api-plugin#233 is the issue
reported to the checks-api plugin.  Once that issue is resolved, we
should be able to use more recent checks-api plugin versions.

Dependency updates that had to add commons-text-api included:

* jenkinsci/bitbucket-kubernetes-credentials-plugin#133
* jenkinsci/elastic-axis-plugin#309
* jenkinsci/nodelabelparameter-plugin#265
* jenkinsci/testng-plugin-plugin#244

This reverts commit 729dfb2.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants