Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump io.jenkins.tools.bom:bom-2.387.x from 2401.v7a_d68f8d0b_09 to 2423.vce598171d115 #309

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 10, 2023

Bumps io.jenkins.tools.bom:bom-2.387.x from 2401.v7a_d68f8d0b_09 to 2423.vce598171d115.

Release notes

Sourced from io.jenkins.tools.bom:bom-2.387.x's releases.

2423.vce598171d115

🚀 New features and improvements

👻 Maintenance

🚦 Tests

📦 Dependency updates

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @MarkEWaite.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [io.jenkins.tools.bom:bom-2.387.x](https://github.com/jenkinsci/bom) from 2401.v7a_d68f8d0b_09 to 2423.vce598171d115.
- [Release notes](https://github.com/jenkinsci/bom/releases)
- [Commits](https://github.com/jenkinsci/bom/commits)

---
updated-dependencies:
- dependency-name: io.jenkins.tools.bom:bom-2.387.x
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner September 10, 2023 10:21
@dependabot dependabot bot added the dependencies Dependency related change label Sep 10, 2023
@dependabot dependabot bot requested a review from MarkEWaite September 10, 2023 10:21
@github-actions github-actions bot added the chore Reduces maintenance effort by changes not directly visible to users label Sep 10, 2023
Copy link
Collaborator

@MarkEWaite MarkEWaite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot squash and merge

The InjectedTest fails unless this additional test dependency
is added.

The plugin bill of materials upgrade described in
https://github.com/jenkinsci/bom/releases/tag/2423.vce598171d115 includes:

* jenkinsci/bom#2461
  Bump commons-text-api from 1.10.0-68... to 1.10.0-78...

I don't understand why the test dependency is needed now but was not
needed previously, but it is a simple change to add the test dependency.
@dependabot dependabot bot merged commit 92c7447 into master Sep 10, 2023
@dependabot dependabot bot deleted the dependabot/maven/master/io.jenkins.tools.bom-bom-2.387.x-2423.vce598171d115 branch September 10, 2023 12:19
MarkEWaite added a commit to MarkEWaite/bom that referenced this pull request Sep 16, 2023
…enkinsci#2471)"

jenkinsci#2484 describes the unexpected
addition of commons-text-api as a new dependency for many consumers of
the plugin bill of materials.

Rather than having more and more plugins adding dependencies on the
commons-text-api or the commons-lang3-api plugin, let's keep the
checks-api dependency at 2.0.0 instead of 2.0.1.

jenkinsci/checks-api-plugin#233 is the issue
reported to the checks-api plugin.  Once that issue is resolved, we
should be able to use more recent checks-api plugin versions.

Dependency updates that had to add commons-text-api included:

* jenkinsci/bitbucket-kubernetes-credentials-plugin#133
* jenkinsci/elastic-axis-plugin#309
* jenkinsci/nodelabelparameter-plugin#265
* jenkinsci/testng-plugin-plugin#244

This reverts commit 729dfb2.
MarkEWaite added a commit to MarkEWaite/bom that referenced this pull request Sep 17, 2023
…enkinsci#2471)"

jenkinsci#2484 describes the unexpected
addition of commons-text-api as a new dependency for many consumers of
the plugin bill of materials.

Rather than having more and more plugins adding dependencies on the
commons-text-api or the commons-lang3-api plugin, let's keep the
checks-api dependency at 2.0.0 instead of 2.0.1.

jenkinsci/checks-api-plugin#233 is the issue
reported to the checks-api plugin.  Once that issue is resolved, we
should be able to use more recent checks-api plugin versions.

Dependency updates that had to add commons-text-api included:

* jenkinsci/bitbucket-kubernetes-credentials-plugin#133
* jenkinsci/elastic-axis-plugin#309
* jenkinsci/nodelabelparameter-plugin#265
* jenkinsci/testng-plugin-plugin#244

This reverts commit 729dfb2.
MarkEWaite added a commit to jenkinsci/bom that referenced this pull request Sep 17, 2023
* Pin previous credentials-binding release for LTS profiles

The most recent release of the credentials-binding plugin adds masking
for base64 credentials.  That's a nice improvement.  Unfortunately,
it causes one of the config-file-provider tests to fail.

Adapt older bom profiles to "Bump credentials-binding (#2509)" by
retaining the current version of the credentials binding plugin on
the weekly release and pinning the previous credentials binding plugin
release on the LTS releases.

Could exclude the test failure on all releases, but it seemed better
to be able to detect test failures from the weekly release even if we
can't yet test the new version with the LTS releases.

This partially reverts commit bab8257.

* Revert "Bump checks-api.version from 2.0.0 to 2.0.1 in /bom-weekly (#2471)"

#2484 describes the unexpected
addition of commons-text-api as a new dependency for many consumers of
the plugin bill of materials.

Rather than having more and more plugins adding dependencies on the
commons-text-api or the commons-lang3-api plugin, let's keep the
checks-api dependency at 2.0.0 instead of 2.0.1.

jenkinsci/checks-api-plugin#233 is the issue
reported to the checks-api plugin.  Once that issue is resolved, we
should be able to use more recent checks-api plugin versions.

Dependency updates that had to add commons-text-api included:

* jenkinsci/bitbucket-kubernetes-credentials-plugin#133
* jenkinsci/elastic-axis-plugin#309
* jenkinsci/nodelabelparameter-plugin#265
* jenkinsci/testng-plugin-plugin#244

This reverts commit 729dfb2.
@MarkEWaite MarkEWaite removed the chore Reduces maintenance effort by changes not directly visible to users label Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Dependency related change
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant