Please go ahead with both, I can always @dependbot ignore on blueocean as needed.
On Wed, May 22, 2019 at 11:47 PM Oleg Nenashev <[email protected]> wrote: > Hi all, > > I am fine with going forward with enabling Dependabot for a wider set of > plugins. But IMHO it is still not ready for GA. Why? > > - We are still missing usage guidelines as it was discussed in the > original emails > - In Dependabot there is also no way to set Dependabot on an > organization level, and it complicates the adoptions for plugins ( > dependabot/feedback/issues/353 > <https://github.com/dependabot/feedback/issues/353>) > - Dependabot needs write permissions to the repo. If you want to > enable it for a mission-critical component, it might make sense to think > twice before doing so > - We are missing feedback from early adopters. There are some comments > in this thread + this Google Doc > > <https://docs.google.com/document/d/1hRrH8PSCswBQgY_Q-7eHCHCVZHJOl4XgQQCswdUmpKY/edit> > . > > Personally I am pretty fine with Dependabot results for my projects, and I > am ready to go forward with plugins. > > >> I'd really love to see the jackson repo most of all because I could get >> the PR ready to release by the time jackson gets around to announcing that >> release. Helps speed up resolution of their countless CVEs over time. >> - show quoted text - >> > > With Dependabot you get "eventual security" (c) at best. Delivery of > patches may be delivered by a week or so. It does not replace the security > process in the Jenkins organization, but I do agree that keeping > dependencies up to date reduced number of issues in projects which disclose > security fixes post-factum after the release. > > is it setup for all deps or only the parent plugin? >> Can blueocean-plugin get updated for the parent plugin (or is that a >> config file somewhere)? > > > - Dependabot manages all dependencies it can digest. It can handle > almost all dependencies in Maven, including ones with versions defined by > system properties. Maven plugins will be also updated > - BlueOcean plugins (multi-module repos) will be also handled by > Dependabot. Now it supports multi-module repos > > Can I have the following added: >> > Can blueocean-display-url-plugin get it enabled? > > > I can add them if you want to proceed after the comments above. > > Best regards, > Oleg > > > On Thursday, May 23, 2019 at 2:56:21 AM UTC+2, Gavin Mogan wrote: >> >> Can blueocean-display-url-plugin get it enabled? is it setup for all deps >> or only the parent plugin? >> Can blueocean-plugin get updated for the parent plugin (or is that a >> config file somewhere)? >> >> On Tue, May 21, 2019 at 12:36 PM Matt Sicker <[email protected]> >> wrote: >> >>> I'd really love to see the jackson repo most of all because I could >>> get the PR ready to release by the time jackson gets around to >>> announcing that release. Helps speed up resolution of their countless >>> CVEs over time. >>> >>> On Tue, May 21, 2019 at 2:12 PM Mark Waite <[email protected]> wrote: >>> > >>> > I've been very happy with dependabot enabled on the >>> platformlabeler-plugin in the Jenkins organization. >>> > >>> > I've also continued my experiment allowing it to run on my forks of >>> the git plugin and git client plugin. It has been helpful in all cases. >>> > >>> > By the time I am reviewing a dependabot pull request to update a >>> dependency, the CI job has completed and test results are available. >>> > >>> > On Tue, May 21, 2019 at 12:36 PM Matt Sicker <[email protected]> >>> wrote: >>> >> >>> >> Can I have the following added: >>> >> >>> >> https://github.com/jenkinsci/jackson2-api-plugin >>> >> https://github.com/jenkinsci/jsch-plugin >>> >> https://github.com/jenkinsci/pam-auth-plugin >>> >> https://github.com/jenkinsci/ssh-credentials-plugin >>> >> https://github.com/jenkinsci/audit-log-plugin >>> >> >>> >> On Thu, May 2, 2019 at 2:35 AM Baptiste Mathus <[email protected]> >>> wrote: >>> >> > >>> >> > Done Carlos. >>> >> > >>> >> > Le jeu. 2 mai 2019 à 09:28, Carlos Sanchez <[email protected]> a >>> écrit : >>> >> >> >>> >> >> please add https://github.com/jenkinsci/kubernetes-plugin >>> >> >> >>> >> >> thanks >>> >> >> >>> >> >> On Wed, Mar 27, 2019 at 5:33 PM Jesse Glick <[email protected]> >>> wrote: >>> >> >>> >>> >> >>> Please remove `pipeline-cloudwatch-logs-plugin` since its >>> interesting >>> >> >>> tests are not currently run in CI. >>> >> >>> >>> >> >>> -- >>> >> >>> You received this message because you are subscribed to the >>> Google Groups "Jenkins Developers" group. >>> >> >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> >> >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3%2BA%3DuSo4kmOM_BXjbOVeN9u9UFUChB59csZGhW7AoPgA%40mail.gmail.com >>> . >>> >> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >>> >> >> -- >>> >> >> You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> >> >> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> >> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/CALHFn6OAy5HHW_aDNp-xCv69zxvW7p05VCdXh9LjVte%3DOpRhjA%40mail.gmail.com >>> . >>> >> >> For more options, visit https://groups.google.com/d/optout. >>> >> > >>> >> > -- >>> >> > You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> >> > To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> >> > To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS7fQSpnUf8GhGdFyXcQ6SErLMbM9F0PuUKgyAVLzPdi4A%40mail.gmail.com >>> . >>> >> > For more options, visit https://groups.google.com/d/optout. >>> >> >>> >> >>> >> >>> >> -- >>> >> Matt Sicker >>> >> Senior Software Engineer, CloudBees >>> >> >>> >> -- >>> >> You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> >> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4oxJn9wy4t%2BQpH7y2ExWtC4tBEUWSawrQmCy1ucJAx77XQ%40mail.gmail.com >>> . >>> >> For more options, visit https://groups.google.com/d/optout. >>> > >>> > >>> > >>> > -- >>> > Thanks! >>> > Mark Waite >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> > To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtFLGQ%3DkRezSywLV9xQubrG6bxxmeMAahoZ%2BXcNyzEh0kA%40mail.gmail.com >>> . >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> -- >>> Matt Sicker >>> Senior Software Engineer, CloudBees >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4ow%2BJwMWR%2BD51YDNK-4%2BNyvwTYW83tkPELn_QN-W9GaMLA%40mail.gmail.com >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/39d5d27a-4371-4bf5-b8fb-89e1b77419ef%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/39d5d27a-4371-4bf5-b8fb-89e1b77419ef%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAAgr96%2BuzzLs5r4Atc6vJNVxGq_h3Do-KyCq11GYpG1TFH8XKA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
