If dependabot is somehow slower than I am at updating dependencies, I'll make sure to complain to them. ;)
On Thu, May 23, 2019 at 1:59 AM Gavin Mogan <gmo...@cloudbees.com> wrote: > > Please go ahead with both, I can always @dependbot ignore on blueocean as > needed. > > On Wed, May 22, 2019 at 11:47 PM Oleg Nenashev <o.v.nenas...@gmail.com> wrote: >> >> Hi all, >> >> I am fine with going forward with enabling Dependabot for a wider set of >> plugins. But IMHO it is still not ready for GA. Why? >> >> We are still missing usage guidelines as it was discussed in the original >> emails >> In Dependabot there is also no way to set Dependabot on an organization >> level, and it complicates the adoptions for plugins >> (dependabot/feedback/issues/353) >> Dependabot needs write permissions to the repo. If you want to enable it for >> a mission-critical component, it might make sense to think twice before >> doing so >> We are missing feedback from early adopters. There are some comments in this >> thread + this Google Doc. >> >> Personally I am pretty fine with Dependabot results for my projects, and I >> am ready to go forward with plugins. >> >>> >>> I'd really love to see the jackson repo most of all because I could get the >>> PR ready to release by the time jackson gets around to announcing that >>> release. Helps speed up resolution of their countless CVEs over time. >>> - show quoted text - >> >> >> With Dependabot you get "eventual security" (c) at best. Delivery of patches >> may be delivered by a week or so. It does not replace the security process >> in the Jenkins organization, but I do agree that keeping dependencies up to >> date reduced number of issues in projects which disclose security fixes >> post-factum after the release. >> >>> is it setup for all deps or only the parent plugin? >>> Can blueocean-plugin get updated for the parent plugin (or is that a config >>> file somewhere)? >> >> Dependabot manages all dependencies it can digest. It can handle almost all >> dependencies in Maven, including ones with versions defined by system >> properties. Maven plugins will be also updated >> BlueOcean plugins (multi-module repos) will be also handled by Dependabot. >> Now it supports multi-module repos >>> >>> Can I have the following added: >>> >>> Can blueocean-display-url-plugin get it enabled? >> >> >> I can add them if you want to proceed after the comments above. >> >> Best regards, >> Oleg >> >> >> On Thursday, May 23, 2019 at 2:56:21 AM UTC+2, Gavin Mogan wrote: >>> >>> Can blueocean-display-url-plugin get it enabled? is it setup for all deps >>> or only the parent plugin? >>> Can blueocean-plugin get updated for the parent plugin (or is that a config >>> file somewhere)? >>> >>> On Tue, May 21, 2019 at 12:36 PM Matt Sicker <msi...@cloudbees.com> wrote: >>>> >>>> I'd really love to see the jackson repo most of all because I could >>>> get the PR ready to release by the time jackson gets around to >>>> announcing that release. Helps speed up resolution of their countless >>>> CVEs over time. >>>> >>>> On Tue, May 21, 2019 at 2:12 PM Mark Waite <mark.e...@gmail.com> wrote: >>>> > >>>> > I've been very happy with dependabot enabled on the >>>> > platformlabeler-plugin in the Jenkins organization. >>>> > >>>> > I've also continued my experiment allowing it to run on my forks of the >>>> > git plugin and git client plugin. It has been helpful in all cases. >>>> > >>>> > By the time I am reviewing a dependabot pull request to update a >>>> > dependency, the CI job has completed and test results are available. >>>> > >>>> > On Tue, May 21, 2019 at 12:36 PM Matt Sicker <msi...@cloudbees.com> >>>> > wrote: >>>> >> >>>> >> Can I have the following added: >>>> >> >>>> >> https://github.com/jenkinsci/jackson2-api-plugin >>>> >> https://github.com/jenkinsci/jsch-plugin >>>> >> https://github.com/jenkinsci/pam-auth-plugin >>>> >> https://github.com/jenkinsci/ssh-credentials-plugin >>>> >> https://github.com/jenkinsci/audit-log-plugin >>>> >> >>>> >> On Thu, May 2, 2019 at 2:35 AM Baptiste Mathus <m...@batmat.net> wrote: >>>> >> > >>>> >> > Done Carlos. >>>> >> > >>>> >> > Le jeu. 2 mai 2019 à 09:28, Carlos Sanchez <car...@apache.org> a >>>> >> > écrit : >>>> >> >> >>>> >> >> please add https://github.com/jenkinsci/kubernetes-plugin >>>> >> >> >>>> >> >> thanks >>>> >> >> >>>> >> >> On Wed, Mar 27, 2019 at 5:33 PM Jesse Glick <jgl...@cloudbees.com> >>>> >> >> wrote: >>>> >> >>> >>>> >> >>> Please remove `pipeline-cloudwatch-logs-plugin` since its >>>> >> >>> interesting >>>> >> >>> tests are not currently run in CI. >>>> >> >>> >>>> >> >>> -- >>>> >> >>> You received this message because you are subscribed to the Google >>>> >> >>> Groups "Jenkins Developers" group. >>>> >> >>> To unsubscribe from this group and stop receiving emails from it, >>>> >> >>> send an email to jenkin...@googlegroups.com. >>>> >> >>> To view this discussion on the web visit >>>> >> >>> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3%2BA%3DuSo4kmOM_BXjbOVeN9u9UFUChB59csZGhW7AoPgA%40mail.gmail.com. >>>> >> >>> For more options, visit https://groups.google.com/d/optout. >>>> >> >> >>>> >> >> -- >>>> >> >> You received this message because you are subscribed to the Google >>>> >> >> Groups "Jenkins Developers" group. >>>> >> >> To unsubscribe from this group and stop receiving emails from it, >>>> >> >> send an email to jenkin...@googlegroups.com. >>>> >> >> To view this discussion on the web visit >>>> >> >> https://groups.google.com/d/msgid/jenkinsci-dev/CALHFn6OAy5HHW_aDNp-xCv69zxvW7p05VCdXh9LjVte%3DOpRhjA%40mail.gmail.com. >>>> >> >> For more options, visit https://groups.google.com/d/optout. >>>> >> > >>>> >> > -- >>>> >> > You received this message because you are subscribed to the Google >>>> >> > Groups "Jenkins Developers" group. >>>> >> > To unsubscribe from this group and stop receiving emails from it, >>>> >> > send an email to jenkin...@googlegroups.com. >>>> >> > To view this discussion on the web visit >>>> >> > https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS7fQSpnUf8GhGdFyXcQ6SErLMbM9F0PuUKgyAVLzPdi4A%40mail.gmail.com. >>>> >> > For more options, visit https://groups.google.com/d/optout. >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Matt Sicker >>>> >> Senior Software Engineer, CloudBees >>>> >> >>>> >> -- >>>> >> You received this message because you are subscribed to the Google >>>> >> Groups "Jenkins Developers" group. >>>> >> To unsubscribe from this group and stop receiving emails from it, send >>>> >> an email to jenkin...@googlegroups.com. >>>> >> To view this discussion on the web visit >>>> >> https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4oxJn9wy4t%2BQpH7y2ExWtC4tBEUWSawrQmCy1ucJAx77XQ%40mail.gmail.com. >>>> >> For more options, visit https://groups.google.com/d/optout. >>>> > >>>> > >>>> > >>>> > -- >>>> > Thanks! >>>> > Mark Waite >>>> > >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> > Groups "Jenkins Developers" group. >>>> > To unsubscribe from this group and stop receiving emails from it, send >>>> > an email to jenkin...@googlegroups.com. >>>> > To view this discussion on the web visit >>>> > https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtFLGQ%3DkRezSywLV9xQubrG6bxxmeMAahoZ%2BXcNyzEh0kA%40mail.gmail.com. >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>>> >>>> >>>> -- >>>> Matt Sicker >>>> Senior Software Engineer, CloudBees >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Jenkins Developers" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to jenkin...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4ow%2BJwMWR%2BD51YDNK-4%2BNyvwTYW83tkPELn_QN-W9GaMLA%40mail.gmail.com. >>>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-dev+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/39d5d27a-4371-4bf5-b8fb-89e1b77419ef%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CAAgr96%2BuzzLs5r4Atc6vJNVxGq_h3Do-KyCq11GYpG1TFH8XKA%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- Matt Sicker Senior Software Engineer, CloudBees -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4ozx1%2BAXwsRxxZuC3Pia48478Bv%2BRgdMty2dVw%2B1HWE6Ng%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
