If dependabot is somehow slower than I am at updating dependencies, I'll make sure to complain to them. ;)
On Thu, May 23, 2019 at 1:59 AM Gavin Mogan <[email protected]> wrote: > > Please go ahead with both, I can always @dependbot ignore on blueocean as > needed. > > On Wed, May 22, 2019 at 11:47 PM Oleg Nenashev <[email protected]> wrote: >> >> Hi all, >> >> I am fine with going forward with enabling Dependabot for a wider set of >> plugins. But IMHO it is still not ready for GA. Why? >> >> We are still missing usage guidelines as it was discussed in the original >> emails >> In Dependabot there is also no way to set Dependabot on an organization >> level, and it complicates the adoptions for plugins >> (dependabot/feedback/issues/353) >> Dependabot needs write permissions to the repo. If you want to enable it for >> a mission-critical component, it might make sense to think twice before >> doing so >> We are missing feedback from early adopters. There are some comments in this >> thread + this Google Doc. >> >> Personally I am pretty fine with Dependabot results for my projects, and I >> am ready to go forward with plugins. >> >>> >>> I'd really love to see the jackson repo most of all because I could get the >>> PR ready to release by the time jackson gets around to announcing that >>> release. Helps speed up resolution of their countless CVEs over time. >>> - show quoted text - >> >> >> With Dependabot you get "eventual security" (c) at best. Delivery of patches >> may be delivered by a week or so. It does not replace the security process >> in the Jenkins organization, but I do agree that keeping dependencies up to >> date reduced number of issues in projects which disclose security fixes >> post-factum after the release. >> >>> is it setup for all deps or only the parent plugin? >>> Can blueocean-plugin get updated for the parent plugin (or is that a config >>> file somewhere)? >> >> Dependabot manages all dependencies it can digest. It can handle almost all >> dependencies in Maven, including ones with versions defined by system >> properties. Maven plugins will be also updated >> BlueOcean plugins (multi-module repos) will be also handled by Dependabot. >> Now it supports multi-module repos >>> >>> Can I have the following added: >>> >>> Can blueocean-display-url-plugin get it enabled? >> >> >> I can add them if you want to proceed after the comments above. >> >> Best regards, >> Oleg >> >> >> On Thursday, May 23, 2019 at 2:56:21 AM UTC+2, Gavin Mogan wrote: >>> >>> Can blueocean-display-url-plugin get it enabled? is it setup for all deps >>> or only the parent plugin? >>> Can blueocean-plugin get updated for the parent plugin (or is that a config >>> file somewhere)? >>> >>> On Tue, May 21, 2019 at 12:36 PM Matt Sicker <[email protected]> wrote: >>>> >>>> I'd really love to see the jackson repo most of all because I could >>>> get the PR ready to release by the time jackson gets around to >>>> announcing that release. Helps speed up resolution of their countless >>>> CVEs over time. >>>> >>>> On Tue, May 21, 2019 at 2:12 PM Mark Waite <[email protected]> wrote: >>>> > >>>> > I've been very happy with dependabot enabled on the >>>> > platformlabeler-plugin in the Jenkins organization. >>>> > >>>> > I've also continued my experiment allowing it to run on my forks of the >>>> > git plugin and git client plugin. It has been helpful in all cases. >>>> > >>>> > By the time I am reviewing a dependabot pull request to update a >>>> > dependency, the CI job has completed and test results are available. >>>> > >>>> > On Tue, May 21, 2019 at 12:36 PM Matt Sicker <[email protected]> >>>> > wrote: >>>> >> >>>> >> Can I have the following added: >>>> >> >>>> >> https://github.com/jenkinsci/jackson2-api-plugin >>>> >> https://github.com/jenkinsci/jsch-plugin >>>> >> https://github.com/jenkinsci/pam-auth-plugin >>>> >> https://github.com/jenkinsci/ssh-credentials-plugin >>>> >> https://github.com/jenkinsci/audit-log-plugin >>>> >> >>>> >> On Thu, May 2, 2019 at 2:35 AM Baptiste Mathus <[email protected]> wrote: >>>> >> > >>>> >> > Done Carlos. >>>> >> > >>>> >> > Le jeu. 2 mai 2019 à 09:28, Carlos Sanchez <[email protected]> a >>>> >> > écrit : >>>> >> >> >>>> >> >> please add https://github.com/jenkinsci/kubernetes-plugin >>>> >> >> >>>> >> >> thanks >>>> >> >> >>>> >> >> On Wed, Mar 27, 2019 at 5:33 PM Jesse Glick <[email protected]> >>>> >> >> wrote: >>>> >> >>> >>>> >> >>> Please remove `pipeline-cloudwatch-logs-plugin` since its >>>> >> >>> interesting >>>> >> >>> tests are not currently run in CI. >>>> >> >>> >>>> >> >>> -- >>>> >> >>> You received this message because you are subscribed to the Google >>>> >> >>> Groups "Jenkins Developers" group. >>>> >> >>> To unsubscribe from this group and stop receiving emails from it, >>>> >> >>> send an email to [email protected]. >>>> >> >>> To view this discussion on the web visit >>>> >> >>> https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3%2BA%3DuSo4kmOM_BXjbOVeN9u9UFUChB59csZGhW7AoPgA%40mail.gmail.com. >>>> >> >>> For more options, visit https://groups.google.com/d/optout. >>>> >> >> >>>> >> >> -- >>>> >> >> You received this message because you are subscribed to the Google >>>> >> >> Groups "Jenkins Developers" group. >>>> >> >> To unsubscribe from this group and stop receiving emails from it, >>>> >> >> send an email to [email protected]. >>>> >> >> To view this discussion on the web visit >>>> >> >> https://groups.google.com/d/msgid/jenkinsci-dev/CALHFn6OAy5HHW_aDNp-xCv69zxvW7p05VCdXh9LjVte%3DOpRhjA%40mail.gmail.com. >>>> >> >> For more options, visit https://groups.google.com/d/optout. >>>> >> > >>>> >> > -- >>>> >> > You received this message because you are subscribed to the Google >>>> >> > Groups "Jenkins Developers" group. >>>> >> > To unsubscribe from this group and stop receiving emails from it, >>>> >> > send an email to [email protected]. >>>> >> > To view this discussion on the web visit >>>> >> > https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS7fQSpnUf8GhGdFyXcQ6SErLMbM9F0PuUKgyAVLzPdi4A%40mail.gmail.com. >>>> >> > For more options, visit https://groups.google.com/d/optout. >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Matt Sicker >>>> >> Senior Software Engineer, CloudBees >>>> >> >>>> >> -- >>>> >> You received this message because you are subscribed to the Google >>>> >> Groups "Jenkins Developers" group. >>>> >> To unsubscribe from this group and stop receiving emails from it, send >>>> >> an email to [email protected]. >>>> >> To view this discussion on the web visit >>>> >> https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4oxJn9wy4t%2BQpH7y2ExWtC4tBEUWSawrQmCy1ucJAx77XQ%40mail.gmail.com. >>>> >> For more options, visit https://groups.google.com/d/optout. >>>> > >>>> > >>>> > >>>> > -- >>>> > Thanks! >>>> > Mark Waite >>>> > >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> > Groups "Jenkins Developers" group. >>>> > To unsubscribe from this group and stop receiving emails from it, send >>>> > an email to [email protected]. >>>> > To view this discussion on the web visit >>>> > https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtFLGQ%3DkRezSywLV9xQubrG6bxxmeMAahoZ%2BXcNyzEh0kA%40mail.gmail.com. >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>>> >>>> >>>> -- >>>> Matt Sicker >>>> Senior Software Engineer, CloudBees >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Jenkins Developers" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4ow%2BJwMWR%2BD51YDNK-4%2BNyvwTYW83tkPELn_QN-W9GaMLA%40mail.gmail.com. >>>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/39d5d27a-4371-4bf5-b8fb-89e1b77419ef%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CAAgr96%2BuzzLs5r4Atc6vJNVxGq_h3Do-KyCq11GYpG1TFH8XKA%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout. -- Matt Sicker Senior Software Engineer, CloudBees -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAEot4ozx1%2BAXwsRxxZuC3Pia48478Bv%2BRgdMty2dVw%2B1HWE6Ng%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
