OK, I've just filed https://github.com/jenkinsci/jenkins/pull/5108 as Jesse and Tim are suggesting we go the "deny" path.
I think indeed the idea to deny/ignore the dependency that we know they shouldn't be automated is probably good as we may see some interesting things. @Oleg Nenashev <[email protected]> if you feel strongly we should really add things more progressively, just tell me. I'm fine and I'll adjust the PR or create a new one with a proposal of first deps. Thanks all! Le ven. 11 déc. 2020 à 15:39, Jesse Glick <[email protected]> a écrit : > I would suggest using a deny list. You will get an initial spray of > PRs, mostly to `bom/pom.xml`. Some we will reject as unsafe (likely > breaking change for plugins relying on core classpath), which we can > then add as exclusions in Dependabot config. But we may be surprised > by helpful updates that we would never have thought to add to an allow > list. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3v5CgCcqf%3DMysY8N9-AOpOrFkqh%2BuNLxbSx%3DVw3Q%2Bynw%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS5uS7Y8PP76Lk2yZhSsACKhizRcEFOB9YCKLw6DRZK-0g%40mail.gmail.com.
