Bump promoted-builds optional dependency to 892.vd6219fc0a_efb #378
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
892.vd6219fc0a_efb was released 2 years ago. Over 50% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb. Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130 https://stats.jenkins.io/pluginversions/promoted-builds.html shows that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. A step towards eventually upgrading the promoted-builds optional dependency that is part of the git plugin. Attempts to update that optional dependency have shown consistent failures in the plugin bill of materials. * jenkinsci/bom#3170 * jenkinsci/bom#2809 Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb - [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb) Also removes unnecessary exclusions
https://stats.jenkins.io/pluginversions/parameterized-trigger.html shows that 80% of the installations of 787.v665fcf2a_830b_ release (6 months old) are already running Jenkins 2.426.3. https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 advises users to upgrade to Jenkins 2.426.3 or newer to resolve a critical security vulnerability.
This was referenced May 6, 2024
MarkEWaite
added a commit
to MarkEWaite/bom
that referenced
this pull request
May 6, 2024
The parameterized trigger plugin has an optional dependency on promoted builds plugin 3.11. The git plugin also declares an optional dependency on the promoted builds plugin 3.11. Attempts to update that optional dependency in the git plugin have failed. This is an attempt to upgrade the dependency in the promoted builds plugin first, in hopes that will eventually allow the dependency to be updated in the git plugin. Tests the plugin built from: * jenkinsci/parameterized-trigger-plugin#378
…omoted-builds-892.vd6219fc0a_efb
MarkEWaite
added a commit
to MarkEWaite/git-plugin
that referenced
this pull request
May 6, 2024
892.vd6219fc0a_efb was released 2 years ago. Over 50% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb. Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130. Upgrading to 892.vd6219fc0a_efb will fix that issue for users. https://stats.jenkins.io/pluginversions//promoted-builds.html shows that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. Attempts to update that optional dependency to the most recent release have shown consistent failures in the plugin bill of materials. * jenkinsci/bom#3170 * jenkinsci/bom#2809 This likely needs to be combined with the parameterized trigger plugin upgrade of the same dependency to the same version. Refer to * jenkinsci/parameterized-trigger-plugin#378 Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb - [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb)
jenkinsci/bom#3171 describes the issue. The promoted builds version needs to be kept the same in the git plugin and in the paramaterized trigger plugin. If they are not the same, then tests will fail in the plugin bill of materials.
…omoted-builds-892.vd6219fc0a_efb
|
@gounthar this is ready to review. Tests pass when the optional dependency on promoted builds plugin is updated to the same new value in both the git plugin and the parameterized trigger plugin. That means we'll need a release of git plugin and a release of parameterized trigger plugin in the same plugin BOM release. The catalyst for the parameterized trigger release will be the merge of I still need to identify the catalyst for the git plugin release. I'd like to release this week, but need to be sure that the git plugin release is well tested. |
gounthar
approved these changes
May 6, 2024
MarkEWaite
deleted the
dependabot/maven/org.jenkins-ci.plugins-promoted-builds-892.vd6219fc0a_efb
branch
MarkEWaite
added a commit
to jenkinsci/git-plugin
that referenced
this pull request
May 7, 2024
* Require Jenkins 2.426.3 or newer https://stats.jenkins.io/pluginversions/git.html shows that 82% of the 125k installations of the 5.2.1 release (most recent, 6 months old) are already running 2.426.3 or newer. https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 was published in Jan 2024 and strongly recommends that users upgrade to 2.426.3 or newer. * Test with promoted-builds 940.va_9b_59a_717a_b_1 Removes the dependency on project-inheritance. Previous releases resolved the security issue that was still open in 3.11. * Remove recently introduced trailing white space * Remove dependabot exclusion of promoted builds * Use (optional) promoted builds 945.v597f5c6a_d3fd * Remove diff to master branch * Bump promoted-builds optional dependency to 892.vd6219fc0a_efb 892.vd6219fc0a_efb was released 2 years ago. Over 50% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb. Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130. Upgrading to 892.vd6219fc0a_efb will fix that issue for users. https://stats.jenkins.io/pluginversions//promoted-builds.html shows that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. Attempts to update that optional dependency to the most recent release have shown consistent failures in the plugin bill of materials. * jenkinsci/bom#3170 * jenkinsci/bom#2809 This likely needs to be combined with the parameterized trigger plugin upgrade of the same dependency to the same version. Refer to * jenkinsci/parameterized-trigger-plugin#378 Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb - [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb) * Do not check for promoted-builds updates
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bump promoted-builds optional dependency to 892.vd6219fc0a_efb
892.vd6219fc0a_efb was released 2 years ago. Over 55% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb.
Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130. Upgrading to 892.vd6219fc0a_efb will fix that issue for users.
Installation statistics show that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. A step towards eventually upgrading the promoted-builds optional dependency that is part of the git plugin. Attempts to update that optional dependency have shown consistent failures in the plugin bill of materials.
Bumps promoted-builds from 3.11 to 892.vd6219fc0a_efb
Also removes unnecessary exclusions.
Also upgrades to the most recent parent pom.
Also requires Jenkins 2.426.3 or newer because installation statistics show that 80% of the installations of 787.v665fcf2a_830b_ release (6 months old) are already running Jenkins 2.426.3.
SECURITY-3314 advises users to upgrade to Jenkins 2.426.3 or newer to resolve a critical security vulnerability.
Testing done
Rely on ci.jenkins.io and on a pull request to the plugin bill of materials to check the upgrade.
Testing in plugin bill of materials with:
Test uses builds from this pull request and from a matching git plugin pull request:
Submitter checklist