-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump promoted-builds optional dependency to 892.vd6219fc0a_efb #378
Bump promoted-builds optional dependency to 892.vd6219fc0a_efb #378
Conversation
892.vd6219fc0a_efb was released 2 years ago. Over 50% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb. Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130 https://stats.jenkins.io/pluginversions/promoted-builds.html shows that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. A step towards eventually upgrading the promoted-builds optional dependency that is part of the git plugin. Attempts to update that optional dependency have shown consistent failures in the plugin bill of materials. * jenkinsci/bom#3170 * jenkinsci/bom#2809 Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb - [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb) Also removes unnecessary exclusions
https://stats.jenkins.io/pluginversions/parameterized-trigger.html shows that 80% of the installations of 787.v665fcf2a_830b_ release (6 months old) are already running Jenkins 2.426.3. https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 advises users to upgrade to Jenkins 2.426.3 or newer to resolve a critical security vulnerability.
The parameterized trigger plugin has an optional dependency on promoted builds plugin 3.11. The git plugin also declares an optional dependency on the promoted builds plugin 3.11. Attempts to update that optional dependency in the git plugin have failed. This is an attempt to upgrade the dependency in the promoted builds plugin first, in hopes that will eventually allow the dependency to be updated in the git plugin. Tests the plugin built from: * jenkinsci/parameterized-trigger-plugin#378
…omoted-builds-892.vd6219fc0a_efb
892.vd6219fc0a_efb was released 2 years ago. Over 50% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb. Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130. Upgrading to 892.vd6219fc0a_efb will fix that issue for users. https://stats.jenkins.io/pluginversions//promoted-builds.html shows that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. Attempts to update that optional dependency to the most recent release have shown consistent failures in the plugin bill of materials. * jenkinsci/bom#3170 * jenkinsci/bom#2809 This likely needs to be combined with the parameterized trigger plugin upgrade of the same dependency to the same version. Refer to * jenkinsci/parameterized-trigger-plugin#378 Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb - [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb)
jenkinsci/bom#3171 describes the issue. The promoted builds version needs to be kept the same in the git plugin and in the paramaterized trigger plugin. If they are not the same, then tests will fail in the plugin bill of materials.
…omoted-builds-892.vd6219fc0a_efb
@gounthar this is ready to review. Tests pass when the optional dependency on promoted builds plugin is updated to the same new value in both the git plugin and the parameterized trigger plugin. That means we'll need a release of git plugin and a release of parameterized trigger plugin in the same plugin BOM release. The catalyst for the parameterized trigger release will be the merge of I still need to identify the catalyst for the git plugin release. I'd like to release this week, but need to be sure that the git plugin release is well tested. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, Mark, for the detailed explanation and the links. 👍
* Require Jenkins 2.426.3 or newer https://stats.jenkins.io/pluginversions/git.html shows that 82% of the 125k installations of the 5.2.1 release (most recent, 6 months old) are already running 2.426.3 or newer. https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 was published in Jan 2024 and strongly recommends that users upgrade to 2.426.3 or newer. * Test with promoted-builds 940.va_9b_59a_717a_b_1 Removes the dependency on project-inheritance. Previous releases resolved the security issue that was still open in 3.11. * Remove recently introduced trailing white space * Remove dependabot exclusion of promoted builds * Use (optional) promoted builds 945.v597f5c6a_d3fd * Remove diff to master branch * Bump promoted-builds optional dependency to 892.vd6219fc0a_efb 892.vd6219fc0a_efb was released 2 years ago. Over 50% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb. Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130. Upgrading to 892.vd6219fc0a_efb will fix that issue for users. https://stats.jenkins.io/pluginversions//promoted-builds.html shows that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. Attempts to update that optional dependency to the most recent release have shown consistent failures in the plugin bill of materials. * jenkinsci/bom#3170 * jenkinsci/bom#2809 This likely needs to be combined with the parameterized trigger plugin upgrade of the same dependency to the same version. Refer to * jenkinsci/parameterized-trigger-plugin#378 Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb - [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb) * Do not check for promoted-builds updates
Bump promoted-builds optional dependency to 892.vd6219fc0a_efb
892.vd6219fc0a_efb was released 2 years ago. Over 55% of all installations of the promoted builds plugin are already using 892.vd6219fc0a_efb or newer. Those users will see no difference from this change, since they are already using 892.vd6219fc0a_efb.
Recent Jenkins versions will display broken icons with older versions of the promoted builds plugin. Fixed in jenkinsci/promoted-builds-plugin#170 as part of 873.v6149db_d64130. Upgrading to 892.vd6219fc0a_efb will fix that issue for users.
Installation statistics show that 892.vd6219fc0a_efb is the second most popular release. It is second only to the most recent release, 945.v597f5c6a_d3fd. A step towards eventually upgrading the promoted-builds optional dependency that is part of the git plugin. Attempts to update that optional dependency have shown consistent failures in the plugin bill of materials.
Bumps promoted-builds from 3.11 to 892.vd6219fc0a_efb
Also removes unnecessary exclusions.
Also upgrades to the most recent parent pom.
Also requires Jenkins 2.426.3 or newer because installation statistics show that 80% of the installations of 787.v665fcf2a_830b_ release (6 months old) are already running Jenkins 2.426.3.
SECURITY-3314 advises users to upgrade to Jenkins 2.426.3 or newer to resolve a critical security vulnerability.
Testing done
Rely on ci.jenkins.io and on a pull request to the plugin bill of materials to check the upgrade.
Testing in plugin bill of materials with:
Test uses builds from this pull request and from a matching git plugin pull request:
Submitter checklist