Bump org.kohsuke.stapler:stapler-groovy from 1802.v9e2750160d01 to 1802.1804.va_8d30483a_7f7 #540
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [org.kohsuke.stapler:stapler-groovy](https://github.com/jenkinsci/stapler) from 1802.v9e2750160d01 to 1802.1804.va_8d30483a_7f7. - [Release notes](https://github.com/jenkinsci/stapler/releases) - [Changelog](https://github.com/jenkinsci/stapler/blob/master/CHANGELOG.md) - [Commits](https://github.com/jenkinsci/stapler/commits) --- updated-dependencies: - dependency-name: org.kohsuke.stapler:stapler-groovy dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
There was a problem hiding this comment.
I can't tell if this version number is the latest one or not because the version number makes no sense to me. @daniel-beck can you confirm that we want to upgrade to this version?
jenkinsci/jenkins@f06bb88 is the commit in Jenkins 2.424 that includes that version of stapler in Jenkins core as part of SECURITY-3073. I don't think that the security fix provided to Jenkins core is needed in the Maven hpi plugin, but upgrading will keep the maven hpi plugin consistent with Jenkins core. |
X.Y is newer than X for any Y > 0. So, yes, this is the latest release. More specifically, it's the JEP-229 backport version scheme documented here. We use it here even though it's not a backport because we didn't want to pick up unreleased changes from
I don't know what this is in hpi plugin for. Purely guessing, getting this security fix is not really relevant in this context. So merging this might make sense if we want to make various bots and tools happy, but otherwise unlikely to matter. |
dependabot
bot
deleted the
dependabot/maven/org.kohsuke.stapler-stapler-groovy-1802.1804.va_8d30483a_7f7
branch
Bumps org.kohsuke.stapler:stapler-groovy from 1802.v9e2750160d01 to 1802.1804.va_8d30483a_7f7.
Release notes
Sourced from org.kohsuke.stapler:stapler-groovy's releases.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)