Bump parent POM from 1.65 to 1.69 #291

basil · 2021-12-03T16:59:52Z

Like #289 but with SpotBugs warnings suppressed and some Enforcer changes.

Bumps [jenkins](https://github.com/jenkinsci/pom) from 1.65 to 1.69. - [Release notes](https://github.com/jenkinsci/pom/releases) - [Changelog](https://github.com/jenkinsci/pom/blob/master/CHANGELOG-old.md) - [Commits](jenkinsci/pom@jenkins-1.65...jenkins-1.69) --- updated-dependencies: - dependency-name: org.jenkins-ci:jenkins dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…2.4 paths to dependency are: +-org.kohsuke.stapler:stapler-jelly:999999-SNAPSHOT +-org.jvnet.hudson:htmlunit:2.6-hudson-2 [test] +-commons-lang:commons-lang:2.4 and +-org.kohsuke.stapler:stapler-jelly:999999-SNAPSHOT +-org.kohsuke.stapler:stapler:999999-SNAPSHOT +-org.kohsuke.stapler:json-lib:2.4-jenkins-3 +-commons-lang:commons-lang:2.5 and +-org.kohsuke.stapler:stapler-jelly:999999-SNAPSHOT +-org.kohsuke.stapler:stapler:999999-SNAPSHOT +-org.kohsuke.stapler:json-lib:2.4-jenkins-3 +-net.sf.ezmorph:ezmorph:1.0.6 +-commons-lang:commons-lang:2.3

jglick · 2021-12-03T17:13:37Z

jelly/pom.xml

+      <dependency>
+        <groupId>commons-lang</groupId>
+        <artifactId>commons-lang</artifactId>
+        <version>2.5</version>


Maybe better to <exclude> it from wherever it was being improperly picked up?

I pasted the error in the commit message. So where do you think it is being improperly picked up?

Looks like both htmlunit and ezmorph, with json-lib asking for the newest version. Not worth bothering over. (When there is just one dep trail which picks up an old lib, and unfortunately that happens to be the one preferred by Maven’s silly “nearest” algorithm, then it is easier to exclude that trail than to maintain an explicit version number.)

When there is just one dep trail which picks up an old lib, and unfortunately that happens to be the one preferred by Maven’s silly “nearest” algorithm, then it is easier to exclude that trail than to maintain an explicit version number

Yeah, I agree. It gets particularly perverse when Dependabot then starts trying to update that number in the <dependencyManagement> section.

dependabot bot and others added 4 commits December 3, 2021 06:05

Suppress SpotBugs warnings

73e2f4a

Could not be bothered with JRuby

89384b8

timja approved these changes Dec 3, 2021

View reviewed changes

timja requested a review from jglick December 3, 2021 17:05

jglick added the dependencies label Dec 3, 2021

jglick approved these changes Dec 3, 2021

View reviewed changes

jglick merged commit c17f520 into jenkinsci:master Dec 3, 2021

basil deleted the org.jenkins-ci-jenkins-1.69 branch December 3, 2021 17:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump parent POM from 1.65 to 1.69 #291

Bump parent POM from 1.65 to 1.69 #291

basil commented Dec 3, 2021

jglick Dec 3, 2021

basil Dec 3, 2021

jglick Dec 3, 2021

basil Dec 3, 2021

Bump parent POM from 1.65 to 1.69 #291

Bump parent POM from 1.65 to 1.69 #291

Conversation

basil commented Dec 3, 2021

jglick Dec 3, 2021

Choose a reason for hiding this comment

basil Dec 3, 2021

Choose a reason for hiding this comment

jglick Dec 3, 2021

Choose a reason for hiding this comment

basil Dec 3, 2021

Choose a reason for hiding this comment