Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Require Jenkins 2.426.3 or newer #1581

Merged
merged 9 commits into from
May 7, 2024
Merged

Require Jenkins 2.426.3 or newer #1581

merged 9 commits into from
May 7, 2024

Conversation

MarkEWaite
Copy link
Contributor

@MarkEWaite MarkEWaite commented May 5, 2024
edited
Loading

Require Jenkins 2.426.3 or newer

Plugin installation statistics show that 82% of the 125k installations of the 5.2.1 release (most recent, 6 months old) are already running 2.426.3 or newer.

SECURITY-3414 was published in Jan 2024 and strongly recommends that users upgrade to 2.426.3 or newer.

Also updates test dependency on promoted-builds plugin to a newer version that matches with the dependency version in the parameterized trigger plugin master branch and with the version of the test dependency in the maven integration plugin.

Checklist

  • I have read the CONTRIBUTING doc
  • I have referenced the Jira issue related to my changes in one or more commit messages
  • I have added tests that verify my changes
  • Unit tests pass locally with my changes
  • I have added documentation as necessary
  • No Javadoc warnings were introduced with my changes
  • No spotbugs warnings were introduced with my changes
  • Documentation in README has been updated as necessary
  • Online help has been added and reviewed for any new or modified fields
  • I have interactively tested my changes
  • Any dependent changes have been merged and published in upstream modules (like git-client-plugin)

Types of changes

What types of changes does your code introduce?

  • Dependency or infrastructure update

MarkEWaite added 2 commits May 5, 2024 02:21
@MarkEWaite
Require Jenkins 2.426.3 or newer
76f3f26 
https://stats.jenkins.io/pluginversions/git.html shows that 82% of the
125k installations of the 5.2.1 release (most recent, 6 months old)
are already running 2.426.3 or newer.

https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 was
published in Jan 2024 and strongly recommends that users upgrade to
2.426.3 or newer.
@MarkEWaite
Test with promoted-builds 940.va_9b_59a_717a_b_1
8d618a2 
Removes the dependency on project-inheritance.  Previous releases resolved
the security issue that was still open in 3.11.
@MarkEWaite MarkEWaite added the chore Reduces maintenance effort by changes not directly visible to users label May 5, 2024
@MarkEWaite MarkEWaite requested a review from a team as a code owner May 5, 2024 09:07
@github-actions github-actions bot added the dependencies Dependency related change label May 5, 2024
MarkEWaite added a commit to MarkEWaite/bom that referenced this pull request May 5, 2024
@MarkEWaite
Test git plugin upgrade of promoted builds dependency
68150ad 
Also tests git client plugin upgrade to require Jenkins 2.426.3 or newer

Evaluates two pending pull requests:

* jenkinsci/git-client-plugin#1129
* jenkinsci/git-plugin#1581
@MarkEWaite MarkEWaite mentioned this pull request May 5, 2024
Closed
MarkEWaite added 6 commits May 5, 2024 04:42
@MarkEWaite
Remove dependabot exclusion of promoted builds
8d01a98
@MarkEWaite
Use (optional) promoted builds 945.v597f5c6a_d3fd
d0a631d
@MarkEWaite
Merge branch 'master' into require-jenkins-2.426.x-or-newer
c71cb3a
@MarkEWaite
Remove diff to master branch
9cfa0d3
@MarkEWaite
Bump promoted-builds optional dependency to 892.vd6219fc0a_efb
466cf96 
892.vd6219fc0a_efb was released 2 years ago.  Over 50% of all
installations of the promoted builds plugin are already using
892.vd6219fc0a_efb or newer.  Those users will see no difference from
this change, since they are already using 892.vd6219fc0a_efb.

Recent Jenkins versions will display broken icons with
older versions of the promoted builds plugin.  Fixed in
jenkinsci/promoted-builds-plugin#170 as part
of 873.v6149db_d64130.  Upgrading to 892.vd6219fc0a_efb will fix that
issue for users.

https://stats.jenkins.io/pluginversions//promoted-builds.html shows that
892.vd6219fc0a_efb is the second most popular release.  It is second
only to the most recent release, 945.v597f5c6a_d3fd.  Attempts to update
that optional dependency to the most recent release have shown consistent
failures in the plugin bill of materials.

* jenkinsci/bom#3170
* jenkinsci/bom#2809

This likely needs to be combined with the parameterized trigger plugin
upgrade of the same dependency to the same version.  Refer to

* jenkinsci/parameterized-trigger-plugin#378

Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb
- [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb)
@MarkEWaite
Do not check for promoted-builds updates
7552457
@MarkEWaite MarkEWaite marked this pull request as draft May 6, 2024 02:37
@MarkEWaite MarkEWaite removed the dependencies Dependency related change label May 6, 2024
@github-actions github-actions bot added the dependencies Dependency related change label May 6, 2024
@MarkEWaite MarkEWaite mentioned this pull request May 6, 2024
Merged
@MarkEWaite MarkEWaite removed the dependencies Dependency related change label May 6, 2024
@MarkEWaite MarkEWaite marked this pull request as ready for review May 6, 2024 13:31
@MarkEWaite MarkEWaite merged commit 3bc3de9 into jenkinsci:master May 7, 2024
15 checks passed
@MarkEWaite MarkEWaite deleted the require-jenkins-2.426.x-or-newer branch May 7, 2024 13:29
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
chore Reduces maintenance effort by changes not directly visible to users
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MarkEWaite