Skip to content

Update plugins in 2023-02-15 security advisory #1760

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jglick merged 2 commits into from
Feb 16, 2023
Merged

Update plugins in 2023-02-15 security advisory #1760

jglick merged 2 commits into from
Feb 16, 2023

Conversation

@daniel-beck
Copy link
Member

@daniel-beck daniel-beck commented Feb 15, 2023

MarkEWaite
MarkEWaite approved these changes Feb 15, 2023
View reviewed changes
Copy link
Contributor

@MarkEWaite MarkEWaite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@MarkEWaite MarkEWaite added the developer Pull requests that merits a release for plugin developers label Feb 15, 2023
@jglick
Copy link
Member

jglick commented Feb 15, 2023

Also in #1761, #1762, #1763.

@jglick jglick enabled auto-merge (squash) February 15, 2023 23:05
@MarkEWaite MarkEWaite mentioned this pull request Feb 16, 2023
Closed
@jglick jglick merged commit 7b22c52 into master Feb 16, 2023
@jglick jglick deleted the security-advisory-2023-02-15 branch February 16, 2023 14:08
This was referenced Feb 16, 2023
Closed
Closed
@jglick
Copy link
Member

jglick commented Feb 16, 2023

BTW I doubt we really need to bother filing these explicitly. From the PoV of the bom, these are just routine plugin updates that can be processed whenever by Dependabot (except in the rare case that a security patch introduces an API or changes behavior likely to be covered by downstream tests).

@daniel-beck
Copy link
Member Author

daniel-beck commented Feb 16, 2023
edited
Loading

@jglick We started doing this because you requested it in #1496 (review). Did we misunderstand what you were asking for?

@jglick
Copy link
Member

jglick commented Feb 16, 2023

Heh, completely forgot about that. In that case it was important to update a set of plugins together, though not because they were part of a security update per se.

Not a problem to do these updates, especially if you already have a process for it. Just FYI that in the typical case that they are unrelated updates released on the same day, there is no particular need to bump them manually, or to do so in an atomic PR.

lemeurherve pushed a commit to lemeurherve/bom that referenced this pull request Mar 31, 2023
@daniel-beck @MarkEWaite @lemeurherve
Update plugins in 2023-02-15 security advisory (jenkinsci#1760)
513b8a8 
Co-authored-by: Daniel Beck <[email protected]>
Co-authored-by: Mark Waite <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarkEWaite MarkEWaite MarkEWaite approved these changes

Assignees

No one assigned

Labels

developer Pull requests that merits a release for plugin developers

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@daniel-beck @jglick @MarkEWaite