Bump bom-2.289.x from 1438.v6a_2c29d73f82 to 1500.ve4d05cd32975

[dependabot]

Bumps bom-2.289.x from 1438.v6a_2c29d73f82 to 1500.ve4d05cd32975.

Release notes

Sourced from bom-2.289.x's releases.

1500.ve4d05cd32975

🚀 New features and improvements

• Adapt to Mail/Activation baseline bumps (#1288) @​basil

👻 Maintenance

• simplify updatecli pinned and add 2.346.x however pinned to .1 (#1279) @​jetersen

📦 Dependency updates

• Bump workflow-durable-task-step from 1174.v73a_9a_17edce0 to 1190.vc93d7d457042 in /bom-weekly (#1284) @​dependabot
• Adapt to Mail/Activation baseline bumps (#1288) @​basil
• Adapt to Jakarta Mail migration (#1280) @​basil
• Update weekly version (#1278) @​github-actions
• Bump configuration-as-code-plugin.version from 1466.v2d4119502006 to 1511.vb_f985b_894e40 in /bom-weekly (#1277) @​dependabot

1494.v5d4d71876757

👷 Changes for plugin developers

• Bump pipeline-model-definition-plugin.version from 2.2097.v33db_b_de764b_e to 2.2114.v2654ca_721309 in /bom-weekly (#1276) @​dependabot

📝 Documentation updates

• Clarifying use of bom-weekly (#1274) @​timja

📦 Dependency updates

• Bump pipeline-model-definition-plugin.version from 2.2097.v33db_b_de764b_e to 2.2114.v2654ca_721309 in /bom-weekly (#1276) @​dependabot
• Bump ssh-slaves from 1.821.vd834f8a_c390e to 1.834.v622da_57f702c in /bom-weekly (#1271) @​dependabot
• Bump trilead-api from 1.66.v49c6758b_b_360 to 1.67.vc3938a_35172f in /bom-weekly (#1272) @​dependabot
• Bump workflow-job and matrix-project in bom-weekly (#1270) @​jglick
• Bump trilead-api from 1.57.v6e90e07157e1 to 1.66.v49c6758b_b_360 in /bom-weekly (#1269) @​dependabot
• Bump support-core from 1195.v20a_701e8897e to 1201.v8d1f54a_6ec7c in /bom-weekly (#1267) @​dependabot
• Bump workflow-job-plugin.version from 1203.v7b_7023424efe to 1206.vc48d96b_930b_2 in /bom-weekly (#1265) @​dependabot
• Bump plugin from 4.42 to 4.43.1 in /sample-plugin (#1264) @​dependabot
• Update weekly version (#1263) @​github-actions
• Bump workflow-support-plugin.version from 827.v7ef666c4d65c to 833.va_1c71061486b_ in /bom-weekly (#1262) @​dependabot
• Bump workflow-durable-task-step from 1164.v2334ddcf48d0 to 1174.v73a_9a_17edce0 in /bom-weekly (#1259) @​dependabot
• Bump support-core from 1174.vc46f6b_04d894 to 1195.v20a_701e8897e in /bom-weekly (#1261) @​dependabot
• Bump configuration-as-code-plugin.version from 1464.vd8507b_82e41a_ to 1466.v2d4119502006 in /bom-weekly (#1260) @​dependabot
• Bump workflow-api-plugin.version from 1182.v41475e53ea_43 to 1188.v0016b_4f29881 in /bom-weekly (#1257) @​dependabot
• Bump workflow-support-plugin.version from 820.vd1a_6cc65ef33 to 827.v7ef666c4d65c in /bom-weekly (#1258) @​dependabot

1478.v81d3dc4f9a_43

👷 Changes for plugin developers

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[jglick]

@jetersen did you confirm with local test that this addresses jenkinsci/bom#1275 (comment)? If so, I can try to get it released.

[jglick]

It seems I have write access, but it looks like @TobiX is an active maintainer here, so I retract that.

[jetersen]

@jglick dependency tree does not seem to update.

But tests are passing locally.

[jetersen]

dashboard-view-plugin/pom.xml

Line 98 in eeb6fd8

<version>2.2</version>

is 3 years old. Should probably remove or bump

[jglick]

is 3 years old

Yes, because no new releases have been, or will ever be, published. Is it a problem?

[jglick]

Oh I see, because of RequireUpperBoundDeps. Could use an <exclusion>, or remove jenkins-test-harness-tools and do the equivalent directly.

[jetersen]

created #184 targeting this branch

[jetersen]

hoping for a incremental release so I can test it bom

[jglick]

so I can test it [in] bom

If you just want to know whether it works, you need not wait for CI. Just mvn -Pquick-build clean install locally and use the snapshot version in some pom.xml in bom before bash local-test.sh. Once you have confirmed locally that everything works as expected, you can file PRs for whatever needs to be fixed, then pick up incremental versions to double check.

[jetersen]

cannot use bash local-test.sh

Failed to execute goal on project sample: Could not resolve dependencies for project io.jenkins.tools.bom:sample:hpi:999999-SNAPSHOT: Could not find artifact org.jenkins-ci.plugins:dashboard-view:jar:2.999999-SNAPSHOT in repo.jenkins-ci.org

[jetersen]

@jglick okay with #184 I still get Cycle detected: Plugin:sshd -> Plugin:mina-sshd-api-core -> Plugin:ssh-credentials -> Plugin:credentials -> Plugin:sshd

But test passes with local-test for bom.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.