Open renovate[bot] opened 3 years ago
@cesarsotovalero this PR shows a new cool feature of @renovate-bot
We may use this issue for discussion about blocked dependency updates. @I-Al-Istannen had a fun debugging session for this problem(https://github.com/INRIA/spoon/pull/4699#issuecomment-1152383529) and it seems like we need a newer version of maven-project-info plugin. The update was closed unmerged a while ago. Was there any concern with the new version, or can we update it?
The update was closed unmerged a while ago.
Which update? Linkety link?
I assume https://github.com/INRIA/spoon/pull/4456. I think we should explicitly list the default plugins (like maven-site-plugin
) we rely on, so renovate can update them too. It seems to have missed the site plugin update, as it is not declared anywhere? Once we update the site plugin, we can update the javadoc plugin and probably also the report plugin without further breakage.
I think we should explicitly list the default plugins (like maven-site-plugin)
Agreed. This is best practice AFAIK.
@MartinWitt There are some dependency lookup errors. Maybe that's causing trouble? I also don't see why it would and there's nothing I can find in the docs about it, but eh, it's something.
Okay, I believe the branch protection was the problem. I will investigate this further and try to enable it. The UI is a bit confusing because we somehow have 2 ways now to do the same. GitHub rules and branch protection.
Currently, the master is not protected, so please don't test the branch protection and try to push to master.
To keep the conversation about dependencies and renovate focused, let's use this issue for this topic. As the configuration is new for us, there will still be some changes needed.
https://github.com/INRIA/spoon/pull/5180 we currently don't automerge pinning of hashes. Anyone against enabling it?
Dependency pinning is good, I vote for automerge.
me too.
chore(deps): update dependency org.testfx:openjfx-monocle to v1.8.0_20
UI related and the UI needs an update.
Looks, we finally have the dependencies back in our control.
About the last lookup problem, I've asked at https://github.com/renovatebot/renovate/issues/6894#issuecomment-1537044261
no more dependency lookup problem thanks to https://github.com/SpoonLabs/spoon-dependencies/commit/4b8a7afad36643502aa2fd1f02111c2cda760aed
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
request
Rate-Limited
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
Open
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Detected dependencies
dockerfile
github-actions
gradle
gradle-wrapper
html
maven
nix
npm