KostyaSha / github-integration-plugin

Jenkins GitHub Integration Plugin
https://wiki.jenkins-ci.org/display/JENKINS/GitHub+Integration+Plugin
MIT License
98 stars 86 forks source link

Bump matrix-auth from 1.4 to 2.6.6 in /github-pullrequest-plugin #371

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps matrix-auth from 1.4 to 2.6.6.

Release notes

Sourced from matrix-auth's releases.

Version 2.6.6

Fix SECURITY-2180.

Version 2.6.5

  • JENKINS-64661: Do not break properties in the global Pipeline snippet generator.

Version 2.6.3.1

Fix SECURITY-2180 as a backport on top of 2.6.3.

Not a pre-release, but GitHub's "latest release" feature is trash.

Version 2.5.2

Fix SECURITY-2180 as a backport on top of 2.5.1.

Not a pre-release, but GitHub's "latest release" feature is trash.

Changelog

Sourced from matrix-auth's changelog.

Version 2.6.6 (2021-03-18)

  • SECURITY-2180: Ensure Item/Read is only granted it all ancestors grant it as well.

Version 2.6.5 (2021-01-21)

  • JENKINS-64661: Do not break properties in the global Pipeline snippet generator.

Version 2.6.4 (2020-10-26)

  • Compatibility with JEP-228 in Jenkins 2.266 and newer.

Version 2.6.3 (2020-09-15)

  • JENKINS-56109: Make the plugin compatible with new form layout in Jenkins 2.264 and newer.
  • Open links from job, folder, and agent configurations to the Global Security Configuration in a new window.
  • Internal: Parent POM update, make test assertions compatible with JEP-295

Version 2.6.2 (2020-07-15)

Version 2.6.1 (2020-05-08)

  • JENKINS-62202: Fix regression introduced in 2.6 that disabled per-job/folder/agent configuration UI for users without Overall/Administer.

Version 2.6 (2020-04-30)

  • Increase minimum required Jenkins version to 2.222.1.
  • Remove support for setting "dangerous permissions" as they are deprecated from Jenkins 2.222.x anyway. (Jenkins LTS upgrade guide, SECURITY-410 in the 2017-04-10 security advisory)
  • Add support for Overall/System Read permission (global configuration is rendered with disabled checkboxes).
  • JENKINS-36625: Allow wrapping long user and group names to limit width of the configuration table.
  • Internal: Parent POM update, update test dependencies (Pipeline: Groovy Plugin, JCasC test harness).

Version 2.5.1 (2020-07-15)

Version 2.5 (2019-10-14)

  • JENKINS-58703: Creating items through the remote API (createItem) could result in duplicate XML elements.
  • JENKINS-54568: Make authorizationMatrix work in declarative snippet generator.
  • JENKINS-46914: Better indicate implied permissions in the checkbox grid by disabling implied permission checkboxes.

... (truncated)

Commits
  • b2a2aa7 [maven-release-plugin] prepare release matrix-auth-2.6.6
  • bbe3585 [SECURITY-2180]
  • b698c30 Merge pull request #100 from jenkinsci/daniel-beck-patch-1
  • 955996f Minor changelog fixes
  • b363945 Merge pull request #98 from daniel-beck/remove-test-code-change
  • ef87eb3 Remove change to test code from changelog, not notable enough
  • e50cd1c [maven-release-plugin] prepare for next development iteration
  • 847abe7 [maven-release-plugin] prepare release matrix-auth-2.6.5
  • 16d1201 Merge pull request #95 from daniel-beck/changelog-2.6.5
  • 8ccd614 Merge pull request #96 from daniel-beck/fix-read-only-test
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/KostyaSha/github-integration-plugin/network/alerts).

This change is Reviewable

dependabot[bot] commented 1 year ago

Looks like org.jenkins-ci.plugins:matrix-auth is up-to-date now, so this is no longer needed.