Closed chadlwilson closed 6 months ago
chadlwilson
commented
6 months ago chadlwilson
commented
6 months ago Hiya @ashwanthkumar - would you mind taking a look at this? This plugin seems to be rather popular and it'd be good to get it upgraded past the outdated dependencies which have some reported vulns in them :-)
ashwanthkumar
commented
6 months ago Ha! Sorry the missed the notification for the PR. Checking now.
chadlwilson
commented
6 months ago Thanks! Do you feel 1.4.0 is stable enough to release properly without the RC tag? I'm not 100% sure as have seen some niggles around the place (issues here, the odd one that pops up on gocd proper), but as I don't have much experience with the plugin I have not really dug much deeper.
e.g this user seems to have started having issues with somehow ending up with material revisions with no entries in modifications which breaks things. They appeared to upgrade this plugin at the same time as upgrading their GoCD server so it's a bit difficult to untangle whether the issue is something wrong with their upgrade, their database, or an issue caused by the use of the plugin in certain cases. (I can conceptualise all sorts of weird usage of branches and history rewrites which I can imagine confusing many SCM plugins or materials)
ashwanthkumar
commented
6 months ago I'm not using Github anymore so I'm not sure at the moment.
chadlwilson
commented
6 months ago Well in any case, if you could release a new 1.4.0 RC at the very least it'd be good.
build.gocd.org uses the plugin in a very limited fashion against GitHub, but currently does not use RC versions. I could switch it though if there is a new release with these dependencies upgraded.
ashwanthkumar
commented
6 months ago chadlwilson
commented
6 months ago Thx. Could you change the assets to ones without -SNAPSHOT in their names? It doesn't really look so good to rely on such artifacts and also doesn't match the versions inside the tagged source code? (1.4.1-RC1-SNAPSHOT)