The Enforcer update in #456 triggers new errors in many plugins involving provided scope. If a Dependabot update produces a build failure mentioning RequireUpperBoundDeps, first update the plugin BOM to 1090.v0a_33df40457a_ or later (which necessitates updating the minimum Jenkins version to 2.289.1 or later), then rebase the Dependabot update against the result with @dependabot rebase. If you cannot update the plugin BOM to 1090.v0a_33df40457a_ or later, then exclude the problematic dependency trail to satisfy Enforcer.
You will also need to switch annotations from javax.annotation.* to edu.umd.cs.findbugs.annotations.* equivalents as in jenkinsci/jenkins#4604.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps plugin from 4.31 to 4.33.
Release notes
Sourced from plugin's releases.
... (truncated)
Commits
875cb59[maven-release-plugin] prepare release plugin-4.336bf6ae8Bump incrementals-maven-plugin from 1.2 to 1.3 (#483)4c577adBump frontend-maven-plugin from 1.12.0 to 1.12.1 (#484)d1250ceBump incrementals-enforcer-rules from 1.2 to 1.3 (#485)112c708Sort a few dependencies in thedependencyManagementsection (#482)05c9e09Merge pull request #480 from basil/cleanup8347830Bump Jenkins version to 2.249; clean up plugin parent POMcd17304Bump maven-site-plugin from 3.9.1 to 3.10.0 (#481)0955f6eAdopt POM Code Convention (#479)ce864e3[maven-release-plugin] prepare for next development iterationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)