mernst
commented
3 years ago @kelloggm Does merging a pull request that updates a dependency require a release? (I think not, but perhaps RELEASE.md could be unambiguous about that.)
Closed dependabot-preview[bot] closed 3 years ago
mernst
commented
3 years ago @kelloggm Does merging a pull request that updates a dependency require a release? (I think not, but perhaps RELEASE.md could be unambiguous about that.)
kelloggm
commented
3 years ago @mernst
Does merging a pull request that updates a dependency require a release? (I think not, but perhaps RELEASE.md could be unambiguous about that.)
Until we make another release, the plugin won't use the updated dependency. I think that's fine, especially in a case like the lombok plugin, but I'll add a note to RELEASE.md that's explicit
Bumps lombok-plugin from 5.3.0 to 5.3.3.3.
Commits
07b629cUpdate publication workflow8450005Update publication workflow8c5c27bFix java installation54e81c2Move publishing to github actions5326cb8Encrypt secring for github actions5f650c6Merge pull request #318 from freefair/dependabot/gradle/org.apache.maven-mave...7b4b950Bump maven-model from 3.6.3 to 3.8.17356687Merge pull request #316 from freefair/dependabot/gradle/com.gradle.publish-pl...0c1d5cdBump plugin-publish-plugin from 0.13.0 to 0.14.00ed21d4Update to Lombok 1.18.20Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)