Dependabot is reporting jenkins-core to have the wrong release notes

I would like to discuss dependabot and how it works with jenkins-core. Is this meeting a good place to do so? I wasn’t sure where in the document to add my topic. Under notes?

I think that depends what you want to discuss about dependabot but the current category (infrastructure) is to discuss about the infrastructure used by the Jenkins project which is an open source infrastructure project so we are pretty transparent on how to maintain services like Jenkins.

Maybe you can explain what you are trying to achieve with dependabot

@olblak When ever a new jenkins-core package is published, I get a dependabot alert on my repo.

The problem is that jenkins seems to have miss-configured their repo or something because the PR’s don’t really match.

image

What is 1.54? Does it actually list the changes in 2.301? Why is it that the repo shows the latest release as 1.65?

I think we should get this fixed so the PR from dependabot when jenkins-core changes contain useful information that can then be used to determine if I should merge this PR or not.

The PR includes multiple links to GitHub - jenkinsci/pom: Jenkins Parent POM for libraries and core components which indicates that Dependabot is confused.

This is unrelated to the recent infra team meeting, probably even unrelated to Jenkins project infrastructure and should be discussed separately (mod note: Is it possible to split threads? If so, might make sense here).

@danielbeck, I don’t see how to convert a post to a new topic.

@shadycuz it’s definitely better to start a new topic to discuss about your issue with a good title.
This current category is about discussing the Jenkins infrastructure project.

I think the closest category would be using Jenkins

1 Like

I moved this thread to its own topic, I left it under infrastructure, though I feel like it might be a jenkins core bug.

curl -qs https://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-core/2.301/jenkins-core-2.301.pom | grep github
  <url>https://github.com/jenkinsci/pom/jenkins-parent/jenkins-core</url>
    <connection>scm:git:git://github.com/jenkinsci/jenkins.git/jenkins-core</connection>
    <developerConnection>scm:git:ssh://git@github.com/jenkinsci/jenkins.git/jenkins-core</developerConnection>
    <url>https://github.com/jenkinsci/jenkins/jenkins-core</url>

I’m guessing jenkins/pom.xml at 1878f61da736dcd5e7e386dcc7eb86731c2b8ebd · jenkinsci/jenkins · GitHub needs its own scm section? Every sub module i’ve seen in the jenkins project has had interesting data in scm, so I can’t really help :frowning: