Bump groovy-all from 2.4.12 to 2.4.21 #5116
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [groovy-all](https://github.com/apache/groovy) from 2.4.12 to 2.4.21. - [Release notes](https://github.com/apache/groovy/releases) - [Commits](https://github.com/apache/groovy/commits) Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
Possibly OK, though requires thorough testing against Script Security and Pipeline. See #5112 for context. CC @dwnusbaum |
Yeah, at the minimum I would want to see linked PRs against |
|
Would you recommend we actually tell Dependabot to ignore and not file updates for this dependency? From what you're saying, I'd think yes. I would not want a future update going through more freely because you two are on vacation or whatever? :-) |
|
Certainly Groovy should be excluded from Dependabot updates. |
|
Looks like org.codehaus.groovy:groovy-all is no longer being updated by Dependabot, so this is no longer needed. |
dependabot
bot
deleted the
dependabot/maven/org.codehaus.groovy-groovy-all-2.4.21
branch
Bumps groovy-all from 2.4.12 to 2.4.21.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)