On Friday, February 17, 2023 at 9:08:02 AM UTC-7 James Nord wrote: Hi all,
What are peoples thoughts on being more (obviously) aggressive on the required maven version for plugins? Currently we set a requirement in the plugin-pom on 3.8.1 so we do not allow http repositories but nothing else is "enforced". I say enforced as we actually have implied but not respected requirements in much later maven version in the maven-hpi plugin (as dependabot has happily been suggesting updates and we are happily consuming them). Currently we have managed to not break because the versions we are compiling against and the APIs we are using are available in the older versions, but it is a probably matter of time until this is no longer the case. So we could just downgrade the libraries and "jobs a goodun" in the hpi-plugin, but at the same time there is various deprecated API usage that we rely on, and maven 3.9 removes a lot of backward compatibility. At the same time - going to the "latest release" and then requiring that means that users could not as easily downgrade (we would need to revert an update of the plugin in the plugin-pom for example) What are peoples thoughts on what version is to be considered "too new" and what would people think is also acceptable. This also ties into maven versions in ci.jenkins.io. one suggestion is say 2 weeks after ci.jenkins.io switches plugin builds to use maven x then would consider it stable enough for use in maven-hpi-plugin? I like the idea of using the most recent maven release in maven-hpi-plugin 2 weeks after ci.jenkins.io has switched to use it. Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/b60423b5-863c-4e8c-83ae-efac4a217ae5n%40googlegroups.com.
