OK, I've just filed https://github.com/jenkinsci/jenkins/pull/5108 as Jesse and Tim are suggesting we go the "deny" path.
I think indeed the idea to deny/ignore the dependency that we know they shouldn't be automated is probably good as we may see some interesting things. @Oleg Nenashev <o.v.nenas...@gmail.com> if you feel strongly we should really add things more progressively, just tell me. I'm fine and I'll adjust the PR or create a new one with a proposal of first deps. Thanks all! Le ven. 11 déc. 2020 à 15:39, Jesse Glick <jgl...@cloudbees.com> a écrit : > I would suggest using a deny list. You will get an initial spray of > PRs, mostly to `bom/pom.xml`. Some we will reject as unsafe (likely > breaking change for plugins relying on core classpath), which we can > then add as exclusions in Dependabot config. But we may be surprised > by helpful updates that we would never have thought to add to an allow > list. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3v5CgCcqf%3DMysY8N9-AOpOrFkqh%2BuNLxbSx%3DVw3Q%2Bynw%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS5uS7Y8PP76Lk2yZhSsACKhizRcEFOB9YCKLw6DRZK-0g%40mail.gmail.com.
