build(deps)!: bump io.github.jeremylong:open-vulnerability-clients from 7.3.2 to 8.0.0 #7630
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [io.github.jeremylong:open-vulnerability-clients](https://github.com/jeremylong/vuln-tools) from 7.3.2 to 8.0.0. - [Release notes](https://github.com/jeremylong/vuln-tools/releases) - [Commits](https://github.com/jeremylong/vuln-tools/commits/v8.0.0) --- updated-dependencies: - dependency-name: io.github.jeremylong:open-vulnerability-clients dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
jeremylong
changed the title
boring-cyborg
bot
added
core
…ulnerability-clients-8.0.0
|
@nhumblot Think this could be merged too? Or is there a reason to not include it in a minor release of ODC? |
|
I felt this was a breaking change - so I was going to include it in the next major release. At least we should wait for the next minor release as opposed to the pending point release. |
|
While for the library it was a breaking release (split between CLI and the library code as separately released projects), I think for ODC it would not be a non-breaking change. AFAICT We're only adapting our internals and introducing two configuration properties (not exposed to the plugin configs) - one might consider the added properties a new feature for people using properties-file configurstion, so I can see how you may want to skip the revision level and wait for a feature release, though I would say for a proper feature it should be extended with extending the configurability in the gradle- and maven plugin configuration settings. |
|
Hi, Sorry for the late reply. I marked commit 8cc9ade with a I have to admit I did not manual test this part extensively. I am going to proceed additional testing and share with you if my initial thought was good or not. |
Bumps io.github.jeremylong:open-vulnerability-clients from 7.3.2 to 8.0.0.
Release notes
Sourced from io.github.jeremylong:open-vulnerability-clients's releases.
Commits
You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)