[wildfly-dev] Re: Possible component upgrades report - wildfly:main

Funny enough, I was investigating this too last week and concluded it's most likely a dependabot bug. It is a relatively common problem that it stumbles with complicated projects and WildFly is inevitably a complicated project from a dependency perspective. It's not uncommon for us to have to change pom.xml in a way that dependabot could work with it. Which is much harder for projects like WF... The '{message: "ERROR: Invalid expression: /project/groupId}.channel"}' seemed to me to be a 'off by 1 error' and it really meant channels, but then again, that line <channels.maven.groupId>${project.groupId}.channels </channels.maven.groupId> is there since 2024, which seems to hint at something changing in dependabot. I ran out of options so I filed https://github.com/dependabot/dependabot-core/issues/13713 upstream. Feel free to add onto it. Rado On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev < wildfly-dev(a)lists.jboss.org&gt; wrote: > I'm not asking anyone to do anything here; I'm just recording some info > about a curiosity in case we eventually dig more into it. > > We've been getting relatively few dependabot PRs lately, but there are a > lot of micros on this report, so that was interesting to me. > > Much of it is because we either deliberately disabled dependabot for a GA > (e.g. is some team manually manages the artifact as part of a broader > update strategy for whatever thing depends on it), or because we explicitly > closed a dependabot PR so some team could manually deal with that artifact. > All that's ok so long as teams don't forget. > > But there are a number of others that fail because dependabot fails > trying to generate the upgrade PR. These all have the same symptom in the > dependabot log: > > Handled error whilst updating the_groupId:the_artifact_id: > dependency_file_not_evaluatable {message: "ERROR: Invalid expression: > /project/groupId}.channel"} > > A gist at > https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8 has > more details. > > I poked a bit at some of the various relevant poms and didn't see > anything about "groupId}.channel" so ???. > > The root WF pom itself has "<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>" > but that has the trailing 's', plus it's been there for ages, plus I'd > think if that was somehow problematic no dependabot PRs would work. But we > do get some. > > > > On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev < > wildfly-dev(a)lists.jboss.org&gt; wrote: > >> Component Upgrade Report >> >> Following repositories were searched: >> >> - Central https://repo1.maven.org/maven2/ >> - JBossPublic >> https://repository.jboss.org/nexus/content/repositories/public/ >> >> Possible Component Upgrades >> GAV New Version Repository Since >> com.fasterxml:classmate:1.5.1 >> ↳ Minor upgrade 1.7.1 Central 2025-10-01 >> com.fasterxml.woodstox:woodstox-core:7.0.0 >> ↳ Minor upgrade 7.1.1 Central 2025-06-04 >> com.google.api.grpc:proto-google-common-protos:2.0.1 >> ↳ Minor upgrade 2.63.1 Central 2025-11-12 >> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17 >> com.google.guava:guava:33.0.0-jre >> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24 >> com.google.protobuf:protobuf-java:4.28.3 >> ↳ Minor upgrade 4.33.1 Central 2025-11-19 >> com.h2database:h2:2.2.224 >> ↳ Minor upgrade 2.4.240 Central 2025-10-01 >> com.nimbusds:nimbus-jose-jwt:10.3.1 >> ↳ Minor upgrade 10.6 Central 2025-11-12 >> com.sun.istack:istack-commons-runtime:4.1.2 >> ↳ Minor upgrade 4.2.0 Central 2024-02-07 >> commons-codec:commons-codec:1.17.2 >> ↳ Minor upgrade 1.20.0 Central 2025-11-12 >> commons-collections:commons-collections:3.2.2 >> ↳ Very latest 20040616 Central 2024-02-07 >> commons-io:commons-io:2.16.1 >> ↳ Minor upgrade 2.21.0 Central 2025-11-12 >> de.dentrassi.crypto:pem-keystore:2.4.0 >> ↳ Very latest 3.0.0 Central 2024-11-20 >> io.agroal:agroal-api:2.0 >> ↳ Minor upgrade 2.8 Central 2025-08-20 >> io.github.resilience4j:resilience4j-core:2.2.0 >> ↳ Minor upgrade 2.3.0 Central 2025-01-08 >> io.grpc:grpc-api:1.70.0 >> ↳ Minor upgrade 1.77.0 Central 2025-11-19 >> io.micrometer:micrometer-commons:1.15.6 >> ↳ Minor upgrade 1.16.0 Central 2025-11-12 >> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07 >> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15 >> io.netty:netty-bom:4.1.128.Final >> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15 >> io.opentelemetry:opentelemetry-api:1.48.0 >> ↳ Minor upgrade 1.56.0 Central 2025-11-12 >> >> io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0 >> ↳ Minor upgrade 2.22.0 Central 2025-11-26 >> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0 >> ↳ Minor upgrade 1.37.0 Central 2025-09-03 >> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central 2025-07-09 >> ↳ Minor upgrade 1.4.3 Central 2025-11-12 >> io.smallrye:smallrye-jwt:4.3.1 >> ↳ Minor upgrade 4.6.2 Central 2025-05-28 >> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26 >> io.smallrye.config:smallrye-config:3.13.4 >> ↳ Minor upgrade 3.14.1 Central 2025-10-15 >> io.smallrye.reactive:mutiny:2.8.0 >> ↳ Minor upgrade 2.9.5 Central 2025-10-29 >> ↳ Very latest 3.1.0 Central new >> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1 >> ↳ Minor upgrade 3.21.1 Central new >> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0 >> ↳ Minor upgrade 2.7.0 Central 2024-02-07 >> ↳ Very latest 3.0.3 Central 2025-04-16 >> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0 >> ↳ Minor upgrade 4.31.0 Central 2025-11-12 >> io.vertx:vertx-amqp-client:4.5.22 >> ↳ Very latest 5.0.5 Central 2025-10-22 >> io.vertx:vertx-kafka-client:4.4.9 >> ↳ Minor upgrade 4.5.22 Central 2025-10-22 >> ↳ Very latest 5.0.5 Central 2025-10-22 >> jakarta.annotation:jakarta.annotation-api:2.1.1 >> ↳ Very latest 3.0.0 Central 2024-04-10 >> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2 >> ↳ Very latest 4.1.0 Central 2024-04-17 >> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1 >> ↳ Minor upgrade 4.1.0 Central 2024-04-17 >> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3 >> 3.0.4 Central 2024-07-03 >> ↳ Minor upgrade 3.1.1 Central 2024-06-26 >> jakarta.faces:jakarta.faces-api:4.0.1 >> ↳ Minor upgrade 4.1.2 Central 2024-11-06 >> jakarta.inject:jakarta.inject-api:1.0.5 >> ↳ Very latest 2.0.1 Central 2024-02-07 >> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24 >> jakarta.mvc:jakarta.mvc-api:2.1.0 >> ↳ Very latest 3.0.0 Central 2025-05-14 >> jakarta.persistence:jakarta.persistence-api:3.1.0 >> ↳ Minor upgrade 3.2.0 Central 2024-05-22 >> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0 >> ↳ Very latest 4.0.0 Central 2024-06-26 >> jakarta.servlet:jakarta.servlet-api:6.0.0 >> ↳ Minor upgrade 6.1.0 Central 2024-06-12 >> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1 >> ↳ Very latest 4.0.0 Central 2024-06-12 >> jakarta.validation:jakarta.validation-api:3.0.2 >> ↳ Minor upgrade 3.1.1 Central 2025-02-05 >> jakarta.websocket:jakarta.websocket-api:2.1.1 >> ↳ Minor upgrade 2.2.0 Central 2024-05-29 >> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0 >> ↳ Very latest 4.0.0 Central 2024-05-08 >> joda-time:joda-time:2.12.7 >> ↳ Minor upgrade 2.14.0 Central 2025-04-02 >> net.bytebuddy:byte-buddy:1.15.11 >> ↳ Minor upgrade 1.18.2 Central 2025-12-03 >> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15 >> ↳ Minor upgrade 1.18.2 Central new >> net.shibboleth.utilities:java-support:8.0.0 >> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17 >> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14 >> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22 >> org.apache.cxf:cxf-core:4.0.10 >> ↳ Minor upgrade 4.1.4 Central 2025-11-19 >> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central 2025-10-29 >> org.apache.kafka:kafka-clients:3.9.1 >> ↳ Very latest 4.1.1 Central 2025-11-19 >> org.apache.kerby:kerb-server-api-all:2.0.3 >> ↳ Minor upgrade 2.1.1 Central 2025-11-26 >> org.apache.lucene:lucene-analysis-common:9.11.1 >> ↳ Minor upgrade 9.12.3 Central 2025-10-01 >> ↳ Very latest 10.3.2 Central 2025-11-19 >> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central >> 2025-10-01 >> ↳ Very latest 10.3.2 Central 2025-11-19 >> org.apache.santuario:xmlsec:3.0.6 >> ↳ Very latest 4.0.4 Central 2025-04-16 >> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05 >> org.apache.wss4j:wss4j-bindings:3.0.5 >> ↳ Very latest 4.0.1 Central 2025-11-05 >> org.assertj:assertj-bom:3.26.3 >> ↳ Minor upgrade 3.27.6 Central 2025-09-24 >> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21 >> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24 >> org.eclipse.jdt:ecj:3.33.0 >> ↳ Minor upgrade 3.43.0 Central 2025-09-10 >> org.eclipse.krazo:krazo-core:3.0.1 >> ↳ Very latest 4.0.1 Central 2025-06-11 >> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5 Central >> 2024-11-27 >> ↳ Minor upgrade 8.19.8 Central new >> ↳ Very latest 9.2.2 Central 2025-12-03 >> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central >> new >> ↳ Minor upgrade 9.2.2 Central new >> org.glassfish:jakarta.faces:4.0.12 >> ↳ Minor upgrade 4.1.4 Central 2025-09-17 >> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17 >> org.glassfish.expressly:expressly:5.0.0 >> ↳ Very latest 6.0.0 Central 2025-05-21 >> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central >> 2025-08-20 >> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new >> ↳ Very latest 7.1.11.Final Central 2025-12-03 >> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new >> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final >> ↳ Very latest 8.1.2.Final Central 2025-09-10 >> org.hibernate.validator:hibernate-validator:8.0.3.Final >> ↳ Very latest 9.1.0.Final Central 2025-11-12 >> org.infinispan:infinispan-bom:15.2.6.Final >> ↳ Very latest 16.0.3 Central new >> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final >> ↳ Minor upgrade 3.1.0 Central 2024-02-07 >> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central >> 2025-11-12 >> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final >> ↳ Very latest 7.0.0.Final Central 2025-10-01 >> org.jboss.weld:weld-api:5.0.SP3 >> ↳ Very latest 6.0.Final Central 2024-12-18 >> org.jboss.weld:weld-core-impl:5.1.6.Final >> ↳ Very latest 6.0.3.Final Central 2025-05-21 >> org.jgroups:jgroups:5.4.12.Final >> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12 >> org.junit:junit-bom:5.14.1 >> ↳ Very latest 6.0.1 Central 2025-11-05 >> org.lz4:lz4-java:1.8.0 1.8.1 Central new >> org.opensaml:opensaml-profile-api:4.3.2 >> ↳ Very latest 5.1.6 JBossPublic 2025-08-27 >> org.ow2.asm:asm:9.7.1 >> ↳ Minor upgrade 9.9 Central 2025-10-15 >> org.wildfly:wildfly-naming-client:1.0.17.Final >> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07 >> ↳ Very latest 2.0.1.Final Central 2024-02-07 >> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central >> 2025-10-22 >> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24 >> software.amazon.awssdk:annotations:2.36.3 >> ↳ Minor upgrade 2.40.0 Central new >> 92 items >> >> Generated on 2025-12-03 >> >> Report generated by Maven Dependency Updater >> <https://github.com/jboss-set/maven-dependency-updater> >> _______________________________________________ >> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org >> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org >> Privacy Statement: https://www.redhat.com/en/about/privacy-policy >> List Archives: >> https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message... >> > > > -- > Brian Stansberry > Architect, JBoss EAP > WildFly Project Lead > He/Him/His > _______________________________________________ > wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org > To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org > Privacy Statement: https://www.redhat.com/en/about/privacy-policy > List Archives: > https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message... >