[wildfly-dev] Re: Dependabot problems WAS: Possible component upgrades report - wildfly:main

Brian, looks like I found the problem – the issue is that after 30 failed runs all GitHub Actions stop. Can you perform one of the suggested actions below to get us going for another 30 days and hopefully in the meantime the above issues will be resolved? From their website: Sometimes, due to misconfiguration or incompatible versions, Dependabot jobs for a repository will fail and Dependabot will continue to run and continue to fail. Now, after 30 failed runs, Dependabot will immediately fail subsequent scheduled jobs until you trigger a check for updates from the dependency graph or by updating a manifest file. Dependabot security update jobs will still trigger as usual. Thanks, Rado On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar <rhusar(a)redhat.com&gt; wrote: > Just to share where we stand on fixing this upstream, the issue has been > raised as https://github.com/dependabot/dependabot-core/issues/13713 > and there is already a fix available at > https://github.com/dependabot/dependabot-core/pull/13746 > > I asked if there is something we can do to help move this forward. > > Also, just to note, when I try to restart the dependabot workflows - they > aren't re-runnable :-( > > > Warning: Dependabot workflows cannot be re-run. Retrigger this update > via Dependabot instead. > > Rado > > > On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry <bstansbe(a)redhat.com&gt; > wrote: > >> Looking at >> https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo..., >> it looks like the last time a 'maven in' job ran was Dec 30. Since then >> it's only 'github_actions in' jobs. >> >> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <bstansbe(a)redhat.com&gt; >> wrote: >> >>> I'm forking this into a separate thread as it looks like dependabot's >>> not submitting PRs at all to wildfly/wildfly in a number of weeks. >>> >>> I haven't looked into why. >>> >>> Until that is sorted please pay extra attention to these 'Possible >>> component upgrades report' emails and be proactive about sending up upgrade >>> PRs in areas you are responsible for. >>> >>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe(a)redhat.com&gt; >>> wrote: >>> >>>> Thanks, Rado! Hopefully the dependabot folks will figure it out. >>>> >>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com&gt; >>>> wrote: >>>> >>>>> Funny enough, I was investigating this too last week and concluded >>>>> it's most likely a dependabot bug. It is a relatively common problem that >>>>> it stumbles with complicated projects and WildFly is inevitably a >>>>> complicated project from a dependency perspective. It's not uncommon for us >>>>> to have to change pom.xml in a way that dependabot could work with it. >>>>> Which is much harder for projects like WF... >>>>> >>>>> The '{message: "ERROR: Invalid expression: >>>>> /project/groupId}.channel"}' seemed to me to be a 'off by 1 error' >>>>> and it really meant channels, but then again, that line >>>>> <channels.maven.groupId>${project.groupId}.channels >>>>> </channels.maven.groupId> is there since 2024, which seems to hint >>>>> at something changing in dependabot. >>>>> >>>>> I ran out of options so I filed >>>>> https://github.com/dependabot/dependabot-core/issues/13713 upstream. >>>>> Feel free to add onto it. >>>>> >>>>> Rado >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev < >>>>> wildfly-dev(a)lists.jboss.org&gt; wrote: >>>>> >>>>>> I'm not asking anyone to do anything here; I'm just recording some >>>>>> info about a curiosity in case we eventually dig more into it. >>>>>> >>>>>> We've been getting relatively few dependabot PRs lately, but there >>>>>> are a lot of micros on this report, so that was interesting to me. >>>>>> >>>>>> Much of it is because we either deliberately disabled dependabot for >>>>>> a GA (e.g. is some team manually manages the artifact as part of a broader >>>>>> update strategy for whatever thing depends on it), or because we explicitly >>>>>> closed a dependabot PR so some team could manually deal with that artifact. >>>>>> All that's ok so long as teams don't forget. >>>>>> >>>>>> But there are a number of others that fail because dependabot fails >>>>>> trying to generate the upgrade PR. These all have the same symptom in the >>>>>> dependabot log: >>>>>> >>>>>> Handled error whilst updating the_groupId:the_artifact_id: >>>>>> dependency_file_not_evaluatable {message: "ERROR: Invalid expression: >>>>>> /project/groupId}.channel"} >>>>>> >>>>>> A gist at >>>>>> https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8 >>>>>> has more details. >>>>>> >>>>>> I poked a bit at some of the various relevant poms and didn't see >>>>>> anything about "groupId}.channel" so ???. >>>>>> >>>>>> The root WF pom itself has "<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>" >>>>>> but that has the trailing 's', plus it's been there for ages, plus I'd >>>>>> think if that was somehow problematic no dependabot PRs would work. But we >>>>>> do get some. >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev < >>>>>> wildfly-dev(a)lists.jboss.org&gt; wrote: >>>>>> >>>>>>> Component Upgrade Report >>>>>>> >>>>>>> Following repositories were searched: >>>>>>> >>>>>>> - Central https://repo1.maven.org/maven2/ >>>>>>> - JBossPublic >>>>>>> https://repository.jboss.org/nexus/content/repositories/public/ >>>>>>> >>>>>>> Possible Component Upgrades >>>>>>> GAV New Version Repository Since >>>>>>> com.fasterxml:classmate:1.5.1 >>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01 >>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0 >>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04 >>>>>>> com.google.api.grpc:proto-google-common-protos:2.0.1 >>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12 >>>>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17 >>>>>>> com.google.guava:guava:33.0.0-jre >>>>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24 >>>>>>> com.google.protobuf:protobuf-java:4.28.3 >>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19 >>>>>>> com.h2database:h2:2.2.224 >>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01 >>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1 >>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12 >>>>>>> com.sun.istack:istack-commons-runtime:4.1.2 >>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07 >>>>>>> commons-codec:commons-codec:1.17.2 >>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12 >>>>>>> commons-collections:commons-collections:3.2.2 >>>>>>> ↳ Very latest 20040616 Central 2024-02-07 >>>>>>> commons-io:commons-io:2.16.1 >>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12 >>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0 >>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20 >>>>>>> io.agroal:agroal-api:2.0 >>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20 >>>>>>> io.github.resilience4j:resilience4j-core:2.2.0 >>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08 >>>>>>> io.grpc:grpc-api:1.70.0 >>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19 >>>>>>> io.micrometer:micrometer-commons:1.15.6 >>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12 >>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07 >>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15 >>>>>>> io.netty:netty-bom:4.1.128.Final >>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15 >>>>>>> io.opentelemetry:opentelemetry-api:1.48.0 >>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12 >>>>>>> >>>>>>> io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0 >>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26 >>>>>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0 >>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03 >>>>>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central >>>>>>> 2025-07-09 >>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12 >>>>>>> io.smallrye:smallrye-jwt:4.3.1 >>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28 >>>>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26 >>>>>>> io.smallrye.config:smallrye-config:3.13.4 >>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15 >>>>>>> io.smallrye.reactive:mutiny:2.8.0 >>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29 >>>>>>> ↳ Very latest 3.1.0 Central new >>>>>>> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1 >>>>>>> ↳ Minor upgrade 3.21.1 Central new >>>>>>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0 >>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07 >>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16 >>>>>>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0 >>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12 >>>>>>> io.vertx:vertx-amqp-client:4.5.22 >>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22 >>>>>>> io.vertx:vertx-kafka-client:4.4.9 >>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22 >>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22 >>>>>>> jakarta.annotation:jakarta.annotation-api:2.1.1 >>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10 >>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2 >>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17 >>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1 >>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17 >>>>>>> >>>>>>> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3 >>>>>>> 3.0.4 Central 2024-07-03 >>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26 >>>>>>> jakarta.faces:jakarta.faces-api:4.0.1 >>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06 >>>>>>> jakarta.inject:jakarta.inject-api:1.0.5 >>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07 >>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24 >>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0 >>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14 >>>>>>> jakarta.persistence:jakarta.persistence-api:3.1.0 >>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22 >>>>>>> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0 >>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26 >>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0 >>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12 >>>>>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1 >>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12 >>>>>>> jakarta.validation:jakarta.validation-api:3.0.2 >>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05 >>>>>>> jakarta.websocket:jakarta.websocket-api:2.1.1 >>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29 >>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0 >>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08 >>>>>>> joda-time:joda-time:2.12.7 >>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02 >>>>>>> net.bytebuddy:byte-buddy:1.15.11 >>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03 >>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15 >>>>>>> ↳ Minor upgrade 1.18.2 Central new >>>>>>> net.shibboleth.utilities:java-support:8.0.0 >>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17 >>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14 >>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22 >>>>>>> org.apache.cxf:cxf-core:4.0.10 >>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19 >>>>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central >>>>>>> 2025-10-29 >>>>>>> org.apache.kafka:kafka-clients:3.9.1 >>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19 >>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3 >>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26 >>>>>>> org.apache.lucene:lucene-analysis-common:9.11.1 >>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01 >>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19 >>>>>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central >>>>>>> 2025-10-01 >>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19 >>>>>>> org.apache.santuario:xmlsec:3.0.6 >>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16 >>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central >>>>>>> 2025-11-05 >>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5 >>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05 >>>>>>> org.assertj:assertj-bom:3.26.3 >>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24 >>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21 >>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24 >>>>>>> org.eclipse.jdt:ecj:3.33.0 >>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10 >>>>>>> org.eclipse.krazo:krazo-core:3.0.1 >>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11 >>>>>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5 >>>>>>> Central 2024-11-27 >>>>>>> ↳ Minor upgrade 8.19.8 Central new >>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03 >>>>>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 >>>>>>> Central new >>>>>>> ↳ Minor upgrade 9.2.2 Central new >>>>>>> org.glassfish:jakarta.faces:4.0.12 >>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17 >>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17 >>>>>>> org.glassfish.expressly:expressly:5.0.0 >>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21 >>>>>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 >>>>>>> Central 2025-08-20 >>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central >>>>>>> new >>>>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03 >>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central >>>>>>> new >>>>>>> >>>>>>> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final >>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10 >>>>>>> org.hibernate.validator:hibernate-validator:8.0.3.Final >>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12 >>>>>>> org.infinispan:infinispan-bom:15.2.6.Final >>>>>>> ↳ Very latest 16.0.3 Central new >>>>>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final >>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07 >>>>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central >>>>>>> 2025-11-12 >>>>>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final >>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01 >>>>>>> org.jboss.weld:weld-api:5.0.SP3 >>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18 >>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final >>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21 >>>>>>> org.jgroups:jgroups:5.4.12.Final >>>>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12 >>>>>>> org.junit:junit-bom:5.14.1 >>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05 >>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new >>>>>>> org.opensaml:opensaml-profile-api:4.3.2 >>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27 >>>>>>> org.ow2.asm:asm:9.7.1 >>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15 >>>>>>> org.wildfly:wildfly-naming-client:1.0.17.Final >>>>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07 >>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07 >>>>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central >>>>>>> 2025-10-22 >>>>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24 >>>>>>> software.amazon.awssdk:annotations:2.36.3 >>>>>>> ↳ Minor upgrade 2.40.0 Central new >>>>>>> 92 items >>>>>>> >>>>>>> Generated on 2025-12-03 >>>>>>> >>>>>>> Report generated by Maven Dependency Updater >>>>>>> <https://github.com/jboss-set/maven-dependency-updater> >>>>>>> _______________________________________________ >>>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org >>>>>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org >>>>>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy >>>>>>> List Archives: >>>>>>> https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message... >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Brian Stansberry >>>>>> Architect, JBoss EAP >>>>>> WildFly Project Lead >>>>>> He/Him/His >>>>>> _______________________________________________ >>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org >>>>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org >>>>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy >>>>>> List Archives: >>>>>> https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message... >>>>>> >>>>> >>>> >>>> -- >>>> Brian Stansberry >>>> Architect, JBoss EAP >>>> WildFly Project Lead >>>> He/Him/His >>>> >>> >>> >>> -- >>> Brian Stansberry >>> Collaborative Partner - IBM >>> Architect, JBoss EAP >>> WildFly Project Lead >>> He/Him/His >>> >> >> >> -- >> Brian Stansberry >> Collaborative Partner - IBM >> Architect, JBoss EAP >> WildFly Project Lead >> He/Him/His >> >