Thanks, Rado!

https://github.com/wildfly/wildfly/actions/runs/21376865486 is running

On Mon, Jan 26, 2026 at 4:05 PM Radoslav Husar <rhusar@redhat.com> wrote:
Brian, looks like I found the problem – the issue is that after 30 failed runs all GitHub Actions stop. Can you perform one of the suggested actions below to get us going for another 30 days and hopefully in the meantime the above issues will be resolved?

From their website: Sometimes, due to misconfiguration or incompatible versions, Dependabot jobs for a repository will fail and Dependabot will continue to run and continue to fail. Now, after 30 failed runs, Dependabot will immediately fail subsequent scheduled jobs until you trigger a check for updates from the dependency graph or by updating a manifest file. Dependabot security update jobs will still trigger as usual.

Thanks,
Rado


On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar <rhusar@redhat.com> wrote:
Just to share where we stand on fixing this upstream, the issue has been raised as https://github.com/dependabot/dependabot-core/issues/13713
and there is already a fix available at https://github.com/dependabot/dependabot-core/pull/13746

I asked if there is something we can do to help move this forward.

Also, just to note, when I try to restart the dependabot workflows - they aren't re-runnable :-(

> Warning: Dependabot workflows cannot be re-run. Retrigger this update via Dependabot instead.

Rado


On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry <bstansbe@redhat.com> wrote:
Looking at https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabot-updates, it looks like the last time a 'maven in' job ran was Dec 30. Since then it's only 'github_actions in' jobs.

On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <bstansbe@redhat.com> wrote:
I'm forking this into a separate thread as it looks like dependabot's not submitting PRs at all to wildfly/wildfly in a number of weeks.

I haven't looked into why.

Until that is sorted please pay extra attention to these 'Possible component upgrades report' emails and be proactive about sending up upgrade PRs in areas you are responsible for.

On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe@redhat.com> wrote:
Thanks, Rado! Hopefully the dependabot folks will figure it out.

On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar@redhat.com> wrote:
Funny enough, I was investigating this too last week and concluded it's most likely a dependabot bug. It is a relatively common problem that it stumbles with complicated projects and WildFly is inevitably a complicated project from a dependency perspective. It's not uncommon for us to have to change pom.xml in a way that dependabot could work with it. Which is much harder for projects like WF...

The '{message: "ERROR: Invalid expression: /project/groupId}.channel"}' seemed to me to be a 'off by 1 error' and it really meant channels, but then again, that line <channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId> is there since 2024, which seems to hint at something changing in dependabot.

I ran out of options so I filed https://github.com/dependabot/dependabot-core/issues/13713 upstream. Feel free to add onto it.

Rado





On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <wildfly-dev@lists.jboss.org> wrote:
I'm not asking anyone to do anything here; I'm just recording some info about a curiosity in case we eventually dig more into it.

We've been getting relatively few dependabot PRs lately, but there are a lot of micros on this report, so that was interesting to me.

Much of it is because we either deliberately disabled dependabot for a GA (e.g. is some team manually manages the artifact as part of a broader update strategy for whatever thing depends on it), or because we explicitly closed a dependabot PR so some team could manually deal with that artifact. All that's ok so long as teams don't forget.

But there are a number of others that fail because dependabot fails trying to generate the upgrade PR. These all have the same symptom in the dependabot log:

Handled error whilst updating the_groupId:the_artifact_id: dependency_file_not_evaluatable {message: "ERROR: Invalid expression: /project/groupId}.channel"}


I poked a bit at some of the various relevant poms and didn't see anything about "groupId}.channel" so ???.

The root WF pom itself has "<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>" but that has the trailing 's', plus it's been there for ages, plus I'd think if that was somehow problematic no dependabot PRs would work. But we do get some.



On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <wildfly-dev@lists.jboss.org> wrote:

Component Upgrade Report

Following repositories were searched:

Possible Component Upgrades
GAVNew VersionRepositorySince
com.fasterxml:classmate:1.5.1
↳ Minor upgrade1.7.1Central2025-10-01
com.fasterxml.woodstox:woodstox-core:7.0.0
↳ Minor upgrade7.1.1Central2025-06-04
com.google.api.grpc:proto-google-common-protos:2.0.1
↳ Minor upgrade2.63.1Central2025-11-12
com.google.code.gson:gson:2.13.12.13.2Central2025-09-17
com.google.guava:guava:33.0.0-jre
↳ Minor upgrade33.5.0-jreCentral2025-09-24
com.google.protobuf:protobuf-java:4.28.3
↳ Minor upgrade4.33.1Central2025-11-19
com.h2database:h2:2.2.224
↳ Minor upgrade2.4.240Central2025-10-01
com.nimbusds:nimbus-jose-jwt:10.3.1
↳ Minor upgrade10.6Central2025-11-12
com.sun.istack:istack-commons-runtime:4.1.2
↳ Minor upgrade4.2.0Central2024-02-07
commons-codec:commons-codec:1.17.2
↳ Minor upgrade1.20.0Central2025-11-12
commons-collections:commons-collections:3.2.2
↳ Very latest20040616Central2024-02-07
commons-io:commons-io:2.16.1
↳ Minor upgrade2.21.0Central2025-11-12
de.dentrassi.crypto:pem-keystore:2.4.0
↳ Very latest3.0.0Central2024-11-20
io.agroal:agroal-api:2.0
↳ Minor upgrade2.8Central2025-08-20
io.github.resilience4j:resilience4j-core:2.2.0
↳ Minor upgrade2.3.0Central2025-01-08
io.grpc:grpc-api:1.70.0
↳ Minor upgrade1.77.0Central2025-11-19
io.micrometer:micrometer-commons:1.15.6
↳ Minor upgrade1.16.0Central2025-11-12
io.netty:netty-all:4.0.19.Final4.0.56.FinalCentral2024-02-07
↳ Minor upgrade4.2.7.FinalCentral2025-10-15
io.netty:netty-bom:4.1.128.Final
↳ Minor upgrade4.2.7.FinalCentral2025-10-15
io.opentelemetry:opentelemetry-api:1.48.0
↳ Minor upgrade1.56.0Central2025-11-12
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
↳ Minor upgrade2.22.0Central2025-11-26
io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
↳ Minor upgrade1.37.0Central2025-09-03
io.prometheus:prometheus-metrics-config:1.3.31.3.10Central2025-07-09
↳ Minor upgrade1.4.3Central2025-11-12
io.smallrye:smallrye-jwt:4.3.1
↳ Minor upgrade4.6.2Central2025-05-28
io.smallrye:smallrye-open-api-core:4.2.14.2.3Central2025-11-26
io.smallrye.config:smallrye-config:3.13.4
↳ Minor upgrade3.14.1Central2025-10-15
io.smallrye.reactive:mutiny:2.8.0
↳ Minor upgrade2.9.5Central2025-10-29
↳ Very latest3.1.0Centralnew
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
↳ Minor upgrade3.21.1Centralnew
io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
↳ Minor upgrade2.7.0Central2024-02-07
↳ Very latest3.0.3Central2025-04-16
io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
↳ Minor upgrade4.31.0Central2025-11-12
io.vertx:vertx-amqp-client:4.5.22
↳ Very latest5.0.5Central2025-10-22
io.vertx:vertx-kafka-client:4.4.9
↳ Minor upgrade4.5.22Central2025-10-22
↳ Very latest5.0.5Central2025-10-22
jakarta.annotation:jakarta.annotation-api:2.1.1
↳ Very latest3.0.0Central2024-04-10
jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
↳ Very latest4.1.0Central2024-04-17
jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
↳ Minor upgrade4.1.0Central2024-04-17
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.33.0.4Central2024-07-03
↳ Minor upgrade3.1.1Central2024-06-26
jakarta.faces:jakarta.faces-api:4.0.1
↳ Minor upgrade4.1.2Central2024-11-06
jakarta.inject:jakarta.inject-api:1.0.5
↳ Very latest2.0.1Central2024-02-07
jakarta.mail:jakarta.mail-api:2.1.32.1.5Central2025-09-24
jakarta.mvc:jakarta.mvc-api:2.1.0
↳ Very latest3.0.0Central2025-05-14
jakarta.persistence:jakarta.persistence-api:3.1.0
↳ Minor upgrade3.2.0Central2024-05-22
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
↳ Very latest4.0.0Central2024-06-26
jakarta.servlet:jakarta.servlet-api:6.0.0
↳ Minor upgrade6.1.0Central2024-06-12
jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
↳ Very latest4.0.0Central2024-06-12
jakarta.validation:jakarta.validation-api:3.0.2
↳ Minor upgrade3.1.1Central2025-02-05
jakarta.websocket:jakarta.websocket-api:2.1.1
↳ Minor upgrade2.2.0Central2024-05-29
jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
↳ Very latest4.0.0Central2024-05-08
joda-time:joda-time:2.12.7
↳ Minor upgrade2.14.0Central2025-04-02
net.bytebuddy:byte-buddy:1.15.11
↳ Minor upgrade1.18.2Central2025-12-03
net.bytebuddy:byte-buddy:1.17.61.17.8Central2025-10-15
↳ Minor upgrade1.18.2Centralnew
net.shibboleth.utilities:java-support:8.0.0
↳ Minor upgrade8.4.2JBossPublic2024-04-17
org.antlr:antlr4:4.13.04.13.2Central2024-08-14
org.apache.avro:avro:1.12.01.12.1Central2025-10-22
org.apache.cxf:cxf-core:4.0.10
↳ Minor upgrade4.1.4Central2025-11-19
org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.04.1.1Central2025-10-29
org.apache.kafka:kafka-clients:3.9.1
↳ Very latest4.1.1Central2025-11-19
org.apache.kerby:kerb-server-api-all:2.0.3
↳ Minor upgrade2.1.1Central2025-11-26
org.apache.lucene:lucene-analysis-common:9.11.1
↳ Minor upgrade9.12.3Central2025-10-01
↳ Very latest10.3.2Central2025-11-19
org.apache.lucene:lucene-analysis-common:9.12.29.12.3Central2025-10-01
↳ Very latest10.3.2Central2025-11-19
org.apache.santuario:xmlsec:3.0.6
↳ Very latest4.0.4Central2025-04-16
org.apache.ws.xmlschema:xmlschema-core:2.3.02.3.2Central2025-11-05
org.apache.wss4j:wss4j-bindings:3.0.5
↳ Very latest4.0.1Central2025-11-05
org.assertj:assertj-bom:3.26.3
↳ Minor upgrade3.27.6Central2025-09-24
org.cryptacular:cryptacular:1.2.51.2.7Central2024-08-21
org.eclipse.angus:angus-mail:2.0.42.0.5Central2025-09-24
org.eclipse.jdt:ecj:3.33.0
↳ Minor upgrade3.43.0Central2025-09-10
org.eclipse.krazo:krazo-core:3.0.1
↳ Very latest4.0.1Central2025-06-11
org.elasticsearch.client:elasticsearch-rest-client:8.15.48.15.5Central2024-11-27
↳ Minor upgrade8.19.8Centralnew
↳ Very latest9.2.2Central2025-12-03
org.elasticsearch.client:elasticsearch-rest-client:9.1.39.1.8Centralnew
↳ Minor upgrade9.2.2Centralnew
org.glassfish:jakarta.faces:4.0.12
↳ Minor upgrade4.1.4Central2025-09-17
org.glassfish:jakarta.faces:4.1.34.1.4Central2025-09-17
org.glassfish.expressly:expressly:5.0.0
↳ Very latest6.0.0Central2025-05-21
org.glassfish.soteria:jakarta.security.enterprise:3.0.33.0.4Central2025-08-20
org.hibernate.orm:hibernate-core:6.6.37.Final6.6.38.FinalCentralnew
↳ Very latest7.1.11.FinalCentral2025-12-03
org.hibernate.orm:hibernate-core:7.1.2.Final7.1.11.FinalCentralnew
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
↳ Very latest8.1.2.FinalCentral2025-09-10
org.hibernate.validator:hibernate-validator:8.0.3.Final
↳ Very latest9.1.0.FinalCentral2025-11-12
org.infinispan:infinispan-bom:15.2.6.Final
↳ Very latest16.0.3Centralnew
org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
↳ Minor upgrade3.1.0Central2024-02-07
org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final10.1.3.FinalCentral2025-11-12
org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
↳ Very latest7.0.0.FinalCentral2025-10-01
org.jboss.weld:weld-api:5.0.SP3
↳ Very latest6.0.FinalCentral2024-12-18
org.jboss.weld:weld-core-impl:5.1.6.Final
↳ Very latest6.0.3.FinalCentral2025-05-21
org.jgroups:jgroups:5.4.12.Final
↳ Minor upgrade5.5.1.FinalCentral2025-11-12
org.junit:junit-bom:5.14.1
↳ Very latest6.0.1Central2025-11-05
org.lz4:lz4-java:1.8.01.8.1Centralnew
org.opensaml:opensaml-profile-api:4.3.2
↳ Very latest5.1.6JBossPublic2025-08-27
org.ow2.asm:asm:9.7.1
↳ Minor upgrade9.9Central2025-10-15
org.wildfly:wildfly-naming-client:1.0.17.Final
↳ Minor upgrade1.1.0.FinalCentral2024-02-07
↳ Very latest2.0.1.FinalCentral2024-02-07
org.wildfly.glow:wildfly-glow-core:1.5.1.Final1.5.2.FinalCentral2025-10-22
org.xerial.snappy:snappy-java:1.1.10.51.1.10.8Central2025-07-24
software.amazon.awssdk:annotations:2.36.3
↳ Minor upgrade2.40.0Centralnew
92 items

Generated on 2025-12-03

Report generated by Maven Dependency Updater

_______________________________________________
wildfly-dev mailing list -- wildfly-dev@lists.jboss.org
To unsubscribe send an email to wildfly-dev-leave@lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives: https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message/QIRW5U4KMC2EJRHOTNIV26XTZMCWJJQZ/


--
Brian Stansberry
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
_______________________________________________
wildfly-dev mailing list -- wildfly-dev@lists.jboss.org
To unsubscribe send an email to wildfly-dev-leave@lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives: https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message/2NGQSTJABZ57J7TTSPROLQVQ4JFSBHLH/


--
Brian Stansberry
Architect, JBoss EAP
WildFly Project Lead
He/Him/His


--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His


--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His


--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His