3:45 a.m.
Funny enough, I was investigating this too last week and concluded it's
most likely a dependabot bug. It is a relatively common problem that it
stumbles with complicated projects and WildFly is inevitably a complicated
project from a dependency perspective. It's not uncommon for us to have to
change pom.xml in a way that dependabot could work with it. Which is much
harder for projects like WF...
The '{message: "ERROR: Invalid expression: /project/groupId}.channel"}'
seemed
to me to be a 'off by 1 error' and it really meant channels, but then
again, that line <channels.maven.groupId>${project.groupId}.channels
</channels.maven.groupId> is there since 2024, which seems to hint at
something changing in dependabot.
I ran out of options so I filed
https://github.com/dependabot/dependabot-core/issues/13713 upstream. Feel
free to add onto it.
Rado
On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <
wildfly-dev(a)lists.jboss.org> wrote:
I'm not asking anyone to do anything here; I'm just recording
some info
about a curiosity in case we eventually dig more into it.
We've been getting relatively few dependabot PRs lately, but there are a
lot of micros on this report, so that was interesting to me.
Much of it is because we either deliberately disabled dependabot for a GA
(e.g. is some team manually manages the artifact as part of a broader
update strategy for whatever thing depends on it), or because we explicitly
closed a dependabot PR so some team could manually deal with that artifact.
All that's ok so long as teams don't forget.
But there are a number of others that fail because dependabot fails trying
to generate the upgrade PR. These all have the same symptom in the
dependabot log:
Handled error whilst updating the_groupId:the_artifact_id:
dependency_file_not_evaluatable {message: "ERROR: Invalid expression:
/project/groupId}.channel"}
A gist at
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8 has
more details.
I poked a bit at some of the various relevant poms and didn't see anything
about "groupId}.channel" so ???.
The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
but that has the trailing 's', plus it's been there for ages, plus I'd
think if that was somehow problematic no dependabot PRs would work. But we
do get some.
On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
wildfly-dev(a)lists.jboss.org> wrote:
> Component Upgrade Report
>
> Following repositories were searched:
>
> - Central https://repo1.maven.org/maven2/
> - JBossPublic
> https://repository.jboss.org/nexus/content/repositories/public/
>
> Possible Component Upgrades
> GAV New Version Repository Since
> com.fasterxml:classmate:1.5.1
> ↳ Minor upgrade 1.7.1 Central 2025-10-01
> com.fasterxml.woodstox:woodstox-core:7.0.0
> ↳ Minor upgrade 7.1.1 Central 2025-06-04
> com.google.api.grpc:proto-google-common-protos:2.0.1
> ↳ Minor upgrade 2.63.1 Central 2025-11-12
> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
> com.google.guava:guava:33.0.0-jre
> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
> com.google.protobuf:protobuf-java:4.28.3
> ↳ Minor upgrade 4.33.1 Central 2025-11-19
> com.h2database:h2:2.2.224
> ↳ Minor upgrade 2.4.240 Central 2025-10-01
> com.nimbusds:nimbus-jose-jwt:10.3.1
> ↳ Minor upgrade 10.6 Central 2025-11-12
> com.sun.istack:istack-commons-runtime:4.1.2
> ↳ Minor upgrade 4.2.0 Central 2024-02-07
> commons-codec:commons-codec:1.17.2
> ↳ Minor upgrade 1.20.0 Central 2025-11-12
> commons-collections:commons-collections:3.2.2
> ↳ Very latest 20040616 Central 2024-02-07
> commons-io:commons-io:2.16.1
> ↳ Minor upgrade 2.21.0 Central 2025-11-12
> de.dentrassi.crypto:pem-keystore:2.4.0
> ↳ Very latest 3.0.0 Central 2024-11-20
> io.agroal:agroal-api:2.0
> ↳ Minor upgrade 2.8 Central 2025-08-20
> io.github.resilience4j:resilience4j-core:2.2.0
> ↳ Minor upgrade 2.3.0 Central 2025-01-08
> io.grpc:grpc-api:1.70.0
> ↳ Minor upgrade 1.77.0 Central 2025-11-19
> io.micrometer:micrometer-commons:1.15.6
> ↳ Minor upgrade 1.16.0 Central 2025-11-12
> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
> io.netty:netty-bom:4.1.128.Final
> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
> io.opentelemetry:opentelemetry-api:1.48.0
> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>
> io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
> ↳ Minor upgrade 2.22.0 Central 2025-11-26
> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
> ↳ Minor upgrade 1.37.0 Central 2025-09-03
> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central 2025-07-09
> ↳ Minor upgrade 1.4.3 Central 2025-11-12
> io.smallrye:smallrye-jwt:4.3.1
> ↳ Minor upgrade 4.6.2 Central 2025-05-28
> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26
> io.smallrye.config:smallrye-config:3.13.4
> ↳ Minor upgrade 3.14.1 Central 2025-10-15
> io.smallrye.reactive:mutiny:2.8.0
> ↳ Minor upgrade 2.9.5 Central 2025-10-29
> ↳ Very latest 3.1.0 Central new
> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
> ↳ Minor upgrade 3.21.1 Central new
> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
> ↳ Minor upgrade 2.7.0 Central 2024-02-07
> ↳ Very latest 3.0.3 Central 2025-04-16
> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
> ↳ Minor upgrade 4.31.0 Central 2025-11-12
> io.vertx:vertx-amqp-client:4.5.22
> ↳ Very latest 5.0.5 Central 2025-10-22
> io.vertx:vertx-kafka-client:4.4.9
> ↳ Minor upgrade 4.5.22 Central 2025-10-22
> ↳ Very latest 5.0.5 Central 2025-10-22
> jakarta.annotation:jakarta.annotation-api:2.1.1
> ↳ Very latest 3.0.0 Central 2024-04-10
> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
> ↳ Very latest 4.1.0 Central 2024-04-17
> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
> ↳ Minor upgrade 4.1.0 Central 2024-04-17
> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
> 3.0.4 Central 2024-07-03
> ↳ Minor upgrade 3.1.1 Central 2024-06-26
> jakarta.faces:jakarta.faces-api:4.0.1
> ↳ Minor upgrade 4.1.2 Central 2024-11-06
> jakarta.inject:jakarta.inject-api:1.0.5
> ↳ Very latest 2.0.1 Central 2024-02-07
> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
> jakarta.mvc:jakarta.mvc-api:2.1.0
> ↳ Very latest 3.0.0 Central 2025-05-14
> jakarta.persistence:jakarta.persistence-api:3.1.0
> ↳ Minor upgrade 3.2.0 Central 2024-05-22
> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
> ↳ Very latest 4.0.0 Central 2024-06-26
> jakarta.servlet:jakarta.servlet-api:6.0.0
> ↳ Minor upgrade 6.1.0 Central 2024-06-12
> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
> ↳ Very latest 4.0.0 Central 2024-06-12
> jakarta.validation:jakarta.validation-api:3.0.2
> ↳ Minor upgrade 3.1.1 Central 2025-02-05
> jakarta.websocket:jakarta.websocket-api:2.1.1
> ↳ Minor upgrade 2.2.0 Central 2024-05-29
> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
> ↳ Very latest 4.0.0 Central 2024-05-08
> joda-time:joda-time:2.12.7
> ↳ Minor upgrade 2.14.0 Central 2025-04-02
> net.bytebuddy:byte-buddy:1.15.11
> ↳ Minor upgrade 1.18.2 Central 2025-12-03
> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
> ↳ Minor upgrade 1.18.2 Central new
> net.shibboleth.utilities:java-support:8.0.0
> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
> org.apache.cxf:cxf-core:4.0.10
> ↳ Minor upgrade 4.1.4 Central 2025-11-19
> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central 2025-10-29
> org.apache.kafka:kafka-clients:3.9.1
> ↳ Very latest 4.1.1 Central 2025-11-19
> org.apache.kerby:kerb-server-api-all:2.0.3
> ↳ Minor upgrade 2.1.1 Central 2025-11-26
> org.apache.lucene:lucene-analysis-common:9.11.1
> ↳ Minor upgrade 9.12.3 Central 2025-10-01
> ↳ Very latest 10.3.2 Central 2025-11-19
> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central 2025-10-01
> ↳ Very latest 10.3.2 Central 2025-11-19
> org.apache.santuario:xmlsec:3.0.6
> ↳ Very latest 4.0.4 Central 2025-04-16
> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05
> org.apache.wss4j:wss4j-bindings:3.0.5
> ↳ Very latest 4.0.1 Central 2025-11-05
> org.assertj:assertj-bom:3.26.3
> ↳ Minor upgrade 3.27.6 Central 2025-09-24
> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
> org.eclipse.jdt:ecj:3.33.0
> ↳ Minor upgrade 3.43.0 Central 2025-09-10
> org.eclipse.krazo:krazo-core:3.0.1
> ↳ Very latest 4.0.1 Central 2025-06-11
> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5 Central
> 2024-11-27
> ↳ Minor upgrade 8.19.8 Central new
> ↳ Very latest 9.2.2 Central 2025-12-03
> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central
> new
> ↳ Minor upgrade 9.2.2 Central new
> org.glassfish:jakarta.faces:4.0.12
> ↳ Minor upgrade 4.1.4 Central 2025-09-17
> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
> org.glassfish.expressly:expressly:5.0.0
> ↳ Very latest 6.0.0 Central 2025-05-21
> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central
> 2025-08-20
> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new
> ↳ Very latest 7.1.11.Final Central 2025-12-03
> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new
> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
> ↳ Very latest 8.1.2.Final Central 2025-09-10
> org.hibernate.validator:hibernate-validator:8.0.3.Final
> ↳ Very latest 9.1.0.Final Central 2025-11-12
> org.infinispan:infinispan-bom:15.2.6.Final
> ↳ Very latest 16.0.3 Central new
> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
> ↳ Minor upgrade 3.1.0 Central 2024-02-07
> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central
> 2025-11-12
> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
> ↳ Very latest 7.0.0.Final Central 2025-10-01
> org.jboss.weld:weld-api:5.0.SP3
> ↳ Very latest 6.0.Final Central 2024-12-18
> org.jboss.weld:weld-core-impl:5.1.6.Final
> ↳ Very latest 6.0.3.Final Central 2025-05-21
> org.jgroups:jgroups:5.4.12.Final
> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
> org.junit:junit-bom:5.14.1
> ↳ Very latest 6.0.1 Central 2025-11-05
> org.lz4:lz4-java:1.8.0 1.8.1 Central new
> org.opensaml:opensaml-profile-api:4.3.2
> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
> org.ow2.asm:asm:9.7.1
> ↳ Minor upgrade 9.9 Central 2025-10-15
> org.wildfly:wildfly-naming-client:1.0.17.Final
> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
> ↳ Very latest 2.0.1.Final Central 2024-02-07
> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central
> 2025-10-22
> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24
> software.amazon.awssdk:annotations:2.36.3
> ↳ Minor upgrade 2.40.0 Central new
> 92 items
>
> Generated on 2025-12-03
>
> Report generated by Maven Dependency Updater
> <https://github.com/jboss-set/maven-dependency-updater>
> _______________________________________________
> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
> List Archives:
>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>
--
Brian Stansberry
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
_______________________________________________
wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives:
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...