[wildfly-dev] Re: Dependabot problems WAS: Possible component upgrades report - wildfly:main

I'm forking this into a separate thread as it looks like dependabot's not submitting PRs at all to wildfly/wildfly in a number of weeks. I haven't looked into why. Until that is sorted please pay extra attention to these 'Possible component upgrades report' emails and be proactive about sending up upgrade PRs in areas you are responsible for. On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe(a)redhat.com&gt; wrote: > Thanks, Rado! Hopefully the dependabot folks will figure it out. > > On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com&gt; wrote: > >> Funny enough, I was investigating this too last week and concluded it's >> most likely a dependabot bug. It is a relatively common problem that it >> stumbles with complicated projects and WildFly is inevitably a complicated >> project from a dependency perspective. It's not uncommon for us to have to >> change pom.xml in a way that dependabot could work with it. Which is much >> harder for projects like WF... >> >> The '{message: "ERROR: Invalid expression: /project/groupId}.channel"}' seemed >> to me to be a 'off by 1 error' and it really meant channels, but then >> again, that line <channels.maven.groupId>${project.groupId}.channels >> </channels.maven.groupId> is there since 2024, which seems to hint at >> something changing in dependabot. >> >> I ran out of options so I filed >> https://github.com/dependabot/dependabot-core/issues/13713 upstream. >> Feel free to add onto it. >> >> Rado >> >> >> >> >> >> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev < >> wildfly-dev(a)lists.jboss.org&gt; wrote: >> >>> I'm not asking anyone to do anything here; I'm just recording some info >>> about a curiosity in case we eventually dig more into it. >>> >>> We've been getting relatively few dependabot PRs lately, but there are >>> a lot of micros on this report, so that was interesting to me. >>> >>> Much of it is because we either deliberately disabled dependabot for a >>> GA (e.g. is some team manually manages the artifact as part of a broader >>> update strategy for whatever thing depends on it), or because we explicitly >>> closed a dependabot PR so some team could manually deal with that artifact. >>> All that's ok so long as teams don't forget. >>> >>> But there are a number of others that fail because dependabot fails >>> trying to generate the upgrade PR. These all have the same symptom in the >>> dependabot log: >>> >>> Handled error whilst updating the_groupId:the_artifact_id: >>> dependency_file_not_evaluatable {message: "ERROR: Invalid expression: >>> /project/groupId}.channel"} >>> >>> A gist at >>> https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8 >>> has more details. >>> >>> I poked a bit at some of the various relevant poms and didn't see >>> anything about "groupId}.channel" so ???. >>> >>> The root WF pom itself has "<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>" >>> but that has the trailing 's', plus it's been there for ages, plus I'd >>> think if that was somehow problematic no dependabot PRs would work. But we >>> do get some. >>> >>> >>> >>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev < >>> wildfly-dev(a)lists.jboss.org&gt; wrote: >>> >>>> Component Upgrade Report >>>> >>>> Following repositories were searched: >>>> >>>> - Central https://repo1.maven.org/maven2/ >>>> - JBossPublic >>>> https://repository.jboss.org/nexus/content/repositories/public/ >>>> >>>> Possible Component Upgrades >>>> GAV New Version Repository Since >>>> com.fasterxml:classmate:1.5.1 >>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01 >>>> com.fasterxml.woodstox:woodstox-core:7.0.0 >>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04 >>>> com.google.api.grpc:proto-google-common-protos:2.0.1 >>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12 >>>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17 >>>> com.google.guava:guava:33.0.0-jre >>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24 >>>> com.google.protobuf:protobuf-java:4.28.3 >>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19 >>>> com.h2database:h2:2.2.224 >>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01 >>>> com.nimbusds:nimbus-jose-jwt:10.3.1 >>>> ↳ Minor upgrade 10.6 Central 2025-11-12 >>>> com.sun.istack:istack-commons-runtime:4.1.2 >>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07 >>>> commons-codec:commons-codec:1.17.2 >>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12 >>>> commons-collections:commons-collections:3.2.2 >>>> ↳ Very latest 20040616 Central 2024-02-07 >>>> commons-io:commons-io:2.16.1 >>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12 >>>> de.dentrassi.crypto:pem-keystore:2.4.0 >>>> ↳ Very latest 3.0.0 Central 2024-11-20 >>>> io.agroal:agroal-api:2.0 >>>> ↳ Minor upgrade 2.8 Central 2025-08-20 >>>> io.github.resilience4j:resilience4j-core:2.2.0 >>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08 >>>> io.grpc:grpc-api:1.70.0 >>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19 >>>> io.micrometer:micrometer-commons:1.15.6 >>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12 >>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07 >>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15 >>>> io.netty:netty-bom:4.1.128.Final >>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15 >>>> io.opentelemetry:opentelemetry-api:1.48.0 >>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12 >>>> >>>> io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0 >>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26 >>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0 >>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03 >>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central >>>> 2025-07-09 >>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12 >>>> io.smallrye:smallrye-jwt:4.3.1 >>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28 >>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26 >>>> io.smallrye.config:smallrye-config:3.13.4 >>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15 >>>> io.smallrye.reactive:mutiny:2.8.0 >>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29 >>>> ↳ Very latest 3.1.0 Central new >>>> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1 >>>> ↳ Minor upgrade 3.21.1 Central new >>>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0 >>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07 >>>> ↳ Very latest 3.0.3 Central 2025-04-16 >>>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0 >>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12 >>>> io.vertx:vertx-amqp-client:4.5.22 >>>> ↳ Very latest 5.0.5 Central 2025-10-22 >>>> io.vertx:vertx-kafka-client:4.4.9 >>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22 >>>> ↳ Very latest 5.0.5 Central 2025-10-22 >>>> jakarta.annotation:jakarta.annotation-api:2.1.1 >>>> ↳ Very latest 3.0.0 Central 2024-04-10 >>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2 >>>> ↳ Very latest 4.1.0 Central 2024-04-17 >>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1 >>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17 >>>> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3 >>>> 3.0.4 Central 2024-07-03 >>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26 >>>> jakarta.faces:jakarta.faces-api:4.0.1 >>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06 >>>> jakarta.inject:jakarta.inject-api:1.0.5 >>>> ↳ Very latest 2.0.1 Central 2024-02-07 >>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24 >>>> jakarta.mvc:jakarta.mvc-api:2.1.0 >>>> ↳ Very latest 3.0.0 Central 2025-05-14 >>>> jakarta.persistence:jakarta.persistence-api:3.1.0 >>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22 >>>> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0 >>>> ↳ Very latest 4.0.0 Central 2024-06-26 >>>> jakarta.servlet:jakarta.servlet-api:6.0.0 >>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12 >>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1 >>>> ↳ Very latest 4.0.0 Central 2024-06-12 >>>> jakarta.validation:jakarta.validation-api:3.0.2 >>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05 >>>> jakarta.websocket:jakarta.websocket-api:2.1.1 >>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29 >>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0 >>>> ↳ Very latest 4.0.0 Central 2024-05-08 >>>> joda-time:joda-time:2.12.7 >>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02 >>>> net.bytebuddy:byte-buddy:1.15.11 >>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03 >>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15 >>>> ↳ Minor upgrade 1.18.2 Central new >>>> net.shibboleth.utilities:java-support:8.0.0 >>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17 >>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14 >>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22 >>>> org.apache.cxf:cxf-core:4.0.10 >>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19 >>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central >>>> 2025-10-29 >>>> org.apache.kafka:kafka-clients:3.9.1 >>>> ↳ Very latest 4.1.1 Central 2025-11-19 >>>> org.apache.kerby:kerb-server-api-all:2.0.3 >>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26 >>>> org.apache.lucene:lucene-analysis-common:9.11.1 >>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01 >>>> ↳ Very latest 10.3.2 Central 2025-11-19 >>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central >>>> 2025-10-01 >>>> ↳ Very latest 10.3.2 Central 2025-11-19 >>>> org.apache.santuario:xmlsec:3.0.6 >>>> ↳ Very latest 4.0.4 Central 2025-04-16 >>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05 >>>> org.apache.wss4j:wss4j-bindings:3.0.5 >>>> ↳ Very latest 4.0.1 Central 2025-11-05 >>>> org.assertj:assertj-bom:3.26.3 >>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24 >>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21 >>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24 >>>> org.eclipse.jdt:ecj:3.33.0 >>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10 >>>> org.eclipse.krazo:krazo-core:3.0.1 >>>> ↳ Very latest 4.0.1 Central 2025-06-11 >>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5 >>>> Central 2024-11-27 >>>> ↳ Minor upgrade 8.19.8 Central new >>>> ↳ Very latest 9.2.2 Central 2025-12-03 >>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central >>>> new >>>> ↳ Minor upgrade 9.2.2 Central new >>>> org.glassfish:jakarta.faces:4.0.12 >>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17 >>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17 >>>> org.glassfish.expressly:expressly:5.0.0 >>>> ↳ Very latest 6.0.0 Central 2025-05-21 >>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central >>>> 2025-08-20 >>>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new >>>> ↳ Very latest 7.1.11.Final Central 2025-12-03 >>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new >>>> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final >>>> ↳ Very latest 8.1.2.Final Central 2025-09-10 >>>> org.hibernate.validator:hibernate-validator:8.0.3.Final >>>> ↳ Very latest 9.1.0.Final Central 2025-11-12 >>>> org.infinispan:infinispan-bom:15.2.6.Final >>>> ↳ Very latest 16.0.3 Central new >>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final >>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07 >>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central >>>> 2025-11-12 >>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final >>>> ↳ Very latest 7.0.0.Final Central 2025-10-01 >>>> org.jboss.weld:weld-api:5.0.SP3 >>>> ↳ Very latest 6.0.Final Central 2024-12-18 >>>> org.jboss.weld:weld-core-impl:5.1.6.Final >>>> ↳ Very latest 6.0.3.Final Central 2025-05-21 >>>> org.jgroups:jgroups:5.4.12.Final >>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12 >>>> org.junit:junit-bom:5.14.1 >>>> ↳ Very latest 6.0.1 Central 2025-11-05 >>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new >>>> org.opensaml:opensaml-profile-api:4.3.2 >>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27 >>>> org.ow2.asm:asm:9.7.1 >>>> ↳ Minor upgrade 9.9 Central 2025-10-15 >>>> org.wildfly:wildfly-naming-client:1.0.17.Final >>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07 >>>> ↳ Very latest 2.0.1.Final Central 2024-02-07 >>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central >>>> 2025-10-22 >>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24 >>>> software.amazon.awssdk:annotations:2.36.3 >>>> ↳ Minor upgrade 2.40.0 Central new >>>> 92 items >>>> >>>> Generated on 2025-12-03 >>>> >>>> Report generated by Maven Dependency Updater >>>> <https://github.com/jboss-set/maven-dependency-updater> >>>> _______________________________________________ >>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org >>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org >>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy >>>> List Archives: >>>> https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message... >>>> >>> >>> >>> -- >>> Brian Stansberry >>> Architect, JBoss EAP >>> WildFly Project Lead >>> He/Him/His >>> _______________________________________________ >>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org >>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org >>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy >>> List Archives: >>> https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message... >>> >> > > -- > Brian Stansberry > Architect, JBoss EAP > WildFly Project Lead > He/Him/His > -- Brian Stansberry Collaborative Partner - IBM Architect, JBoss EAP WildFly Project Lead He/Him/His