3:33 p.m.
I'm not asking anyone to do anything here; I'm just recording some info
about a curiosity in case we eventually dig more into it.
We've been getting relatively few dependabot PRs lately, but there are a
lot of micros on this report, so that was interesting to me.
Much of it is because we either deliberately disabled dependabot for a GA
(e.g. is some team manually manages the artifact as part of a broader
update strategy for whatever thing depends on it), or because we explicitly
closed a dependabot PR so some team could manually deal with that artifact.
All that's ok so long as teams don't forget.
But there are a number of others that fail because dependabot fails trying
to generate the upgrade PR. These all have the same symptom in the
dependabot log:
Handled error whilst updating the_groupId:the_artifact_id:
dependency_file_not_evaluatable {message: "ERROR: Invalid expression:
/project/groupId}.channel"}
A gist at
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8 has
more details.
I poked a bit at some of the various relevant poms and didn't see anything
about "groupId}.channel" so ???.
The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
but that has the trailing 's', plus it's been there for ages, plus I'd
think if that was somehow problematic no dependabot PRs would work. But we
do get some.
On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
wildfly-dev(a)lists.jboss.org> wrote:
Component Upgrade Report
Following repositories were searched:
- Central https://repo1.maven.org/maven2/
- JBossPublic
https://repository.jboss.org/nexus/content/repositories/public/
Possible Component Upgrades
GAV New Version Repository Since
com.fasterxml:classmate:1.5.1
↳ Minor upgrade 1.7.1 Central 2025-10-01
com.fasterxml.woodstox:woodstox-core:7.0.0
↳ Minor upgrade 7.1.1 Central 2025-06-04
com.google.api.grpc:proto-google-common-protos:2.0.1
↳ Minor upgrade 2.63.1 Central 2025-11-12
com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
com.google.guava:guava:33.0.0-jre
↳ Minor upgrade 33.5.0-jre Central 2025-09-24
com.google.protobuf:protobuf-java:4.28.3
↳ Minor upgrade 4.33.1 Central 2025-11-19
com.h2database:h2:2.2.224
↳ Minor upgrade 2.4.240 Central 2025-10-01
com.nimbusds:nimbus-jose-jwt:10.3.1
↳ Minor upgrade 10.6 Central 2025-11-12
com.sun.istack:istack-commons-runtime:4.1.2
↳ Minor upgrade 4.2.0 Central 2024-02-07
commons-codec:commons-codec:1.17.2
↳ Minor upgrade 1.20.0 Central 2025-11-12
commons-collections:commons-collections:3.2.2
↳ Very latest 20040616 Central 2024-02-07
commons-io:commons-io:2.16.1
↳ Minor upgrade 2.21.0 Central 2025-11-12
de.dentrassi.crypto:pem-keystore:2.4.0
↳ Very latest 3.0.0 Central 2024-11-20
io.agroal:agroal-api:2.0
↳ Minor upgrade 2.8 Central 2025-08-20
io.github.resilience4j:resilience4j-core:2.2.0
↳ Minor upgrade 2.3.0 Central 2025-01-08
io.grpc:grpc-api:1.70.0
↳ Minor upgrade 1.77.0 Central 2025-11-19
io.micrometer:micrometer-commons:1.15.6
↳ Minor upgrade 1.16.0 Central 2025-11-12
io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
↳ Minor upgrade 4.2.7.Final Central 2025-10-15
io.netty:netty-bom:4.1.128.Final
↳ Minor upgrade 4.2.7.Final Central 2025-10-15
io.opentelemetry:opentelemetry-api:1.48.0
↳ Minor upgrade 1.56.0 Central 2025-11-12
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
↳ Minor upgrade 2.22.0 Central 2025-11-26
io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
↳ Minor upgrade 1.37.0 Central 2025-09-03
io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central 2025-07-09
↳ Minor upgrade 1.4.3 Central 2025-11-12
io.smallrye:smallrye-jwt:4.3.1
↳ Minor upgrade 4.6.2 Central 2025-05-28
io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26
io.smallrye.config:smallrye-config:3.13.4
↳ Minor upgrade 3.14.1 Central 2025-10-15
io.smallrye.reactive:mutiny:2.8.0
↳ Minor upgrade 2.9.5 Central 2025-10-29
↳ Very latest 3.1.0 Central new
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
↳ Minor upgrade 3.21.1 Central new
io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
↳ Minor upgrade 2.7.0 Central 2024-02-07
↳ Very latest 3.0.3 Central 2025-04-16
io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
↳ Minor upgrade 4.31.0 Central 2025-11-12
io.vertx:vertx-amqp-client:4.5.22
↳ Very latest 5.0.5 Central 2025-10-22
io.vertx:vertx-kafka-client:4.4.9
↳ Minor upgrade 4.5.22 Central 2025-10-22
↳ Very latest 5.0.5 Central 2025-10-22
jakarta.annotation:jakarta.annotation-api:2.1.1
↳ Very latest 3.0.0 Central 2024-04-10
jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
↳ Very latest 4.1.0 Central 2024-04-17
jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
↳ Minor upgrade 4.1.0 Central 2024-04-17
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
3.0.4 Central 2024-07-03
↳ Minor upgrade 3.1.1 Central 2024-06-26
jakarta.faces:jakarta.faces-api:4.0.1
↳ Minor upgrade 4.1.2 Central 2024-11-06
jakarta.inject:jakarta.inject-api:1.0.5
↳ Very latest 2.0.1 Central 2024-02-07
jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
jakarta.mvc:jakarta.mvc-api:2.1.0
↳ Very latest 3.0.0 Central 2025-05-14
jakarta.persistence:jakarta.persistence-api:3.1.0
↳ Minor upgrade 3.2.0 Central 2024-05-22
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
↳ Very latest 4.0.0 Central 2024-06-26
jakarta.servlet:jakarta.servlet-api:6.0.0
↳ Minor upgrade 6.1.0 Central 2024-06-12
jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
↳ Very latest 4.0.0 Central 2024-06-12
jakarta.validation:jakarta.validation-api:3.0.2
↳ Minor upgrade 3.1.1 Central 2025-02-05
jakarta.websocket:jakarta.websocket-api:2.1.1
↳ Minor upgrade 2.2.0 Central 2024-05-29
jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
↳ Very latest 4.0.0 Central 2024-05-08
joda-time:joda-time:2.12.7
↳ Minor upgrade 2.14.0 Central 2025-04-02
net.bytebuddy:byte-buddy:1.15.11
↳ Minor upgrade 1.18.2 Central 2025-12-03
net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
↳ Minor upgrade 1.18.2 Central new
net.shibboleth.utilities:java-support:8.0.0
↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
org.apache.cxf:cxf-core:4.0.10
↳ Minor upgrade 4.1.4 Central 2025-11-19
org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central 2025-10-29
org.apache.kafka:kafka-clients:3.9.1
↳ Very latest 4.1.1 Central 2025-11-19
org.apache.kerby:kerb-server-api-all:2.0.3
↳ Minor upgrade 2.1.1 Central 2025-11-26
org.apache.lucene:lucene-analysis-common:9.11.1
↳ Minor upgrade 9.12.3 Central 2025-10-01
↳ Very latest 10.3.2 Central 2025-11-19
org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central 2025-10-01
↳ Very latest 10.3.2 Central 2025-11-19
org.apache.santuario:xmlsec:3.0.6
↳ Very latest 4.0.4 Central 2025-04-16
org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05
org.apache.wss4j:wss4j-bindings:3.0.5
↳ Very latest 4.0.1 Central 2025-11-05
org.assertj:assertj-bom:3.26.3
↳ Minor upgrade 3.27.6 Central 2025-09-24
org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
org.eclipse.jdt:ecj:3.33.0
↳ Minor upgrade 3.43.0 Central 2025-09-10
org.eclipse.krazo:krazo-core:3.0.1
↳ Very latest 4.0.1 Central 2025-06-11
org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5 Central
2024-11-27
↳ Minor upgrade 8.19.8 Central new
↳ Very latest 9.2.2 Central 2025-12-03
org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central new
↳ Minor upgrade 9.2.2 Central new
org.glassfish:jakarta.faces:4.0.12
↳ Minor upgrade 4.1.4 Central 2025-09-17
org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
org.glassfish.expressly:expressly:5.0.0
↳ Very latest 6.0.0 Central 2025-05-21
org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central
2025-08-20
org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new
↳ Very latest 7.1.11.Final Central 2025-12-03
org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
↳ Very latest 8.1.2.Final Central 2025-09-10
org.hibernate.validator:hibernate-validator:8.0.3.Final
↳ Very latest 9.1.0.Final Central 2025-11-12
org.infinispan:infinispan-bom:15.2.6.Final
↳ Very latest 16.0.3 Central new
org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
↳ Minor upgrade 3.1.0 Central 2024-02-07
org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central
2025-11-12
org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
↳ Very latest 7.0.0.Final Central 2025-10-01
org.jboss.weld:weld-api:5.0.SP3
↳ Very latest 6.0.Final Central 2024-12-18
org.jboss.weld:weld-core-impl:5.1.6.Final
↳ Very latest 6.0.3.Final Central 2025-05-21
org.jgroups:jgroups:5.4.12.Final
↳ Minor upgrade 5.5.1.Final Central 2025-11-12
org.junit:junit-bom:5.14.1
↳ Very latest 6.0.1 Central 2025-11-05
org.lz4:lz4-java:1.8.0 1.8.1 Central new
org.opensaml:opensaml-profile-api:4.3.2
↳ Very latest 5.1.6 JBossPublic 2025-08-27
org.ow2.asm:asm:9.7.1
↳ Minor upgrade 9.9 Central 2025-10-15
org.wildfly:wildfly-naming-client:1.0.17.Final
↳ Minor upgrade 1.1.0.Final Central 2024-02-07
↳ Very latest 2.0.1.Final Central 2024-02-07
org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central
2025-10-22
org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24
software.amazon.awssdk:annotations:2.36.3
↳ Minor upgrade 2.40.0 Central new
92 items
Generated on 2025-12-03
Report generated by Maven Dependency Updater
<https://github.com/jboss-set/maven-dependency-updater>
_______________________________________________
wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives:
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
--
Brian Stansberry
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
3:45 a.m.
Funny enough, I was investigating this too last week and concluded it's
most likely a dependabot bug. It is a relatively common problem that it
stumbles with complicated projects and WildFly is inevitably a complicated
project from a dependency perspective. It's not uncommon for us to have to
change pom.xml in a way that dependabot could work with it. Which is much
harder for projects like WF...
The '{message: "ERROR: Invalid expression: /project/groupId}.channel"}'
seemed
to me to be a 'off by 1 error' and it really meant channels, but then
again, that line <channels.maven.groupId>${project.groupId}.channels
</channels.maven.groupId> is there since 2024, which seems to hint at
something changing in dependabot.
I ran out of options so I filed
https://github.com/dependabot/dependabot-core/issues/13713 upstream. Feel
free to add onto it.
Rado
On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <
wildfly-dev(a)lists.jboss.org> wrote:
I'm not asking anyone to do anything here; I'm just recording
some info
about a curiosity in case we eventually dig more into it.
We've been getting relatively few dependabot PRs lately, but there are a
lot of micros on this report, so that was interesting to me.
Much of it is because we either deliberately disabled dependabot for a GA
(e.g. is some team manually manages the artifact as part of a broader
update strategy for whatever thing depends on it), or because we explicitly
closed a dependabot PR so some team could manually deal with that artifact.
All that's ok so long as teams don't forget.
But there are a number of others that fail because dependabot fails trying
to generate the upgrade PR. These all have the same symptom in the
dependabot log:
Handled error whilst updating the_groupId:the_artifact_id:
dependency_file_not_evaluatable {message: "ERROR: Invalid expression:
/project/groupId}.channel"}
A gist at
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8 has
more details.
I poked a bit at some of the various relevant poms and didn't see anything
about "groupId}.channel" so ???.
The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
but that has the trailing 's', plus it's been there for ages, plus I'd
think if that was somehow problematic no dependabot PRs would work. But we
do get some.
On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
wildfly-dev(a)lists.jboss.org> wrote:
> Component Upgrade Report
>
> Following repositories were searched:
>
> - Central https://repo1.maven.org/maven2/
> - JBossPublic
> https://repository.jboss.org/nexus/content/repositories/public/
>
> Possible Component Upgrades
> GAV New Version Repository Since
> com.fasterxml:classmate:1.5.1
> ↳ Minor upgrade 1.7.1 Central 2025-10-01
> com.fasterxml.woodstox:woodstox-core:7.0.0
> ↳ Minor upgrade 7.1.1 Central 2025-06-04
> com.google.api.grpc:proto-google-common-protos:2.0.1
> ↳ Minor upgrade 2.63.1 Central 2025-11-12
> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
> com.google.guava:guava:33.0.0-jre
> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
> com.google.protobuf:protobuf-java:4.28.3
> ↳ Minor upgrade 4.33.1 Central 2025-11-19
> com.h2database:h2:2.2.224
> ↳ Minor upgrade 2.4.240 Central 2025-10-01
> com.nimbusds:nimbus-jose-jwt:10.3.1
> ↳ Minor upgrade 10.6 Central 2025-11-12
> com.sun.istack:istack-commons-runtime:4.1.2
> ↳ Minor upgrade 4.2.0 Central 2024-02-07
> commons-codec:commons-codec:1.17.2
> ↳ Minor upgrade 1.20.0 Central 2025-11-12
> commons-collections:commons-collections:3.2.2
> ↳ Very latest 20040616 Central 2024-02-07
> commons-io:commons-io:2.16.1
> ↳ Minor upgrade 2.21.0 Central 2025-11-12
> de.dentrassi.crypto:pem-keystore:2.4.0
> ↳ Very latest 3.0.0 Central 2024-11-20
> io.agroal:agroal-api:2.0
> ↳ Minor upgrade 2.8 Central 2025-08-20
> io.github.resilience4j:resilience4j-core:2.2.0
> ↳ Minor upgrade 2.3.0 Central 2025-01-08
> io.grpc:grpc-api:1.70.0
> ↳ Minor upgrade 1.77.0 Central 2025-11-19
> io.micrometer:micrometer-commons:1.15.6
> ↳ Minor upgrade 1.16.0 Central 2025-11-12
> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
> io.netty:netty-bom:4.1.128.Final
> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
> io.opentelemetry:opentelemetry-api:1.48.0
> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>
> io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
> ↳ Minor upgrade 2.22.0 Central 2025-11-26
> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
> ↳ Minor upgrade 1.37.0 Central 2025-09-03
> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central 2025-07-09
> ↳ Minor upgrade 1.4.3 Central 2025-11-12
> io.smallrye:smallrye-jwt:4.3.1
> ↳ Minor upgrade 4.6.2 Central 2025-05-28
> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26
> io.smallrye.config:smallrye-config:3.13.4
> ↳ Minor upgrade 3.14.1 Central 2025-10-15
> io.smallrye.reactive:mutiny:2.8.0
> ↳ Minor upgrade 2.9.5 Central 2025-10-29
> ↳ Very latest 3.1.0 Central new
> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
> ↳ Minor upgrade 3.21.1 Central new
> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
> ↳ Minor upgrade 2.7.0 Central 2024-02-07
> ↳ Very latest 3.0.3 Central 2025-04-16
> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
> ↳ Minor upgrade 4.31.0 Central 2025-11-12
> io.vertx:vertx-amqp-client:4.5.22
> ↳ Very latest 5.0.5 Central 2025-10-22
> io.vertx:vertx-kafka-client:4.4.9
> ↳ Minor upgrade 4.5.22 Central 2025-10-22
> ↳ Very latest 5.0.5 Central 2025-10-22
> jakarta.annotation:jakarta.annotation-api:2.1.1
> ↳ Very latest 3.0.0 Central 2024-04-10
> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
> ↳ Very latest 4.1.0 Central 2024-04-17
> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
> ↳ Minor upgrade 4.1.0 Central 2024-04-17
> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
> 3.0.4 Central 2024-07-03
> ↳ Minor upgrade 3.1.1 Central 2024-06-26
> jakarta.faces:jakarta.faces-api:4.0.1
> ↳ Minor upgrade 4.1.2 Central 2024-11-06
> jakarta.inject:jakarta.inject-api:1.0.5
> ↳ Very latest 2.0.1 Central 2024-02-07
> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
> jakarta.mvc:jakarta.mvc-api:2.1.0
> ↳ Very latest 3.0.0 Central 2025-05-14
> jakarta.persistence:jakarta.persistence-api:3.1.0
> ↳ Minor upgrade 3.2.0 Central 2024-05-22
> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
> ↳ Very latest 4.0.0 Central 2024-06-26
> jakarta.servlet:jakarta.servlet-api:6.0.0
> ↳ Minor upgrade 6.1.0 Central 2024-06-12
> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
> ↳ Very latest 4.0.0 Central 2024-06-12
> jakarta.validation:jakarta.validation-api:3.0.2
> ↳ Minor upgrade 3.1.1 Central 2025-02-05
> jakarta.websocket:jakarta.websocket-api:2.1.1
> ↳ Minor upgrade 2.2.0 Central 2024-05-29
> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
> ↳ Very latest 4.0.0 Central 2024-05-08
> joda-time:joda-time:2.12.7
> ↳ Minor upgrade 2.14.0 Central 2025-04-02
> net.bytebuddy:byte-buddy:1.15.11
> ↳ Minor upgrade 1.18.2 Central 2025-12-03
> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
> ↳ Minor upgrade 1.18.2 Central new
> net.shibboleth.utilities:java-support:8.0.0
> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
> org.apache.cxf:cxf-core:4.0.10
> ↳ Minor upgrade 4.1.4 Central 2025-11-19
> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central 2025-10-29
> org.apache.kafka:kafka-clients:3.9.1
> ↳ Very latest 4.1.1 Central 2025-11-19
> org.apache.kerby:kerb-server-api-all:2.0.3
> ↳ Minor upgrade 2.1.1 Central 2025-11-26
> org.apache.lucene:lucene-analysis-common:9.11.1
> ↳ Minor upgrade 9.12.3 Central 2025-10-01
> ↳ Very latest 10.3.2 Central 2025-11-19
> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central 2025-10-01
> ↳ Very latest 10.3.2 Central 2025-11-19
> org.apache.santuario:xmlsec:3.0.6
> ↳ Very latest 4.0.4 Central 2025-04-16
> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05
> org.apache.wss4j:wss4j-bindings:3.0.5
> ↳ Very latest 4.0.1 Central 2025-11-05
> org.assertj:assertj-bom:3.26.3
> ↳ Minor upgrade 3.27.6 Central 2025-09-24
> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
> org.eclipse.jdt:ecj:3.33.0
> ↳ Minor upgrade 3.43.0 Central 2025-09-10
> org.eclipse.krazo:krazo-core:3.0.1
> ↳ Very latest 4.0.1 Central 2025-06-11
> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5 Central
> 2024-11-27
> ↳ Minor upgrade 8.19.8 Central new
> ↳ Very latest 9.2.2 Central 2025-12-03
> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central
> new
> ↳ Minor upgrade 9.2.2 Central new
> org.glassfish:jakarta.faces:4.0.12
> ↳ Minor upgrade 4.1.4 Central 2025-09-17
> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
> org.glassfish.expressly:expressly:5.0.0
> ↳ Very latest 6.0.0 Central 2025-05-21
> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central
> 2025-08-20
> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new
> ↳ Very latest 7.1.11.Final Central 2025-12-03
> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new
> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
> ↳ Very latest 8.1.2.Final Central 2025-09-10
> org.hibernate.validator:hibernate-validator:8.0.3.Final
> ↳ Very latest 9.1.0.Final Central 2025-11-12
> org.infinispan:infinispan-bom:15.2.6.Final
> ↳ Very latest 16.0.3 Central new
> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
> ↳ Minor upgrade 3.1.0 Central 2024-02-07
> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central
> 2025-11-12
> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
> ↳ Very latest 7.0.0.Final Central 2025-10-01
> org.jboss.weld:weld-api:5.0.SP3
> ↳ Very latest 6.0.Final Central 2024-12-18
> org.jboss.weld:weld-core-impl:5.1.6.Final
> ↳ Very latest 6.0.3.Final Central 2025-05-21
> org.jgroups:jgroups:5.4.12.Final
> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
> org.junit:junit-bom:5.14.1
> ↳ Very latest 6.0.1 Central 2025-11-05
> org.lz4:lz4-java:1.8.0 1.8.1 Central new
> org.opensaml:opensaml-profile-api:4.3.2
> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
> org.ow2.asm:asm:9.7.1
> ↳ Minor upgrade 9.9 Central 2025-10-15
> org.wildfly:wildfly-naming-client:1.0.17.Final
> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
> ↳ Very latest 2.0.1.Final Central 2024-02-07
> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central
> 2025-10-22
> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24
> software.amazon.awssdk:annotations:2.36.3
> ↳ Minor upgrade 2.40.0 Central new
> 92 items
>
> Generated on 2025-12-03
>
> Report generated by Maven Dependency Updater
> <https://github.com/jboss-set/maven-dependency-updater>
> _______________________________________________
> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
> List Archives:
>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>
--
Brian Stansberry
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
_______________________________________________
wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives:
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
11:22 a.m.
Thanks, Rado! Hopefully the dependabot folks will figure it out.
On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com> wrote:
Funny enough, I was investigating this too last week and concluded
it's
most likely a dependabot bug. It is a relatively common problem that it
stumbles with complicated projects and WildFly is inevitably a complicated
project from a dependency perspective. It's not uncommon for us to have to
change pom.xml in a way that dependabot could work with it. Which is much
harder for projects like WF...
The '{message: "ERROR: Invalid expression: /project/groupId}.channel"}'
seemed
to me to be a 'off by 1 error' and it really meant channels, but then
again, that line <channels.maven.groupId>${project.groupId}.channels
</channels.maven.groupId> is there since 2024, which seems to hint at
something changing in dependabot.
I ran out of options so I filed
https://github.com/dependabot/dependabot-core/issues/13713 upstream. Feel
free to add onto it.
Rado
On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <
wildfly-dev(a)lists.jboss.org> wrote:
> I'm not asking anyone to do anything here; I'm just recording some info
> about a curiosity in case we eventually dig more into it.
>
> We've been getting relatively few dependabot PRs lately, but there are a
> lot of micros on this report, so that was interesting to me.
>
> Much of it is because we either deliberately disabled dependabot for a GA
> (e.g. is some team manually manages the artifact as part of a broader
> update strategy for whatever thing depends on it), or because we explicitly
> closed a dependabot PR so some team could manually deal with that artifact.
> All that's ok so long as teams don't forget.
>
> But there are a number of others that fail because dependabot fails
> trying to generate the upgrade PR. These all have the same symptom in the
> dependabot log:
>
> Handled error whilst updating the_groupId:the_artifact_id:
> dependency_file_not_evaluatable {message: "ERROR: Invalid expression:
> /project/groupId}.channel"}
>
> A gist at
> https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8 has
> more details.
>
> I poked a bit at some of the various relevant poms and didn't see
> anything about "groupId}.channel" so ???.
>
> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
> but that has the trailing 's', plus it's been there for ages, plus
I'd
> think if that was somehow problematic no dependabot PRs would work. But we
> do get some.
>
>
>
> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
> wildfly-dev(a)lists.jboss.org> wrote:
>
>> Component Upgrade Report
>>
>> Following repositories were searched:
>>
>> - Central https://repo1.maven.org/maven2/
>> - JBossPublic
>> https://repository.jboss.org/nexus/content/repositories/public/
>>
>> Possible Component Upgrades
>> GAV New Version Repository Since
>> com.fasterxml:classmate:1.5.1
>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>> com.fasterxml.woodstox:woodstox-core:7.0.0
>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>> com.google.api.grpc:proto-google-common-protos:2.0.1
>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
>> com.google.guava:guava:33.0.0-jre
>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>> com.google.protobuf:protobuf-java:4.28.3
>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>> com.h2database:h2:2.2.224
>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>> com.nimbusds:nimbus-jose-jwt:10.3.1
>> ↳ Minor upgrade 10.6 Central 2025-11-12
>> com.sun.istack:istack-commons-runtime:4.1.2
>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>> commons-codec:commons-codec:1.17.2
>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>> commons-collections:commons-collections:3.2.2
>> ↳ Very latest 20040616 Central 2024-02-07
>> commons-io:commons-io:2.16.1
>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>> de.dentrassi.crypto:pem-keystore:2.4.0
>> ↳ Very latest 3.0.0 Central 2024-11-20
>> io.agroal:agroal-api:2.0
>> ↳ Minor upgrade 2.8 Central 2025-08-20
>> io.github.resilience4j:resilience4j-core:2.2.0
>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>> io.grpc:grpc-api:1.70.0
>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>> io.micrometer:micrometer-commons:1.15.6
>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>> io.netty:netty-bom:4.1.128.Final
>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>> io.opentelemetry:opentelemetry-api:1.48.0
>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>
>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central 2025-07-09
>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>> io.smallrye:smallrye-jwt:4.3.1
>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26
>> io.smallrye.config:smallrye-config:3.13.4
>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>> io.smallrye.reactive:mutiny:2.8.0
>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>> ↳ Very latest 3.1.0 Central new
>> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>> ↳ Minor upgrade 3.21.1 Central new
>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>> ↳ Very latest 3.0.3 Central 2025-04-16
>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>> io.vertx:vertx-amqp-client:4.5.22
>> ↳ Very latest 5.0.5 Central 2025-10-22
>> io.vertx:vertx-kafka-client:4.4.9
>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>> ↳ Very latest 5.0.5 Central 2025-10-22
>> jakarta.annotation:jakarta.annotation-api:2.1.1
>> ↳ Very latest 3.0.0 Central 2024-04-10
>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>> ↳ Very latest 4.1.0 Central 2024-04-17
>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>> 3.0.4 Central 2024-07-03
>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>> jakarta.faces:jakarta.faces-api:4.0.1
>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>> jakarta.inject:jakarta.inject-api:1.0.5
>> ↳ Very latest 2.0.1 Central 2024-02-07
>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
>> jakarta.mvc:jakarta.mvc-api:2.1.0
>> ↳ Very latest 3.0.0 Central 2025-05-14
>> jakarta.persistence:jakarta.persistence-api:3.1.0
>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>> ↳ Very latest 4.0.0 Central 2024-06-26
>> jakarta.servlet:jakarta.servlet-api:6.0.0
>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>> ↳ Very latest 4.0.0 Central 2024-06-12
>> jakarta.validation:jakarta.validation-api:3.0.2
>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>> jakarta.websocket:jakarta.websocket-api:2.1.1
>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>> ↳ Very latest 4.0.0 Central 2024-05-08
>> joda-time:joda-time:2.12.7
>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>> net.bytebuddy:byte-buddy:1.15.11
>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
>> ↳ Minor upgrade 1.18.2 Central new
>> net.shibboleth.utilities:java-support:8.0.0
>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
>> org.apache.cxf:cxf-core:4.0.10
>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central 2025-10-29
>> org.apache.kafka:kafka-clients:3.9.1
>> ↳ Very latest 4.1.1 Central 2025-11-19
>> org.apache.kerby:kerb-server-api-all:2.0.3
>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>> org.apache.lucene:lucene-analysis-common:9.11.1
>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>> ↳ Very latest 10.3.2 Central 2025-11-19
>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central
>> 2025-10-01
>> ↳ Very latest 10.3.2 Central 2025-11-19
>> org.apache.santuario:xmlsec:3.0.6
>> ↳ Very latest 4.0.4 Central 2025-04-16
>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05
>> org.apache.wss4j:wss4j-bindings:3.0.5
>> ↳ Very latest 4.0.1 Central 2025-11-05
>> org.assertj:assertj-bom:3.26.3
>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
>> org.eclipse.jdt:ecj:3.33.0
>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>> org.eclipse.krazo:krazo-core:3.0.1
>> ↳ Very latest 4.0.1 Central 2025-06-11
>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5 Central
>> 2024-11-27
>> ↳ Minor upgrade 8.19.8 Central new
>> ↳ Very latest 9.2.2 Central 2025-12-03
>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central
>> new
>> ↳ Minor upgrade 9.2.2 Central new
>> org.glassfish:jakarta.faces:4.0.12
>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
>> org.glassfish.expressly:expressly:5.0.0
>> ↳ Very latest 6.0.0 Central 2025-05-21
>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central
>> 2025-08-20
>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new
>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new
>> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>> org.hibernate.validator:hibernate-validator:8.0.3.Final
>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>> org.infinispan:infinispan-bom:15.2.6.Final
>> ↳ Very latest 16.0.3 Central new
>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central
>> 2025-11-12
>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>> org.jboss.weld:weld-api:5.0.SP3
>> ↳ Very latest 6.0.Final Central 2024-12-18
>> org.jboss.weld:weld-core-impl:5.1.6.Final
>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>> org.jgroups:jgroups:5.4.12.Final
>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>> org.junit:junit-bom:5.14.1
>> ↳ Very latest 6.0.1 Central 2025-11-05
>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>> org.opensaml:opensaml-profile-api:4.3.2
>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>> org.ow2.asm:asm:9.7.1
>> ↳ Minor upgrade 9.9 Central 2025-10-15
>> org.wildfly:wildfly-naming-client:1.0.17.Final
>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central
>> 2025-10-22
>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24
>> software.amazon.awssdk:annotations:2.36.3
>> ↳ Minor upgrade 2.40.0 Central new
>> 92 items
>>
>> Generated on 2025-12-03
>>
>> Report generated by Maven Dependency Updater
>> <https://github.com/jboss-set/maven-dependency-updater>
>> _______________________________________________
>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>> List Archives:
>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>
>
>
> --
> Brian Stansberry
> Architect, JBoss EAP
> WildFly Project Lead
> He/Him/His
> _______________________________________________
> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
> List Archives:
>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>
--
Brian Stansberry
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
1:20 p.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
I'm forking this into a separate thread as it looks like dependabot's not
submitting PRs at all to wildfly/wildfly in a number of weeks.
I haven't looked into why.
Until that is sorted please pay extra attention to these 'Possible
component upgrades report' emails and be proactive about sending up upgrade
PRs in areas you are responsible for.
On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
Thanks, Rado! Hopefully the dependabot folks will figure it out.
On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com> wrote:
> Funny enough, I was investigating this too last week and concluded it's
> most likely a dependabot bug. It is a relatively common problem that it
> stumbles with complicated projects and WildFly is inevitably a complicated
> project from a dependency perspective. It's not uncommon for us to have to
> change pom.xml in a way that dependabot could work with it. Which is much
> harder for projects like WF...
>
> The '{message: "ERROR: Invalid expression:
/project/groupId}.channel"}' seemed
> to me to be a 'off by 1 error' and it really meant channels, but then
> again, that line <channels.maven.groupId>${project.groupId}.channels
> </channels.maven.groupId> is there since 2024, which seems to hint at
> something changing in dependabot.
>
> I ran out of options so I filed
> https://github.com/dependabot/dependabot-core/issues/13713 upstream.
> Feel free to add onto it.
>
> Rado
>
>
>
>
>
> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <
> wildfly-dev(a)lists.jboss.org> wrote:
>
>> I'm not asking anyone to do anything here; I'm just recording some info
>> about a curiosity in case we eventually dig more into it.
>>
>> We've been getting relatively few dependabot PRs lately, but there are a
>> lot of micros on this report, so that was interesting to me.
>>
>> Much of it is because we either deliberately disabled dependabot for a
>> GA (e.g. is some team manually manages the artifact as part of a broader
>> update strategy for whatever thing depends on it), or because we explicitly
>> closed a dependabot PR so some team could manually deal with that artifact.
>> All that's ok so long as teams don't forget.
>>
>> But there are a number of others that fail because dependabot fails
>> trying to generate the upgrade PR. These all have the same symptom in the
>> dependabot log:
>>
>> Handled error whilst updating the_groupId:the_artifact_id:
>> dependency_file_not_evaluatable {message: "ERROR: Invalid expression:
>> /project/groupId}.channel"}
>>
>> A gist at
>> https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>> has more details.
>>
>> I poked a bit at some of the various relevant poms and didn't see
>> anything about "groupId}.channel" so ???.
>>
>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>> but that has the trailing 's', plus it's been there for ages, plus
I'd
>> think if that was somehow problematic no dependabot PRs would work. But we
>> do get some.
>>
>>
>>
>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
>> wildfly-dev(a)lists.jboss.org> wrote:
>>
>>> Component Upgrade Report
>>>
>>> Following repositories were searched:
>>>
>>> - Central https://repo1.maven.org/maven2/
>>> - JBossPublic
>>> https://repository.jboss.org/nexus/content/repositories/public/
>>>
>>> Possible Component Upgrades
>>> GAV New Version Repository Since
>>> com.fasterxml:classmate:1.5.1
>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>> com.google.api.grpc:proto-google-common-protos:2.0.1
>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
>>> com.google.guava:guava:33.0.0-jre
>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>> com.google.protobuf:protobuf-java:4.28.3
>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>> com.h2database:h2:2.2.224
>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>> com.sun.istack:istack-commons-runtime:4.1.2
>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>> commons-codec:commons-codec:1.17.2
>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>> commons-collections:commons-collections:3.2.2
>>> ↳ Very latest 20040616 Central 2024-02-07
>>> commons-io:commons-io:2.16.1
>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>> io.agroal:agroal-api:2.0
>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>> io.github.resilience4j:resilience4j-core:2.2.0
>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>> io.grpc:grpc-api:1.70.0
>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>> io.micrometer:micrometer-commons:1.15.6
>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>> io.netty:netty-bom:4.1.128.Final
>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>> io.opentelemetry:opentelemetry-api:1.48.0
>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>
>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central 2025-07-09
>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>> io.smallrye:smallrye-jwt:4.3.1
>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26
>>> io.smallrye.config:smallrye-config:3.13.4
>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>> io.smallrye.reactive:mutiny:2.8.0
>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>> ↳ Very latest 3.1.0 Central new
>>> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>> ↳ Minor upgrade 3.21.1 Central new
>>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>> io.vertx:vertx-amqp-client:4.5.22
>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>> io.vertx:vertx-kafka-client:4.4.9
>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>> 3.0.4 Central 2024-07-03
>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>> jakarta.faces:jakarta.faces-api:4.0.1
>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>> jakarta.inject:jakarta.inject-api:1.0.5
>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>> jakarta.persistence:jakarta.persistence-api:3.1.0
>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>> jakarta.validation:jakarta.validation-api:3.0.2
>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>> joda-time:joda-time:2.12.7
>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>> net.bytebuddy:byte-buddy:1.15.11
>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
>>> ↳ Minor upgrade 1.18.2 Central new
>>> net.shibboleth.utilities:java-support:8.0.0
>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
>>> org.apache.cxf:cxf-core:4.0.10
>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central 2025-10-29
>>> org.apache.kafka:kafka-clients:3.9.1
>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central
>>> 2025-10-01
>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>> org.apache.santuario:xmlsec:3.0.6
>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05
>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>> org.assertj:assertj-bom:3.26.3
>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
>>> org.eclipse.jdt:ecj:3.33.0
>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>> org.eclipse.krazo:krazo-core:3.0.1
>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5
>>> Central 2024-11-27
>>> ↳ Minor upgrade 8.19.8 Central new
>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central
>>> new
>>> ↳ Minor upgrade 9.2.2 Central new
>>> org.glassfish:jakarta.faces:4.0.12
>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
>>> org.glassfish.expressly:expressly:5.0.0
>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central
>>> 2025-08-20
>>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new
>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new
>>> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>> org.hibernate.validator:hibernate-validator:8.0.3.Final
>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>> org.infinispan:infinispan-bom:15.2.6.Final
>>> ↳ Very latest 16.0.3 Central new
>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central
>>> 2025-11-12
>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>> org.jboss.weld:weld-api:5.0.SP3
>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>> org.jgroups:jgroups:5.4.12.Final
>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>> org.junit:junit-bom:5.14.1
>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>> org.opensaml:opensaml-profile-api:4.3.2
>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>> org.ow2.asm:asm:9.7.1
>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central
>>> 2025-10-22
>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24
>>> software.amazon.awssdk:annotations:2.36.3
>>> ↳ Minor upgrade 2.40.0 Central new
>>> 92 items
>>>
>>> Generated on 2025-12-03
>>>
>>> Report generated by Maven Dependency Updater
>>> <https://github.com/jboss-set/maven-dependency-updater>
>>> _______________________________________________
>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>>> List Archives:
>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>
>>
>>
>> --
>> Brian Stansberry
>> Architect, JBoss EAP
>> WildFly Project Lead
>> He/Him/His
>> _______________________________________________
>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>> List Archives:
>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>
>
--
Brian Stansberry
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
1:34 p.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Looking at
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
it looks like the last time a 'maven in' job ran was Dec 30. Since then
it's only 'github_actions in' jobs.
On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
I'm forking this into a separate thread as it looks like
dependabot's not
submitting PRs at all to wildfly/wildfly in a number of weeks.
I haven't looked into why.
Until that is sorted please pay extra attention to these 'Possible
component upgrades report' emails and be proactive about sending up upgrade
PRs in areas you are responsible for.
On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
> Thanks, Rado! Hopefully the dependabot folks will figure it out.
>
> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com> wrote:
>
>> Funny enough, I was investigating this too last week and concluded it's
>> most likely a dependabot bug. It is a relatively common problem that it
>> stumbles with complicated projects and WildFly is inevitably a complicated
>> project from a dependency perspective. It's not uncommon for us to have to
>> change pom.xml in a way that dependabot could work with it. Which is much
>> harder for projects like WF...
>>
>> The '{message: "ERROR: Invalid expression:
/project/groupId}.channel"}' seemed
>> to me to be a 'off by 1 error' and it really meant channels, but then
>> again, that line <channels.maven.groupId>${project.groupId}.channels
>> </channels.maven.groupId> is there since 2024, which seems to hint at
>> something changing in dependabot.
>>
>> I ran out of options so I filed
>> https://github.com/dependabot/dependabot-core/issues/13713 upstream.
>> Feel free to add onto it.
>>
>> Rado
>>
>>
>>
>>
>>
>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <
>> wildfly-dev(a)lists.jboss.org> wrote:
>>
>>> I'm not asking anyone to do anything here; I'm just recording some
info
>>> about a curiosity in case we eventually dig more into it.
>>>
>>> We've been getting relatively few dependabot PRs lately, but there are
>>> a lot of micros on this report, so that was interesting to me.
>>>
>>> Much of it is because we either deliberately disabled dependabot for a
>>> GA (e.g. is some team manually manages the artifact as part of a broader
>>> update strategy for whatever thing depends on it), or because we explicitly
>>> closed a dependabot PR so some team could manually deal with that artifact.
>>> All that's ok so long as teams don't forget.
>>>
>>> But there are a number of others that fail because dependabot fails
>>> trying to generate the upgrade PR. These all have the same symptom in the
>>> dependabot log:
>>>
>>> Handled error whilst updating the_groupId:the_artifact_id:
>>> dependency_file_not_evaluatable {message: "ERROR: Invalid expression:
>>> /project/groupId}.channel"}
>>>
>>> A gist at
>>> https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>> has more details.
>>>
>>> I poked a bit at some of the various relevant poms and didn't see
>>> anything about "groupId}.channel" so ???.
>>>
>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>> but that has the trailing 's', plus it's been there for ages,
plus I'd
>>> think if that was somehow problematic no dependabot PRs would work. But we
>>> do get some.
>>>
>>>
>>>
>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>
>>>> Component Upgrade Report
>>>>
>>>> Following repositories were searched:
>>>>
>>>> - Central https://repo1.maven.org/maven2/
>>>> - JBossPublic
>>>> https://repository.jboss.org/nexus/content/repositories/public/
>>>>
>>>> Possible Component Upgrades
>>>> GAV New Version Repository Since
>>>> com.fasterxml:classmate:1.5.1
>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>> com.google.api.grpc:proto-google-common-protos:2.0.1
>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
>>>> com.google.guava:guava:33.0.0-jre
>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>>> com.google.protobuf:protobuf-java:4.28.3
>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>> com.h2database:h2:2.2.224
>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>> commons-codec:commons-codec:1.17.2
>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>> commons-collections:commons-collections:3.2.2
>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>> commons-io:commons-io:2.16.1
>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>> io.agroal:agroal-api:2.0
>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>> io.github.resilience4j:resilience4j-core:2.2.0
>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>> io.grpc:grpc-api:1.70.0
>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>> io.micrometer:micrometer-commons:1.15.6
>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>> io.netty:netty-bom:4.1.128.Final
>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>
>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central
>>>> 2025-07-09
>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>> io.smallrye:smallrye-jwt:4.3.1
>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26
>>>> io.smallrye.config:smallrye-config:3.13.4
>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>> io.smallrye.reactive:mutiny:2.8.0
>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>> ↳ Very latest 3.1.0 Central new
>>>> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>> ↳ Minor upgrade 3.21.1 Central new
>>>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>> io.vertx:vertx-amqp-client:4.5.22
>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>> io.vertx:vertx-kafka-client:4.4.9
>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>> jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>> 3.0.4 Central 2024-07-03
>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>> jakarta.persistence:jakarta.persistence-api:3.1.0
>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>> jakarta.validation:jakarta.validation-api:3.0.2
>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>> joda-time:joda-time:2.12.7
>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>> net.bytebuddy:byte-buddy:1.15.11
>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
>>>> ↳ Minor upgrade 1.18.2 Central new
>>>> net.shibboleth.utilities:java-support:8.0.0
>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
>>>> org.apache.cxf:cxf-core:4.0.10
>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central
>>>> 2025-10-29
>>>> org.apache.kafka:kafka-clients:3.9.1
>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central
>>>> 2025-10-01
>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>> org.apache.santuario:xmlsec:3.0.6
>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central 2025-11-05
>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>> org.assertj:assertj-bom:3.26.3
>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
>>>> org.eclipse.jdt:ecj:3.33.0
>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5
>>>> Central 2024-11-27
>>>> ↳ Minor upgrade 8.19.8 Central new
>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8 Central
>>>> new
>>>> ↳ Minor upgrade 9.2.2 Central new
>>>> org.glassfish:jakarta.faces:4.0.12
>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
>>>> org.glassfish.expressly:expressly:5.0.0
>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4 Central
>>>> 2025-08-20
>>>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central new
>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central new
>>>> org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>> org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>> ↳ Very latest 16.0.3 Central new
>>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central
>>>> 2025-11-12
>>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>> org.jboss.weld:weld-api:5.0.SP3
>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>> org.jgroups:jgroups:5.4.12.Final
>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>>> org.junit:junit-bom:5.14.1
>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>> org.ow2.asm:asm:9.7.1
>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central
>>>> 2025-10-22
>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24
>>>> software.amazon.awssdk:annotations:2.36.3
>>>> ↳ Minor upgrade 2.40.0 Central new
>>>> 92 items
>>>>
>>>> Generated on 2025-12-03
>>>>
>>>> Report generated by Maven Dependency Updater
>>>> <https://github.com/jboss-set/maven-dependency-updater>
>>>> _______________________________________________
>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>>>> List Archives:
>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>
>>>
>>>
>>> --
>>> Brian Stansberry
>>> Architect, JBoss EAP
>>> WildFly Project Lead
>>> He/Him/His
>>> _______________________________________________
>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>>> List Archives:
>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>
>>
>
> --
> Brian Stansberry
> Architect, JBoss EAP
> WildFly Project Lead
> He/Him/His
>
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
3:49 p.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Just to share where we stand on fixing this upstream, the issue has been
raised as https://github.com/dependabot/dependabot-core/issues/13713
and there is already a fix available at
https://github.com/dependabot/dependabot-core/pull/13746
I asked if there is something we can do to help move this forward.
Also, just to note, when I try to restart the dependabot workflows - they
aren't re-runnable :-(
Warning: Dependabot workflows cannot be re-run. Retrigger this update
via
Dependabot instead.
Rado
On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
Looking at
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
it looks like the last time a 'maven in' job ran was Dec 30. Since then
it's only 'github_actions in' jobs.
On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
> I'm forking this into a separate thread as it looks like dependabot's not
> submitting PRs at all to wildfly/wildfly in a number of weeks.
>
> I haven't looked into why.
>
> Until that is sorted please pay extra attention to these 'Possible
> component upgrades report' emails and be proactive about sending up upgrade
> PRs in areas you are responsible for.
>
> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe(a)redhat.com>
> wrote:
>
>> Thanks, Rado! Hopefully the dependabot folks will figure it out.
>>
>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com> wrote:
>>
>>> Funny enough, I was investigating this too last week and concluded it's
>>> most likely a dependabot bug. It is a relatively common problem that it
>>> stumbles with complicated projects and WildFly is inevitably a complicated
>>> project from a dependency perspective. It's not uncommon for us to have
to
>>> change pom.xml in a way that dependabot could work with it. Which is much
>>> harder for projects like WF...
>>>
>>> The '{message: "ERROR: Invalid expression:
/project/groupId}.channel"}' seemed
>>> to me to be a 'off by 1 error' and it really meant channels, but
then
>>> again, that line <channels.maven.groupId>${project.groupId}.channels
>>> </channels.maven.groupId> is there since 2024, which seems to hint at
>>> something changing in dependabot.
>>>
>>> I ran out of options so I filed
>>> https://github.com/dependabot/dependabot-core/issues/13713 upstream.
>>> Feel free to add onto it.
>>>
>>> Rado
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <
>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>
>>>> I'm not asking anyone to do anything here; I'm just recording
some
>>>> info about a curiosity in case we eventually dig more into it.
>>>>
>>>> We've been getting relatively few dependabot PRs lately, but there
are
>>>> a lot of micros on this report, so that was interesting to me.
>>>>
>>>> Much of it is because we either deliberately disabled dependabot for a
>>>> GA (e.g. is some team manually manages the artifact as part of a broader
>>>> update strategy for whatever thing depends on it), or because we
explicitly
>>>> closed a dependabot PR so some team could manually deal with that
artifact.
>>>> All that's ok so long as teams don't forget.
>>>>
>>>> But there are a number of others that fail because dependabot fails
>>>> trying to generate the upgrade PR. These all have the same symptom in
the
>>>> dependabot log:
>>>>
>>>> Handled error whilst updating the_groupId:the_artifact_id:
>>>> dependency_file_not_evaluatable {message: "ERROR: Invalid
expression:
>>>> /project/groupId}.channel"}
>>>>
>>>> A gist at
>>>> https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>> has more details.
>>>>
>>>> I poked a bit at some of the various relevant poms and didn't see
>>>> anything about "groupId}.channel" so ???.
>>>>
>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>> but that has the trailing 's', plus it's been there for ages,
plus I'd
>>>> think if that was somehow problematic no dependabot PRs would work. But
we
>>>> do get some.
>>>>
>>>>
>>>>
>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>
>>>>> Component Upgrade Report
>>>>>
>>>>> Following repositories were searched:
>>>>>
>>>>> - Central https://repo1.maven.org/maven2/
>>>>> - JBossPublic
>>>>> https://repository.jboss.org/nexus/content/repositories/public/
>>>>>
>>>>> Possible Component Upgrades
>>>>> GAV New Version Repository Since
>>>>> com.fasterxml:classmate:1.5.1
>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>> com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
>>>>> com.google.guava:guava:33.0.0-jre
>>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>> com.h2database:h2:2.2.224
>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>> commons-codec:commons-codec:1.17.2
>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>> commons-collections:commons-collections:3.2.2
>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>> commons-io:commons-io:2.16.1
>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>> io.agroal:agroal-api:2.0
>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>> io.github.resilience4j:resilience4j-core:2.2.0
>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>> io.grpc:grpc-api:1.70.0
>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>> io.netty:netty-bom:4.1.128.Final
>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>
>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central
>>>>> 2025-07-09
>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central 2025-11-26
>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>> ↳ Very latest 3.1.0 Central new
>>>>> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>> 3.0.4 Central 2024-07-03
>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>> jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>> jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>> jakarta.validation:jakarta.validation-api:3.0.2
>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>> joda-time:joda-time:2.12.7
>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central
>>>>> 2025-10-29
>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central
>>>>> 2025-10-01
>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central
2025-11-05
>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>> org.assertj:assertj-bom:3.26.3
>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5
>>>>> Central 2024-11-27
>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8
>>>>> Central new
>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4
Central
>>>>> 2025-08-20
>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final Central
>>>>> new
>>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final Central
new
>>>>>
>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>> org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>> ↳ Very latest 16.0.3 Central new
>>>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final Central
>>>>> 2025-11-12
>>>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>>>> org.junit:junit-bom:5.14.1
>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>> org.ow2.asm:asm:9.7.1
>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final Central
>>>>> 2025-10-22
>>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central 2025-07-24
>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>> 92 items
>>>>>
>>>>> Generated on 2025-12-03
>>>>>
>>>>> Report generated by Maven Dependency Updater
>>>>> <https://github.com/jboss-set/maven-dependency-updater>
>>>>> _______________________________________________
>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>>>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>>>>> List Archives:
>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>
>>>>
>>>>
>>>> --
>>>> Brian Stansberry
>>>> Architect, JBoss EAP
>>>> WildFly Project Lead
>>>> He/Him/His
>>>> _______________________________________________
>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>>>> List Archives:
>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>
>>>
>>
>> --
>> Brian Stansberry
>> Architect, JBoss EAP
>> WildFly Project Lead
>> He/Him/His
>>
>
>
> --
> Brian Stansberry
> Collaborative Partner - IBM
> Architect, JBoss EAP
> WildFly Project Lead
> He/Him/His
>
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
4:05 p.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Brian, looks like I found the problem – the issue is that after 30 failed
runs all GitHub Actions stop. Can you perform one of the suggested
actions below to get us going for another 30 days and hopefully in the
meantime the above issues will be resolved?
From their website: Sometimes, due to misconfiguration or incompatible
versions, Dependabot jobs for a repository will fail and Dependabot will
continue to run and continue to fail. Now, after 30 failed runs, Dependabot
will immediately fail subsequent scheduled jobs until you trigger a check
for updates from the dependency graph or by updating a manifest file.
Dependabot security update jobs will still trigger as usual.
Thanks,
Rado
On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
Just to share where we stand on fixing this upstream, the issue has
been
raised as https://github.com/dependabot/dependabot-core/issues/13713
and there is already a fix available at
https://github.com/dependabot/dependabot-core/pull/13746
I asked if there is something we can do to help move this forward.
Also, just to note, when I try to restart the dependabot workflows - they
aren't re-runnable :-(
> Warning: Dependabot workflows cannot be re-run. Retrigger this update
via Dependabot instead.
Rado
On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
> Looking at
> https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
> it looks like the last time a 'maven in' job ran was Dec 30. Since then
> it's only 'github_actions in' jobs.
>
> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <bstansbe(a)redhat.com>
> wrote:
>
>> I'm forking this into a separate thread as it looks like dependabot's
>> not submitting PRs at all to wildfly/wildfly in a number of weeks.
>>
>> I haven't looked into why.
>>
>> Until that is sorted please pay extra attention to these 'Possible
>> component upgrades report' emails and be proactive about sending up upgrade
>> PRs in areas you are responsible for.
>>
>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe(a)redhat.com>
>> wrote:
>>
>>> Thanks, Rado! Hopefully the dependabot folks will figure it out.
>>>
>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com>
>>> wrote:
>>>
>>>> Funny enough, I was investigating this too last week and concluded
>>>> it's most likely a dependabot bug. It is a relatively common problem
that
>>>> it stumbles with complicated projects and WildFly is inevitably a
>>>> complicated project from a dependency perspective. It's not uncommon
for us
>>>> to have to change pom.xml in a way that dependabot could work with it.
>>>> Which is much harder for projects like WF...
>>>>
>>>> The '{message: "ERROR: Invalid expression:
>>>> /project/groupId}.channel"}' seemed to me to be a 'off by 1
error'
>>>> and it really meant channels, but then again, that line
>>>> <channels.maven.groupId>${project.groupId}.channels
>>>> </channels.maven.groupId> is there since 2024, which seems to hint
at
>>>> something changing in dependabot.
>>>>
>>>> I ran out of options so I filed
>>>> https://github.com/dependabot/dependabot-core/issues/13713 upstream.
>>>> Feel free to add onto it.
>>>>
>>>> Rado
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev <
>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>
>>>>> I'm not asking anyone to do anything here; I'm just recording
some
>>>>> info about a curiosity in case we eventually dig more into it.
>>>>>
>>>>> We've been getting relatively few dependabot PRs lately, but
there
>>>>> are a lot of micros on this report, so that was interesting to me.
>>>>>
>>>>> Much of it is because we either deliberately disabled dependabot for
>>>>> a GA (e.g. is some team manually manages the artifact as part of a
broader
>>>>> update strategy for whatever thing depends on it), or because we
explicitly
>>>>> closed a dependabot PR so some team could manually deal with that
artifact.
>>>>> All that's ok so long as teams don't forget.
>>>>>
>>>>> But there are a number of others that fail because dependabot fails
>>>>> trying to generate the upgrade PR. These all have the same symptom in
the
>>>>> dependabot log:
>>>>>
>>>>> Handled error whilst updating the_groupId:the_artifact_id:
>>>>> dependency_file_not_evaluatable {message: "ERROR: Invalid
expression:
>>>>> /project/groupId}.channel"}
>>>>>
>>>>> A gist at
>>>>> https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>>> has more details.
>>>>>
>>>>> I poked a bit at some of the various relevant poms and didn't
see
>>>>> anything about "groupId}.channel" so ???.
>>>>>
>>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>>> but that has the trailing 's', plus it's been there for
ages, plus I'd
>>>>> think if that was somehow problematic no dependabot PRs would work.
But we
>>>>> do get some.
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>
>>>>>> Component Upgrade Report
>>>>>>
>>>>>> Following repositories were searched:
>>>>>>
>>>>>> - Central https://repo1.maven.org/maven2/
>>>>>> - JBossPublic
>>>>>>
https://repository.jboss.org/nexus/content/repositories/public/
>>>>>>
>>>>>> Possible Component Upgrades
>>>>>> GAV New Version Repository Since
>>>>>> com.fasterxml:classmate:1.5.1
>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>>> com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
>>>>>> com.google.guava:guava:33.0.0-jre
>>>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>>> com.h2database:h2:2.2.224
>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>>> commons-codec:commons-codec:1.17.2
>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>>> commons-collections:commons-collections:3.2.2
>>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>>> commons-io:commons-io:2.16.1
>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>>> io.agroal:agroal-api:2.0
>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>>> io.github.resilience4j:resilience4j-core:2.2.0
>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>>> io.grpc:grpc-api:1.70.0
>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central 2024-02-07
>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>> io.netty:netty-bom:4.1.128.Final
>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>>
>>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central
>>>>>> 2025-07-09
>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central
2025-11-26
>>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>>> ↳ Very latest 3.1.0 Central new
>>>>>> io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>>> 3.0.4 Central 2024-07-03
>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>>> jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>>>
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>>> jakarta.validation:jakarta.validation-api:3.0.2
>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>>> joda-time:joda-time:2.12.7
>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
>>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
>>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central
>>>>>> 2025-10-29
>>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central
>>>>>> 2025-10-01
>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central
>>>>>> 2025-11-05
>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>>> org.assertj:assertj-bom:3.26.3
>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
>>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5
>>>>>> Central 2024-11-27
>>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8
>>>>>> Central new
>>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
>>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4
>>>>>> Central 2025-08-20
>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final
Central
>>>>>> new
>>>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final
Central
>>>>>> new
>>>>>>
>>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>>> org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>>> ↳ Very latest 16.0.3 Central new
>>>>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final
Central
>>>>>> 2025-11-12
>>>>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>>>>> org.junit:junit-bom:5.14.1
>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>>> org.ow2.asm:asm:9.7.1
>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final
Central
>>>>>> 2025-10-22
>>>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central
2025-07-24
>>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>>> 92 items
>>>>>>
>>>>>> Generated on 2025-12-03
>>>>>>
>>>>>> Report generated by Maven Dependency Updater
>>>>>> <https://github.com/jboss-set/maven-dependency-updater>
>>>>>> _______________________________________________
>>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>> List Archives:
>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Brian Stansberry
>>>>> Architect, JBoss EAP
>>>>> WildFly Project Lead
>>>>> He/Him/His
>>>>> _______________________________________________
>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>> To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
>>>>> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
>>>>> List Archives:
>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>
>>>>
>>>
>>> --
>>> Brian Stansberry
>>> Architect, JBoss EAP
>>> WildFly Project Lead
>>> He/Him/His
>>>
>>
>>
>> --
>> Brian Stansberry
>> Collaborative Partner - IBM
>> Architect, JBoss EAP
>> WildFly Project Lead
>> He/Him/His
>>
>
>
> --
> Brian Stansberry
> Collaborative Partner - IBM
> Architect, JBoss EAP
> WildFly Project Lead
> He/Him/His
>
4:44 p.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Thanks, Rado!
https://github.com/wildfly/wildfly/actions/runs/21376865486 is running
On Mon, Jan 26, 2026 at 4:05 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
Brian, looks like I found the problem – the issue is that after 30
failed
runs all GitHub Actions stop. Can you perform one of the suggested
actions below to get us going for another 30 days and hopefully in the
meantime the above issues will be resolved?
From their website: Sometimes, due to misconfiguration or incompatible
versions, Dependabot jobs for a repository will fail and Dependabot will
continue to run and continue to fail. Now, after 30 failed runs, Dependabot
will immediately fail subsequent scheduled jobs until you trigger a check
for updates from the dependency graph or by updating a manifest file.
Dependabot security update jobs will still trigger as usual.
Thanks,
Rado
On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
> Just to share where we stand on fixing this upstream, the issue has been
> raised as https://github.com/dependabot/dependabot-core/issues/13713
> and there is already a fix available at
> https://github.com/dependabot/dependabot-core/pull/13746
>
> I asked if there is something we can do to help move this forward.
>
> Also, just to note, when I try to restart the dependabot workflows - they
> aren't re-runnable :-(
>
> > Warning: Dependabot workflows cannot be re-run. Retrigger this update
> via Dependabot instead.
>
> Rado
>
>
> On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry <bstansbe(a)redhat.com>
> wrote:
>
>> Looking at
>>
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
>> it looks like the last time a 'maven in' job ran was Dec 30. Since then
>> it's only 'github_actions in' jobs.
>>
>> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <bstansbe(a)redhat.com>
>> wrote:
>>
>>> I'm forking this into a separate thread as it looks like
dependabot's
>>> not submitting PRs at all to wildfly/wildfly in a number of weeks.
>>>
>>> I haven't looked into why.
>>>
>>> Until that is sorted please pay extra attention to these 'Possible
>>> component upgrades report' emails and be proactive about sending up
upgrade
>>> PRs in areas you are responsible for.
>>>
>>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <bstansbe(a)redhat.com>
>>> wrote:
>>>
>>>> Thanks, Rado! Hopefully the dependabot folks will figure it out.
>>>>
>>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar <rhusar(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Funny enough, I was investigating this too last week and concluded
>>>>> it's most likely a dependabot bug. It is a relatively common
problem that
>>>>> it stumbles with complicated projects and WildFly is inevitably a
>>>>> complicated project from a dependency perspective. It's not
uncommon for us
>>>>> to have to change pom.xml in a way that dependabot could work with
it.
>>>>> Which is much harder for projects like WF...
>>>>>
>>>>> The '{message: "ERROR: Invalid expression:
>>>>> /project/groupId}.channel"}' seemed to me to be a 'off
by 1 error'
>>>>> and it really meant channels, but then again, that line
>>>>> <channels.maven.groupId>${project.groupId}.channels
>>>>> </channels.maven.groupId> is there since 2024, which seems to
hint
>>>>> at something changing in dependabot.
>>>>>
>>>>> I ran out of options so I filed
>>>>> https://github.com/dependabot/dependabot-core/issues/13713 upstream.
>>>>> Feel free to add onto it.
>>>>>
>>>>> Rado
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev
<
>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>
>>>>>> I'm not asking anyone to do anything here; I'm just
recording some
>>>>>> info about a curiosity in case we eventually dig more into it.
>>>>>>
>>>>>> We've been getting relatively few dependabot PRs lately, but
there
>>>>>> are a lot of micros on this report, so that was interesting to
me.
>>>>>>
>>>>>> Much of it is because we either deliberately disabled dependabot
for
>>>>>> a GA (e.g. is some team manually manages the artifact as part of
a broader
>>>>>> update strategy for whatever thing depends on it), or because we
explicitly
>>>>>> closed a dependabot PR so some team could manually deal with that
artifact.
>>>>>> All that's ok so long as teams don't forget.
>>>>>>
>>>>>> But there are a number of others that fail because dependabot
fails
>>>>>> trying to generate the upgrade PR. These all have the same
symptom in the
>>>>>> dependabot log:
>>>>>>
>>>>>> Handled error whilst updating the_groupId:the_artifact_id:
>>>>>> dependency_file_not_evaluatable {message: "ERROR: Invalid
expression:
>>>>>> /project/groupId}.channel"}
>>>>>>
>>>>>> A gist at
>>>>>>
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>>>> has more details.
>>>>>>
>>>>>> I poked a bit at some of the various relevant poms and didn't
see
>>>>>> anything about "groupId}.channel" so ???.
>>>>>>
>>>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>>>> but that has the trailing 's', plus it's been there
for ages, plus I'd
>>>>>> think if that was somehow problematic no dependabot PRs would
work. But we
>>>>>> do get some.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev <
>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>
>>>>>>> Component Upgrade Report
>>>>>>>
>>>>>>> Following repositories were searched:
>>>>>>>
>>>>>>> - Central https://repo1.maven.org/maven2/
>>>>>>> - JBossPublic
>>>>>>>
https://repository.jboss.org/nexus/content/repositories/public/
>>>>>>>
>>>>>>> Possible Component Upgrades
>>>>>>> GAV New Version Repository Since
>>>>>>> com.fasterxml:classmate:1.5.1
>>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>>>> com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central 2025-09-17
>>>>>>> com.google.guava:guava:33.0.0-jre
>>>>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>>>> com.h2database:h2:2.2.224
>>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>>>> commons-codec:commons-codec:1.17.2
>>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>>>> commons-collections:commons-collections:3.2.2
>>>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>>>> commons-io:commons-io:2.16.1
>>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>>>> io.agroal:agroal-api:2.0
>>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>>>> io.github.resilience4j:resilience4j-core:2.2.0
>>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>>>> io.grpc:grpc-api:1.70.0
>>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central
2024-02-07
>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>> io.netty:netty-bom:4.1.128.Final
>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>>>
>>>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10 Central
>>>>>>> 2025-07-09
>>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central
2025-11-26
>>>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>>>> ↳ Very latest 3.1.0 Central new
>>>>>>>
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>>>> io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>>>> io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>>>
>>>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>>>> 3.0.4 Central 2024-07-03
>>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central 2025-09-24
>>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>>>> jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>>>>
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>>>> jakarta.validation:jakarta.validation-api:3.0.2
>>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>>>> joda-time:joda-time:2.12.7
>>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central 2025-10-15
>>>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
>>>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central
>>>>>>> 2025-10-29
>>>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3
Central
>>>>>>> 2025-10-01
>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2 Central
>>>>>>> 2025-11-05
>>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>>>> org.assertj:assertj-bom:3.26.3
>>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central 2024-08-21
>>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central 2025-09-24
>>>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4
8.15.5
>>>>>>> Central 2024-11-27
>>>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3
9.1.8
>>>>>>> Central new
>>>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central 2025-09-17
>>>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3
3.0.4
>>>>>>> Central 2025-08-20
>>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final 6.6.38.Final
Central
>>>>>>> new
>>>>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final
Central
>>>>>>> new
>>>>>>>
>>>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>>>> org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>>>> ↳ Very latest 16.0.3 Central new
>>>>>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final
Central
>>>>>>> 2025-11-12
>>>>>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>>>>>> org.junit:junit-bom:5.14.1
>>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>>>> org.ow2.asm:asm:9.7.1
>>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final
Central
>>>>>>> 2025-10-22
>>>>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central
2025-07-24
>>>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>>>> 92 items
>>>>>>>
>>>>>>> Generated on 2025-12-03
>>>>>>>
>>>>>>> Report generated by Maven Dependency Updater
>>>>>>>
<https://github.com/jboss-set/maven-dependency-updater>
>>>>>>> _______________________________________________
>>>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>>> List Archives:
>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Brian Stansberry
>>>>>> Architect, JBoss EAP
>>>>>> WildFly Project Lead
>>>>>> He/Him/His
>>>>>> _______________________________________________
>>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>> List Archives:
>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Brian Stansberry
>>>> Architect, JBoss EAP
>>>> WildFly Project Lead
>>>> He/Him/His
>>>>
>>>
>>>
>>> --
>>> Brian Stansberry
>>> Collaborative Partner - IBM
>>> Architect, JBoss EAP
>>> WildFly Project Lead
>>> He/Him/His
>>>
>>
>>
>> --
>> Brian Stansberry
>> Collaborative Partner - IBM
>> Architect, JBoss EAP
>> WildFly Project Lead
>> He/Him/His
>>
>
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
5:15 a.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
OK, thanks Brian. This kicked off so I handled *all* the newly opened 10
PRs with either merge or assignment to rightful owners.
Unfortunately CI failed us this time – #ci-servers > JDK21 problems?
<https://wildfly.zulipchat.com/#narrow/channel/174177-ci-servers/topic/JDK...
so
a lot of jobs are to be rerun.
Thanks,
Rado
On Mon, Jan 26, 2026 at 11:44 PM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
Thanks, Rado!
https://github.com/wildfly/wildfly/actions/runs/21376865486 is running
On Mon, Jan 26, 2026 at 4:05 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
> Brian, looks like I found the problem – the issue is that after 30 failed
> runs all GitHub Actions stop. Can you perform one of the suggested
> actions below to get us going for another 30 days and hopefully in the
> meantime the above issues will be resolved?
>
> From their website: Sometimes, due to misconfiguration or incompatible
> versions, Dependabot jobs for a repository will fail and Dependabot will
> continue to run and continue to fail. Now, after 30 failed runs, Dependabot
> will immediately fail subsequent scheduled jobs until you trigger a check
> for updates from the dependency graph or by updating a manifest file.
> Dependabot security update jobs will still trigger as usual.
>
> Thanks,
> Rado
>
>
> On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar <rhusar(a)redhat.com>
> wrote:
>
>> Just to share where we stand on fixing this upstream, the issue has been
>> raised as https://github.com/dependabot/dependabot-core/issues/13713
>> and there is already a fix available at
>> https://github.com/dependabot/dependabot-core/pull/13746
>>
>> I asked if there is something we can do to help move this forward.
>>
>> Also, just to note, when I try to restart the dependabot workflows -
>> they aren't re-runnable :-(
>>
>> > Warning: Dependabot workflows cannot be re-run. Retrigger this update
>> via Dependabot instead.
>>
>> Rado
>>
>>
>> On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry <bstansbe(a)redhat.com>
>> wrote:
>>
>>> Looking at
>>>
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
>>> it looks like the last time a 'maven in' job ran was Dec 30. Since
then
>>> it's only 'github_actions in' jobs.
>>>
>>> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <bstansbe(a)redhat.com>
>>> wrote:
>>>
>>>> I'm forking this into a separate thread as it looks like
dependabot's
>>>> not submitting PRs at all to wildfly/wildfly in a number of weeks.
>>>>
>>>> I haven't looked into why.
>>>>
>>>> Until that is sorted please pay extra attention to these 'Possible
>>>> component upgrades report' emails and be proactive about sending up
upgrade
>>>> PRs in areas you are responsible for.
>>>>
>>>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry
<bstansbe(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Thanks, Rado! Hopefully the dependabot folks will figure it out.
>>>>>
>>>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar
<rhusar(a)redhat.com>
>>>>> wrote:
>>>>>
>>>>>> Funny enough, I was investigating this too last week and
concluded
>>>>>> it's most likely a dependabot bug. It is a relatively common
problem that
>>>>>> it stumbles with complicated projects and WildFly is inevitably
a
>>>>>> complicated project from a dependency perspective. It's not
uncommon for us
>>>>>> to have to change pom.xml in a way that dependabot could work
with it.
>>>>>> Which is much harder for projects like WF...
>>>>>>
>>>>>> The '{message: "ERROR: Invalid expression:
>>>>>> /project/groupId}.channel"}' seemed to me to be a
'off by 1 error'
>>>>>> and it really meant channels, but then again, that line
>>>>>> <channels.maven.groupId>${project.groupId}.channels
>>>>>> </channels.maven.groupId> is there since 2024, which seems
to hint
>>>>>> at something changing in dependabot.
>>>>>>
>>>>>> I ran out of options so I filed
>>>>>> https://github.com/dependabot/dependabot-core/issues/13713
>>>>>> upstream. Feel free to add onto it.
>>>>>>
>>>>>> Rado
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via wildfly-dev
<
>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>
>>>>>>> I'm not asking anyone to do anything here; I'm just
recording some
>>>>>>> info about a curiosity in case we eventually dig more into
it.
>>>>>>>
>>>>>>> We've been getting relatively few dependabot PRs lately,
but there
>>>>>>> are a lot of micros on this report, so that was interesting
to me.
>>>>>>>
>>>>>>> Much of it is because we either deliberately disabled
>>>>>>> dependabot for a GA (e.g. is some team manually manages the
artifact as
>>>>>>> part of a broader update strategy for whatever thing depends
on it), or
>>>>>>> because we explicitly closed a dependabot PR so some team
could manually
>>>>>>> deal with that artifact. All that's ok so long as teams
don't forget.
>>>>>>>
>>>>>>> But there are a number of others that fail because dependabot
fails
>>>>>>> trying to generate the upgrade PR. These all have the same
symptom in the
>>>>>>> dependabot log:
>>>>>>>
>>>>>>> Handled error whilst updating the_groupId:the_artifact_id:
>>>>>>> dependency_file_not_evaluatable {message: "ERROR:
Invalid expression:
>>>>>>> /project/groupId}.channel"}
>>>>>>>
>>>>>>> A gist at
>>>>>>>
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>>>>> has more details.
>>>>>>>
>>>>>>> I poked a bit at some of the various relevant poms and
didn't see
>>>>>>> anything about "groupId}.channel" so ???.
>>>>>>>
>>>>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>>>>> but that has the trailing 's', plus it's been
there for ages, plus I'd
>>>>>>> think if that was somehow problematic no dependabot PRs would
work. But we
>>>>>>> do get some.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via wildfly-dev
<
>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>
>>>>>>>> Component Upgrade Report
>>>>>>>>
>>>>>>>> Following repositories were searched:
>>>>>>>>
>>>>>>>> - Central https://repo1.maven.org/maven2/
>>>>>>>> - JBossPublic
>>>>>>>>
https://repository.jboss.org/nexus/content/repositories/public/
>>>>>>>>
>>>>>>>> Possible Component Upgrades
>>>>>>>> GAV New Version Repository Since
>>>>>>>> com.fasterxml:classmate:1.5.1
>>>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>>>>> com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central
2025-09-17
>>>>>>>> com.google.guava:guava:33.0.0-jre
>>>>>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>>>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>>>>> com.h2database:h2:2.2.224
>>>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>>>>> commons-codec:commons-codec:1.17.2
>>>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>>>>> commons-collections:commons-collections:3.2.2
>>>>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>>>>> commons-io:commons-io:2.16.1
>>>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>>>>> io.agroal:agroal-api:2.0
>>>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>>>>> io.github.resilience4j:resilience4j-core:2.2.0
>>>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>>>>> io.grpc:grpc-api:1.70.0
>>>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central
2024-02-07
>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>>> io.netty:netty-bom:4.1.128.Final
>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>>>>
>>>>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>>>>> io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>>>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10
Central
>>>>>>>> 2025-07-09
>>>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3 Central
2025-11-26
>>>>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>>>>> ↳ Very latest 3.1.0 Central new
>>>>>>>>
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>>>>>
io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>>>>>
io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>>>>
>>>>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>>>>> 3.0.4 Central 2024-07-03
>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central
2025-09-24
>>>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>>>>> jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>>>>>
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>>>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>>>>> jakarta.validation:jakarta.validation-api:3.0.2
>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>>>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>>>>> joda-time:joda-time:2.12.7
>>>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central
2025-10-15
>>>>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>>>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central 2025-10-22
>>>>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1
Central
>>>>>>>> 2025-10-29
>>>>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>>>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>> org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3
Central
>>>>>>>> 2025-10-01
>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2
Central
>>>>>>>> 2025-11-05
>>>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>>>>> org.assertj:assertj-bom:3.26.3
>>>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central
2024-08-21
>>>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central
2025-09-24
>>>>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>>>>> org.elasticsearch.client:elasticsearch-rest-client:8.15.4
8.15.5
>>>>>>>> Central 2024-11-27
>>>>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>>>>> org.elasticsearch.client:elasticsearch-rest-client:9.1.3
9.1.8
>>>>>>>> Central new
>>>>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central
2025-09-17
>>>>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>>>>> org.glassfish.soteria:jakarta.security.enterprise:3.0.3
3.0.4
>>>>>>>> Central 2025-08-20
>>>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final
6.6.38.Final Central
>>>>>>>> new
>>>>>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final 7.1.11.Final
Central
>>>>>>>> new
>>>>>>>>
>>>>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>>>>> org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>>>>> ↳ Very latest 16.0.3 Central new
>>>>>>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final
10.1.3.Final
>>>>>>>> Central 2025-11-12
>>>>>>>> org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>>>>>>> org.junit:junit-bom:5.14.1
>>>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>>>>> org.ow2.asm:asm:9.7.1
>>>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>>>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final
1.5.2.Final Central
>>>>>>>> 2025-10-22
>>>>>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8 Central
2025-07-24
>>>>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>>>>> 92 items
>>>>>>>>
>>>>>>>> Generated on 2025-12-03
>>>>>>>>
>>>>>>>> Report generated by Maven Dependency Updater
>>>>>>>>
<https://github.com/jboss-set/maven-dependency-updater>
>>>>>>>> _______________________________________________
>>>>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>>>> List Archives:
>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Brian Stansberry
>>>>>>> Architect, JBoss EAP
>>>>>>> WildFly Project Lead
>>>>>>> He/Him/His
>>>>>>> _______________________________________________
>>>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>>> List Archives:
>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Brian Stansberry
>>>>> Architect, JBoss EAP
>>>>> WildFly Project Lead
>>>>> He/Him/His
>>>>>
>>>>
>>>>
>>>> --
>>>> Brian Stansberry
>>>> Collaborative Partner - IBM
>>>> Architect, JBoss EAP
>>>> WildFly Project Lead
>>>> He/Him/His
>>>>
>>>
>>>
>>> --
>>> Brian Stansberry
>>> Collaborative Partner - IBM
>>> Architect, JBoss EAP
>>> WildFly Project Lead
>>> He/Him/His
>>>
>>
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
9:55 a.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Good news, after the merge of the first workaround (
https://github.com/wildfly/wildfly/pull/19577) Dependabot hasn't run so I
triggered a run manually. It opened a couple new remaning PRs it didn't
before so I went ahead and assigned owners.
However, it hit more (last) problem which is parsing of the following:
<dependency>
<groupId>jdbcdrivers</groupId>
<artifactId>${ds.db}</artifactId>
<version>${ds.jdbc.driver.version}</version>
</dependency>
It appears this is also reported as
https://github.com/dependabot/dependabot-core/issues/13236 and probably
fixed by the same PR we are waiting for
https://github.com/dependabot/dependabot-core/pull/13746
https://github.com/dependabot/dependabot-core/issues/13236#issuecomment-3...
This time I am not sure if we have a viable workaround other than to create
a profile for each driver with fully defined dependencies.
Thoughts?
Rado
On Tue, Jan 27, 2026 at 12:15 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
OK, thanks Brian. This kicked off so I handled *all* the newly opened
10
PRs with either merge or assignment to rightful owners.
Unfortunately CI failed us this time – #ci-servers > JDK21 problems?
<https://wildfly.zulipchat.com/#narrow/channel/174177-ci-servers/topic/JDK...
so
a lot of jobs are to be rerun.
Thanks,
Rado
On Mon, Jan 26, 2026 at 11:44 PM Brian Stansberry <bstansbe(a)redhat.com>
wrote:
> Thanks, Rado!
>
> https://github.com/wildfly/wildfly/actions/runs/21376865486 is running
>
> On Mon, Jan 26, 2026 at 4:05 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
>
>> Brian, looks like I found the problem – the issue is that after 30
>> failed runs all GitHub Actions stop. Can you perform one of the suggested
>> actions below to get us going for another 30 days and hopefully in the
>> meantime the above issues will be resolved?
>>
>> From their website: Sometimes, due to misconfiguration or incompatible
>> versions, Dependabot jobs for a repository will fail and Dependabot will
>> continue to run and continue to fail. Now, after 30 failed runs, Dependabot
>> will immediately fail subsequent scheduled jobs until you trigger a check
>> for updates from the dependency graph or by updating a manifest file.
>> Dependabot security update jobs will still trigger as usual.
>>
>> Thanks,
>> Rado
>>
>>
>> On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar <rhusar(a)redhat.com>
>> wrote:
>>
>>> Just to share where we stand on fixing this upstream, the issue has
>>> been raised as
>>> https://github.com/dependabot/dependabot-core/issues/13713
>>> and there is already a fix available at
>>> https://github.com/dependabot/dependabot-core/pull/13746
>>>
>>> I asked if there is something we can do to help move this forward.
>>>
>>> Also, just to note, when I try to restart the dependabot workflows -
>>> they aren't re-runnable :-(
>>>
>>> > Warning: Dependabot workflows cannot be re-run. Retrigger this update
>>> via Dependabot instead.
>>>
>>> Rado
>>>
>>>
>>> On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry <bstansbe(a)redhat.com>
>>> wrote:
>>>
>>>> Looking at
>>>>
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
>>>> it looks like the last time a 'maven in' job ran was Dec 30.
Since then
>>>> it's only 'github_actions in' jobs.
>>>>
>>>> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry
<bstansbe(a)redhat.com>
>>>> wrote:
>>>>
>>>>> I'm forking this into a separate thread as it looks like
dependabot's
>>>>> not submitting PRs at all to wildfly/wildfly in a number of weeks.
>>>>>
>>>>> I haven't looked into why.
>>>>>
>>>>> Until that is sorted please pay extra attention to these
'Possible
>>>>> component upgrades report' emails and be proactive about sending
up upgrade
>>>>> PRs in areas you are responsible for.
>>>>>
>>>>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry
<bstansbe(a)redhat.com>
>>>>> wrote:
>>>>>
>>>>>> Thanks, Rado! Hopefully the dependabot folks will figure it out.
>>>>>>
>>>>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar
<rhusar(a)redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Funny enough, I was investigating this too last week and
concluded
>>>>>>> it's most likely a dependabot bug. It is a relatively
common problem that
>>>>>>> it stumbles with complicated projects and WildFly is
inevitably a
>>>>>>> complicated project from a dependency perspective. It's
not uncommon for us
>>>>>>> to have to change pom.xml in a way that dependabot could work
with it.
>>>>>>> Which is much harder for projects like WF...
>>>>>>>
>>>>>>> The '{message: "ERROR: Invalid expression:
>>>>>>> /project/groupId}.channel"}' seemed to me to be a
'off by 1 error'
>>>>>>> and it really meant channels, but then again, that line
>>>>>>> <channels.maven.groupId>${project.groupId}.channels
>>>>>>> </channels.maven.groupId> is there since 2024, which
seems to hint
>>>>>>> at something changing in dependabot.
>>>>>>>
>>>>>>> I ran out of options so I filed
>>>>>>> https://github.com/dependabot/dependabot-core/issues/13713
>>>>>>> upstream. Feel free to add onto it.
>>>>>>>
>>>>>>> Rado
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via
wildfly-dev <
>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>
>>>>>>>> I'm not asking anyone to do anything here; I'm
just recording some
>>>>>>>> info about a curiosity in case we eventually dig more
into it.
>>>>>>>>
>>>>>>>> We've been getting relatively few dependabot PRs
lately, but there
>>>>>>>> are a lot of micros on this report, so that was
interesting to me.
>>>>>>>>
>>>>>>>> Much of it is because we either deliberately disabled
>>>>>>>> dependabot for a GA (e.g. is some team manually manages
the artifact as
>>>>>>>> part of a broader update strategy for whatever thing
depends on it), or
>>>>>>>> because we explicitly closed a dependabot PR so some team
could manually
>>>>>>>> deal with that artifact. All that's ok so long as
teams don't forget.
>>>>>>>>
>>>>>>>> But there are a number of others that fail because
dependabot
>>>>>>>> fails trying to generate the upgrade PR. These all have
the same symptom in
>>>>>>>> the dependabot log:
>>>>>>>>
>>>>>>>> Handled error whilst updating
the_groupId:the_artifact_id:
>>>>>>>> dependency_file_not_evaluatable {message: "ERROR:
Invalid expression:
>>>>>>>> /project/groupId}.channel"}
>>>>>>>>
>>>>>>>> A gist at
>>>>>>>>
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>>>>>> has more details.
>>>>>>>>
>>>>>>>> I poked a bit at some of the various relevant poms and
didn't see
>>>>>>>> anything about "groupId}.channel" so ???.
>>>>>>>>
>>>>>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>>>>>> but that has the trailing 's', plus it's been
there for ages, plus I'd
>>>>>>>> think if that was somehow problematic no dependabot PRs
would work. But we
>>>>>>>> do get some.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via
wildfly-dev <
>>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>>
>>>>>>>>> Component Upgrade Report
>>>>>>>>>
>>>>>>>>> Following repositories were searched:
>>>>>>>>>
>>>>>>>>> - Central https://repo1.maven.org/maven2/
>>>>>>>>> - JBossPublic
>>>>>>>>>
https://repository.jboss.org/nexus/content/repositories/public/
>>>>>>>>>
>>>>>>>>> Possible Component Upgrades
>>>>>>>>> GAV New Version Repository Since
>>>>>>>>> com.fasterxml:classmate:1.5.1
>>>>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>>>>>> com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>>>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central
2025-09-17
>>>>>>>>> com.google.guava:guava:33.0.0-jre
>>>>>>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>>>>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>>>>>> com.h2database:h2:2.2.224
>>>>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>>>>>> commons-codec:commons-codec:1.17.2
>>>>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>>>>>> commons-collections:commons-collections:3.2.2
>>>>>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>>>>>> commons-io:commons-io:2.16.1
>>>>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>>>>>> io.agroal:agroal-api:2.0
>>>>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>>>>>> io.github.resilience4j:resilience4j-core:2.2.0
>>>>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>>>>>> io.grpc:grpc-api:1.70.0
>>>>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final Central
2024-02-07
>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>>>> io.netty:netty-bom:4.1.128.Final
>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>>>>>
>>>>>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>>>>>>
io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>>>>>> io.prometheus:prometheus-metrics-config:1.3.3 1.3.10
Central
>>>>>>>>> 2025-07-09
>>>>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>>>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3
Central 2025-11-26
>>>>>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>>>>>> ↳ Very latest 3.1.0 Central new
>>>>>>>>>
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>>>>>> jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>>>>>
>>>>>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>>>>>> 3.0.4 Central 2024-07-03
>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central
2025-09-24
>>>>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>>>>>> jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>>>>>>
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>>>>>> jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>>>>>> jakarta.validation:jakarta.validation-api:3.0.2
>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>>>>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>>>>>> joda-time:joda-time:2.12.7
>>>>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central
2025-10-15
>>>>>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central 2024-08-14
>>>>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central
2025-10-22
>>>>>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>>>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1
Central
>>>>>>>>> 2025-10-29
>>>>>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>>>>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>>>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>> org.apache.lucene:lucene-analysis-common:9.12.2
9.12.3 Central
>>>>>>>>> 2025-10-01
>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0 2.3.2
Central
>>>>>>>>> 2025-11-05
>>>>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>>>>>> org.assertj:assertj-bom:3.26.3
>>>>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central
2024-08-21
>>>>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central
2025-09-24
>>>>>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5
>>>>>>>>> Central 2024-11-27
>>>>>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8
>>>>>>>>> Central new
>>>>>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central
2025-09-17
>>>>>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>>>>>>
org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4
>>>>>>>>> Central 2025-08-20
>>>>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final
6.6.38.Final
>>>>>>>>> Central new
>>>>>>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>>>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final
7.1.11.Final Central
>>>>>>>>> new
>>>>>>>>>
>>>>>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>>>>>>
org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>>>>>> ↳ Very latest 16.0.3 Central new
>>>>>>>>> org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>>>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final
10.1.3.Final
>>>>>>>>> Central 2025-11-12
>>>>>>>>>
org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>>>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>>>>>>>> org.junit:junit-bom:5.14.1
>>>>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>>>>>> org.ow2.asm:asm:9.7.1
>>>>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>>>>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>>>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>>>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>>>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final
1.5.2.Final
>>>>>>>>> Central 2025-10-22
>>>>>>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8
Central
>>>>>>>>> 2025-07-24
>>>>>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>>>>>> 92 items
>>>>>>>>>
>>>>>>>>> Generated on 2025-12-03
>>>>>>>>>
>>>>>>>>> Report generated by Maven Dependency Updater
>>>>>>>>>
<https://github.com/jboss-set/maven-dependency-updater>
>>>>>>>>> _______________________________________________
>>>>>>>>> wildfly-dev mailing list --
wildfly-dev(a)lists.jboss.org
>>>>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>>>>> List Archives:
>>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Brian Stansberry
>>>>>>>> Architect, JBoss EAP
>>>>>>>> WildFly Project Lead
>>>>>>>> He/Him/His
>>>>>>>> _______________________________________________
>>>>>>>> wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
>>>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>>>> List Archives:
>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Brian Stansberry
>>>>>> Architect, JBoss EAP
>>>>>> WildFly Project Lead
>>>>>> He/Him/His
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Brian Stansberry
>>>>> Collaborative Partner - IBM
>>>>> Architect, JBoss EAP
>>>>> WildFly Project Lead
>>>>> He/Him/His
>>>>>
>>>>
>>>>
>>>> --
>>>> Brian Stansberry
>>>> Collaborative Partner - IBM
>>>> Architect, JBoss EAP
>>>> WildFly Project Lead
>>>> He/Him/His
>>>>
>>>
>
> --
> Brian Stansberry
> Collaborative Partner - IBM
> Architect, JBoss EAP
> WildFly Project Lead
> He/Him/His
>
10:53 a.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Thanks, Rado. And thanks for https://issues.redhat.com/browse/WFLY-21429 to
track the driver problem.
I tried to ping some folks who are more familiar with the use cases around
these database driver profiles; we'll see what they say.
I see that the various ds=xxx profiles are unchanged since summer of 2012.
So, unless the users of these are also using -Dds.jdbc.driver.version, they
may be cruft.
Best regards,
Brian
On Mon, Feb 2, 2026 at 9:55 AM Radoslav Husar <rhusar(a)redhat.com> wrote:
Good news, after the merge of the first workaround (
https://github.com/wildfly/wildfly/pull/19577) Dependabot hasn't run so I
triggered a run manually. It opened a couple new remaning PRs it didn't
before so I went ahead and assigned owners.
However, it hit more (last) problem which is parsing of the following:
<dependency>
<groupId>jdbcdrivers</groupId>
<artifactId>${ds.db}</artifactId>
<version>${ds.jdbc.driver.version}</version>
</dependency>
It appears this is also reported as
https://github.com/dependabot/dependabot-core/issues/13236 and probably
fixed by the same PR we are waiting for
https://github.com/dependabot/dependabot-core/pull/13746
https://github.com/dependabot/dependabot-core/issues/13236#issuecomment-3...
This time I am not sure if we have a viable workaround other than to
create a profile for each driver with fully defined dependencies.
Thoughts?
Rado
On Tue, Jan 27, 2026 at 12:15 PM Radoslav Husar <rhusar(a)redhat.com> wrote:
> OK, thanks Brian. This kicked off so I handled *all* the newly opened 10
> PRs with either merge or assignment to rightful owners.
>
> Unfortunately CI failed us this time – #ci-servers > JDK21 problems?
>
<https://wildfly.zulipchat.com/#narrow/channel/174177-ci-servers/topic/JDK...
so
> a lot of jobs are to be rerun.
>
> Thanks,
> Rado
>
> On Mon, Jan 26, 2026 at 11:44 PM Brian Stansberry <bstansbe(a)redhat.com>
> wrote:
>
>> Thanks, Rado!
>>
>> https://github.com/wildfly/wildfly/actions/runs/21376865486 is running
>>
>> On Mon, Jan 26, 2026 at 4:05 PM Radoslav Husar <rhusar(a)redhat.com>
>> wrote:
>>
>>> Brian, looks like I found the problem – the issue is that after 30
>>> failed runs all GitHub Actions stop. Can you perform one of the suggested
>>> actions below to get us going for another 30 days and hopefully in the
>>> meantime the above issues will be resolved?
>>>
>>> From their website: Sometimes, due to misconfiguration or incompatible
>>> versions, Dependabot jobs for a repository will fail and Dependabot will
>>> continue to run and continue to fail. Now, after 30 failed runs, Dependabot
>>> will immediately fail subsequent scheduled jobs until you trigger a check
>>> for updates from the dependency graph or by updating a manifest file.
>>> Dependabot security update jobs will still trigger as usual.
>>>
>>> Thanks,
>>> Rado
>>>
>>>
>>> On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar <rhusar(a)redhat.com>
>>> wrote:
>>>
>>>> Just to share where we stand on fixing this upstream, the issue has
>>>> been raised as
>>>> https://github.com/dependabot/dependabot-core/issues/13713
>>>> and there is already a fix available at
>>>> https://github.com/dependabot/dependabot-core/pull/13746
>>>>
>>>> I asked if there is something we can do to help move this forward.
>>>>
>>>> Also, just to note, when I try to restart the dependabot workflows -
>>>> they aren't re-runnable :-(
>>>>
>>>> > Warning: Dependabot workflows cannot be re-run. Retrigger this
>>>> update via Dependabot instead.
>>>>
>>>> Rado
>>>>
>>>>
>>>> On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry
<bstansbe(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Looking at
>>>>>
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
>>>>> it looks like the last time a 'maven in' job ran was Dec 30.
Since then
>>>>> it's only 'github_actions in' jobs.
>>>>>
>>>>> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry
<bstansbe(a)redhat.com>
>>>>> wrote:
>>>>>
>>>>>> I'm forking this into a separate thread as it looks like
>>>>>> dependabot's not submitting PRs at all to wildfly/wildfly in
a number of
>>>>>> weeks.
>>>>>>
>>>>>> I haven't looked into why.
>>>>>>
>>>>>> Until that is sorted please pay extra attention to these
'Possible
>>>>>> component upgrades report' emails and be proactive about
sending up upgrade
>>>>>> PRs in areas you are responsible for.
>>>>>>
>>>>>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <
>>>>>> bstansbe(a)redhat.com> wrote:
>>>>>>
>>>>>>> Thanks, Rado! Hopefully the dependabot folks will figure it
out.
>>>>>>>
>>>>>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar
<rhusar(a)redhat.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Funny enough, I was investigating this too last week and
concluded
>>>>>>>> it's most likely a dependabot bug. It is a relatively
common problem that
>>>>>>>> it stumbles with complicated projects and WildFly is
inevitably a
>>>>>>>> complicated project from a dependency perspective.
It's not uncommon for us
>>>>>>>> to have to change pom.xml in a way that dependabot could
work with it.
>>>>>>>> Which is much harder for projects like WF...
>>>>>>>>
>>>>>>>> The '{message: "ERROR: Invalid expression:
>>>>>>>> /project/groupId}.channel"}' seemed to me to be
a 'off by 1
>>>>>>>> error' and it really meant channels, but then again,
that line
>>>>>>>>
<channels.maven.groupId>${project.groupId}.channels
>>>>>>>> </channels.maven.groupId> is there since 2024,
which seems to
>>>>>>>> hint at something changing in dependabot.
>>>>>>>>
>>>>>>>> I ran out of options so I filed
>>>>>>>>
https://github.com/dependabot/dependabot-core/issues/13713
>>>>>>>> upstream. Feel free to add onto it.
>>>>>>>>
>>>>>>>> Rado
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via
wildfly-dev <
>>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>>
>>>>>>>>> I'm not asking anyone to do anything here;
I'm just recording
>>>>>>>>> some info about a curiosity in case we eventually dig
more into it.
>>>>>>>>>
>>>>>>>>> We've been getting relatively few dependabot PRs
lately, but
>>>>>>>>> there are a lot of micros on this report, so that was
interesting to me.
>>>>>>>>>
>>>>>>>>> Much of it is because we either deliberately
disabled
>>>>>>>>> dependabot for a GA (e.g. is some team manually
manages the artifact as
>>>>>>>>> part of a broader update strategy for whatever thing
depends on it), or
>>>>>>>>> because we explicitly closed a dependabot PR so some
team could manually
>>>>>>>>> deal with that artifact. All that's ok so long as
teams don't forget.
>>>>>>>>>
>>>>>>>>> But there are a number of others that fail because
dependabot
>>>>>>>>> fails trying to generate the upgrade PR. These all
have the same symptom in
>>>>>>>>> the dependabot log:
>>>>>>>>>
>>>>>>>>> Handled error whilst updating
the_groupId:the_artifact_id:
>>>>>>>>> dependency_file_not_evaluatable {message:
"ERROR: Invalid expression:
>>>>>>>>> /project/groupId}.channel"}
>>>>>>>>>
>>>>>>>>> A gist at
>>>>>>>>>
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>>>>>>> has more details.
>>>>>>>>>
>>>>>>>>> I poked a bit at some of the various relevant poms
and didn't see
>>>>>>>>> anything about "groupId}.channel" so ???.
>>>>>>>>>
>>>>>>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>>>>>>> but that has the trailing 's', plus it's
been there for ages, plus I'd
>>>>>>>>> think if that was somehow problematic no dependabot
PRs would work. But we
>>>>>>>>> do get some.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via
wildfly-dev <
>>>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>>>
>>>>>>>>>> Component Upgrade Report
>>>>>>>>>>
>>>>>>>>>> Following repositories were searched:
>>>>>>>>>>
>>>>>>>>>> - Central https://repo1.maven.org/maven2/
>>>>>>>>>> - JBossPublic
>>>>>>>>>>
https://repository.jboss.org/nexus/content/repositories/public/
>>>>>>>>>>
>>>>>>>>>> Possible Component Upgrades
>>>>>>>>>> GAV New Version Repository Since
>>>>>>>>>> com.fasterxml:classmate:1.5.1
>>>>>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>>>>>>>
com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>>>>>>> com.google.code.gson:gson:2.13.1 2.13.2 Central
2025-09-17
>>>>>>>>>> com.google.guava:guava:33.0.0-jre
>>>>>>>>>> ↳ Minor upgrade 33.5.0-jre Central 2025-09-24
>>>>>>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>>>>>>> com.h2database:h2:2.2.224
>>>>>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>>>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>>>>>>> commons-codec:commons-codec:1.17.2
>>>>>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>>>>>>> commons-collections:commons-collections:3.2.2
>>>>>>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>>>>>>> commons-io:commons-io:2.16.1
>>>>>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>>>>>>> io.agroal:agroal-api:2.0
>>>>>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>>>>>>> io.github.resilience4j:resilience4j-core:2.2.0
>>>>>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>>>>>>> io.grpc:grpc-api:1.70.0
>>>>>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>>>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final
Central 2024-02-07
>>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>>>>> io.netty:netty-bom:4.1.128.Final
>>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central 2025-10-15
>>>>>>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>>>>>>
>>>>>>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>>>>>>>
io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>>>>>>> io.prometheus:prometheus-metrics-config:1.3.3
1.3.10 Central
>>>>>>>>>> 2025-07-09
>>>>>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>>>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>>>>>>> io.smallrye:smallrye-open-api-core:4.2.1 4.2.3
Central
>>>>>>>>>> 2025-11-26
>>>>>>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>>>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>>>>>>> ↳ Very latest 3.1.0 Central new
>>>>>>>>>>
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>>>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>>>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>>> jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>>>>>>>
jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>>>>>>>
jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>>>>>>
>>>>>>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>>>>>>> 3.0.4 Central 2024-07-03
>>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>>>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>>>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5 Central
2025-09-24
>>>>>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>>>>>>>
jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>>>>>>>
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>>>>>>>
jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>>>>>>> jakarta.validation:jakarta.validation-api:3.0.2
>>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>>>>>>> jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>>>>>>> joda-time:joda-time:2.12.7
>>>>>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>>>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8 Central
2025-10-15
>>>>>>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>>>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central
2024-08-14
>>>>>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central
2025-10-22
>>>>>>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>>>>>>> org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0
4.1.1 Central
>>>>>>>>>> 2025-10-29
>>>>>>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>>>>>>> org.apache.lucene:lucene-analysis-common:9.11.1
>>>>>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>>> org.apache.lucene:lucene-analysis-common:9.12.2
9.12.3 Central
>>>>>>>>>> 2025-10-01
>>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0
2.3.2 Central
>>>>>>>>>> 2025-11-05
>>>>>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>>>>>>> org.assertj:assertj-bom:3.26.3
>>>>>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7 Central
2024-08-21
>>>>>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5 Central
2025-09-24
>>>>>>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>>>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:8.15.4 8.15.5
>>>>>>>>>> Central 2024-11-27
>>>>>>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8
>>>>>>>>>> Central new
>>>>>>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>>>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4 Central
2025-09-17
>>>>>>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>>>>>>>
org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4
>>>>>>>>>> Central 2025-08-20
>>>>>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final
6.6.38.Final
>>>>>>>>>> Central new
>>>>>>>>>> ↳ Very latest 7.1.11.Final Central 2025-12-03
>>>>>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final
7.1.11.Final
>>>>>>>>>> Central new
>>>>>>>>>>
>>>>>>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>>>>>>>
org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>>>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>>>>>>> ↳ Very latest 16.0.3 Central new
>>>>>>>>>>
org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>>>>>>> org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final
10.1.3.Final
>>>>>>>>>> Central 2025-11-12
>>>>>>>>>>
org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>>>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>>>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>>>>>>> ↳ Minor upgrade 5.5.1.Final Central 2025-11-12
>>>>>>>>>> org.junit:junit-bom:5.14.1
>>>>>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>>>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>>>>>>> org.ow2.asm:asm:9.7.1
>>>>>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>>>>>>> org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>>>>>>> ↳ Minor upgrade 1.1.0.Final Central 2024-02-07
>>>>>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>>>>>>> org.wildfly.glow:wildfly-glow-core:1.5.1.Final
1.5.2.Final
>>>>>>>>>> Central 2025-10-22
>>>>>>>>>> org.xerial.snappy:snappy-java:1.1.10.5 1.1.10.8
Central
>>>>>>>>>> 2025-07-24
>>>>>>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>>>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>>>>>>> 92 items
>>>>>>>>>>
>>>>>>>>>> Generated on 2025-12-03
>>>>>>>>>>
>>>>>>>>>> Report generated by Maven Dependency Updater
>>>>>>>>>>
<https://github.com/jboss-set/maven-dependency-updater>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> wildfly-dev mailing list --
wildfly-dev(a)lists.jboss.org
>>>>>>>>>> To unsubscribe send an email to
>>>>>>>>>> wildfly-dev-leave(a)lists.jboss.org
>>>>>>>>>> Privacy Statement:
>>>>>>>>>> https://www.redhat.com/en/about/privacy-policy
>>>>>>>>>> List Archives:
>>>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Brian Stansberry
>>>>>>>>> Architect, JBoss EAP
>>>>>>>>> WildFly Project Lead
>>>>>>>>> He/Him/His
>>>>>>>>> _______________________________________________
>>>>>>>>> wildfly-dev mailing list --
wildfly-dev(a)lists.jboss.org
>>>>>>>>> To unsubscribe send an email to
wildfly-dev-leave(a)lists.jboss.org
>>>>>>>>> Privacy Statement:
https://www.redhat.com/en/about/privacy-policy
>>>>>>>>> List Archives:
>>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Brian Stansberry
>>>>>>> Architect, JBoss EAP
>>>>>>> WildFly Project Lead
>>>>>>> He/Him/His
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Brian Stansberry
>>>>>> Collaborative Partner - IBM
>>>>>> Architect, JBoss EAP
>>>>>> WildFly Project Lead
>>>>>> He/Him/His
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Brian Stansberry
>>>>> Collaborative Partner - IBM
>>>>> Architect, JBoss EAP
>>>>> WildFly Project Lead
>>>>> He/Him/His
>>>>>
>>>>
>>
>> --
>> Brian Stansberry
>> Collaborative Partner - IBM
>> Architect, JBoss EAP
>> WildFly Project Lead
>> He/Him/His
>>
>
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
8:38 a.m.
New subject: Removing unused database switch Maven profiles WAS: Re: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Brief update on this: we can get rid of the whole set of profiles that
define this dependency, see https://issues.redhat.com/browse/WFLY-21431
Jan and Ondra confirmed that DB certification is now done using jboss.dist
property and provisioning the server with the DS and the driver
preconfigured. Which makes a lot of sense to me.
Given I/we wanted to see this cleaned up, I went ahead last night and fixed
this in a PR here: https://github.com/wildfly/wildfly/pull/19601
I invite possible users of this profile (which honestly I dont think can
work anymore since the XSLT files required to use these profiles do not
exist any more) to speak up if they still need any of this.
Thanks for spotting this Brian!
Cheers,
Rado
On Mon, Feb 2, 2026 at 5:54 PM Brian Stansberry <bstansbe(a)redhat.com> wrote:
Thanks, Rado. And thanks for
https://issues.redhat.com/browse/WFLY-21429
to track the driver problem.
I tried to ping some folks who are more familiar with the use cases around
these database driver profiles; we'll see what they say.
I see that the various ds=xxx profiles are unchanged since summer of 2012.
So, unless the users of these are also using -Dds.jdbc.driver.version,
they may be cruft.
Best regards,
Brian
On Mon, Feb 2, 2026 at 9:55 AM Radoslav Husar <rhusar(a)redhat.com> wrote:
> Good news, after the merge of the first workaround (
> https://github.com/wildfly/wildfly/pull/19577) Dependabot hasn't run so
> I triggered a run manually. It opened a couple new remaning PRs it didn't
> before so I went ahead and assigned owners.
>
> However, it hit more (last) problem which is parsing of the following:
>
> <dependency>
> <groupId>jdbcdrivers</groupId>
> <artifactId>${ds.db}</artifactId>
> <version>${ds.jdbc.driver.version}</version>
> </dependency>
>
>
> It appears this is also reported as
> https://github.com/dependabot/dependabot-core/issues/13236 and probably
> fixed by the same PR we are waiting for
> https://github.com/dependabot/dependabot-core/pull/13746
>
>
> https://github.com/dependabot/dependabot-core/issues/13236#issuecomment-3...
>
> This time I am not sure if we have a viable workaround other than to
> create a profile for each driver with fully defined dependencies.
>
> Thoughts?
>
> Rado
>
>
> On Tue, Jan 27, 2026 at 12:15 PM Radoslav Husar <rhusar(a)redhat.com>
> wrote:
>
>> OK, thanks Brian. This kicked off so I handled *all* the newly opened 10
>> PRs with either merge or assignment to rightful owners.
>>
>> Unfortunately CI failed us this time – #ci-servers > JDK21 problems?
>>
<https://wildfly.zulipchat.com/#narrow/channel/174177-ci-servers/topic/JDK...
so
>> a lot of jobs are to be rerun.
>>
>> Thanks,
>> Rado
>>
>> On Mon, Jan 26, 2026 at 11:44 PM Brian Stansberry <bstansbe(a)redhat.com>
>> wrote:
>>
>>> Thanks, Rado!
>>>
>>> https://github.com/wildfly/wildfly/actions/runs/21376865486 is running
>>>
>>> On Mon, Jan 26, 2026 at 4:05 PM Radoslav Husar <rhusar(a)redhat.com>
>>> wrote:
>>>
>>>> Brian, looks like I found the problem – the issue is that after 30
>>>> failed runs all GitHub Actions stop. Can you perform one of the
suggested
>>>> actions below to get us going for another 30 days and hopefully in the
>>>> meantime the above issues will be resolved?
>>>>
>>>> From their website: Sometimes, due to misconfiguration or incompatible
>>>> versions, Dependabot jobs for a repository will fail and Dependabot will
>>>> continue to run and continue to fail. Now, after 30 failed runs,
Dependabot
>>>> will immediately fail subsequent scheduled jobs until you trigger a
check
>>>> for updates from the dependency graph or by updating a manifest file.
>>>> Dependabot security update jobs will still trigger as usual.
>>>>
>>>> Thanks,
>>>> Rado
>>>>
>>>>
>>>> On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar
<rhusar(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Just to share where we stand on fixing this upstream, the issue has
>>>>> been raised as
>>>>> https://github.com/dependabot/dependabot-core/issues/13713
>>>>> and there is already a fix available at
>>>>> https://github.com/dependabot/dependabot-core/pull/13746
>>>>>
>>>>> I asked if there is something we can do to help move this forward.
>>>>>
>>>>> Also, just to note, when I try to restart the dependabot workflows -
>>>>> they aren't re-runnable :-(
>>>>>
>>>>> > Warning: Dependabot workflows cannot be re-run. Retrigger this
>>>>> update via Dependabot instead.
>>>>>
>>>>> Rado
>>>>>
>>>>>
>>>>> On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry
<bstansbe(a)redhat.com>
>>>>> wrote:
>>>>>
>>>>>> Looking at
>>>>>>
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
>>>>>> it looks like the last time a 'maven in' job ran was Dec
30. Since then
>>>>>> it's only 'github_actions in' jobs.
>>>>>>
>>>>>> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <
>>>>>> bstansbe(a)redhat.com> wrote:
>>>>>>
>>>>>>> I'm forking this into a separate thread as it looks like
>>>>>>> dependabot's not submitting PRs at all to wildfly/wildfly
in a number of
>>>>>>> weeks.
>>>>>>>
>>>>>>> I haven't looked into why.
>>>>>>>
>>>>>>> Until that is sorted please pay extra attention to these
'Possible
>>>>>>> component upgrades report' emails and be proactive about
sending up upgrade
>>>>>>> PRs in areas you are responsible for.
>>>>>>>
>>>>>>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <
>>>>>>> bstansbe(a)redhat.com> wrote:
>>>>>>>
>>>>>>>> Thanks, Rado! Hopefully the dependabot folks will figure
it out.
>>>>>>>>
>>>>>>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar
<rhusar(a)redhat.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Funny enough, I was investigating this too last week
and
>>>>>>>>> concluded it's most likely a dependabot bug. It
is a relatively common
>>>>>>>>> problem that it stumbles with complicated projects
and WildFly is
>>>>>>>>> inevitably a complicated project from a dependency
perspective. It's not
>>>>>>>>> uncommon for us to have to change pom.xml in a way
that dependabot could
>>>>>>>>> work with it. Which is much harder for projects like
WF...
>>>>>>>>>
>>>>>>>>> The '{message: "ERROR: Invalid expression:
>>>>>>>>> /project/groupId}.channel"}' seemed to me to
be a 'off by 1
>>>>>>>>> error' and it really meant channels, but then
again, that line
>>>>>>>>>
<channels.maven.groupId>${project.groupId}.channels
>>>>>>>>> </channels.maven.groupId> is there since 2024,
which seems to
>>>>>>>>> hint at something changing in dependabot.
>>>>>>>>>
>>>>>>>>> I ran out of options so I filed
>>>>>>>>>
https://github.com/dependabot/dependabot-core/issues/13713
>>>>>>>>> upstream. Feel free to add onto it.
>>>>>>>>>
>>>>>>>>> Rado
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via
wildfly-dev <
>>>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>>>
>>>>>>>>>> I'm not asking anyone to do anything here;
I'm just recording
>>>>>>>>>> some info about a curiosity in case we eventually
dig more into it.
>>>>>>>>>>
>>>>>>>>>> We've been getting relatively few dependabot
PRs lately, but
>>>>>>>>>> there are a lot of micros on this report, so that
was interesting to me.
>>>>>>>>>>
>>>>>>>>>> Much of it is because we either deliberately
disabled
>>>>>>>>>> dependabot for a GA (e.g. is some team manually
manages the artifact as
>>>>>>>>>> part of a broader update strategy for whatever
thing depends on it), or
>>>>>>>>>> because we explicitly closed a dependabot PR so
some team could manually
>>>>>>>>>> deal with that artifact. All that's ok so
long as teams don't forget.
>>>>>>>>>>
>>>>>>>>>> But there are a number of others that fail
because dependabot
>>>>>>>>>> fails trying to generate the upgrade PR. These
all have the same symptom in
>>>>>>>>>> the dependabot log:
>>>>>>>>>>
>>>>>>>>>> Handled error whilst updating
the_groupId:the_artifact_id:
>>>>>>>>>> dependency_file_not_evaluatable {message:
"ERROR: Invalid expression:
>>>>>>>>>> /project/groupId}.channel"}
>>>>>>>>>>
>>>>>>>>>> A gist at
>>>>>>>>>>
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>>>>>>>> has more details.
>>>>>>>>>>
>>>>>>>>>> I poked a bit at some of the various relevant
poms and didn't
>>>>>>>>>> see anything about "groupId}.channel"
so ???.
>>>>>>>>>>
>>>>>>>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>>>>>>>> but that has the trailing 's', plus
it's been there for ages, plus I'd
>>>>>>>>>> think if that was somehow problematic no
dependabot PRs would work. But we
>>>>>>>>>> do get some.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via
wildfly-dev <
>>>>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Component Upgrade Report
>>>>>>>>>>>
>>>>>>>>>>> Following repositories were searched:
>>>>>>>>>>>
>>>>>>>>>>> - Central https://repo1.maven.org/maven2/
>>>>>>>>>>> - JBossPublic
>>>>>>>>>>>
https://repository.jboss.org/nexus/content/repositories/public/
>>>>>>>>>>>
>>>>>>>>>>> Possible Component Upgrades
>>>>>>>>>>> GAV New Version Repository Since
>>>>>>>>>>> com.fasterxml:classmate:1.5.1
>>>>>>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>>>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>>>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>>>>>>>>
com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>>>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>>>>>>>> com.google.code.gson:gson:2.13.1 2.13.2
Central 2025-09-17
>>>>>>>>>>> com.google.guava:guava:33.0.0-jre
>>>>>>>>>>> ↳ Minor upgrade 33.5.0-jre Central
2025-09-24
>>>>>>>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>>>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>>>>>>>> com.h2database:h2:2.2.224
>>>>>>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>>>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>>>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>>>>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>>>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>>>>>>>> commons-codec:commons-codec:1.17.2
>>>>>>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>>>>>>>>
commons-collections:commons-collections:3.2.2
>>>>>>>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>>>>>>>> commons-io:commons-io:2.16.1
>>>>>>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>>>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>>>>>>>> io.agroal:agroal-api:2.0
>>>>>>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>>>>>>>>
io.github.resilience4j:resilience4j-core:2.2.0
>>>>>>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>>>>>>>> io.grpc:grpc-api:1.70.0
>>>>>>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>>>>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>>>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>>>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final
Central 2024-02-07
>>>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central
2025-10-15
>>>>>>>>>>> io.netty:netty-bom:4.1.128.Final
>>>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central
2025-10-15
>>>>>>>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>>>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>>>>>>>
>>>>>>>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>>>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>>>>>>>>
io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>>>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>>>>>>>> io.prometheus:prometheus-metrics-config:1.3.3
1.3.10 Central
>>>>>>>>>>> 2025-07-09
>>>>>>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>>>>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>>>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>>>>>>>> io.smallrye:smallrye-open-api-core:4.2.1
4.2.3 Central
>>>>>>>>>>> 2025-11-26
>>>>>>>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>>>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>>>>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>>>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>>>>>>>> ↳ Very latest 3.1.0 Central new
>>>>>>>>>>>
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>>>>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>>>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>>>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>>>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>>>>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>>>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>>>>
jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>>>>>>>>
jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>>>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>>>>>>>>
jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>>>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>>>>>>>
>>>>>>>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>>>>>>>> 3.0.4 Central 2024-07-03
>>>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>>>>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>>>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>>>>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>>>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>>>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5
Central 2025-09-24
>>>>>>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>>>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>>>>>>>>
jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>>>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>>>>>>>>
>>>>>>>>>>>
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>>>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>>>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>>>>>>>>
jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>>>>>>>>
jakarta.validation:jakarta.validation-api:3.0.2
>>>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>>>>>>>>
jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>>>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>>>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>>>>>>>> joda-time:joda-time:2.12.7
>>>>>>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>>>>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>>>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>>>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8
Central 2025-10-15
>>>>>>>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>>>>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>>>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>>>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central
2024-08-14
>>>>>>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central
2025-10-22
>>>>>>>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>>>>>>>>
org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central
>>>>>>>>>>> 2025-10-29
>>>>>>>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>>>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>>>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>>>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>>>>>>>>
org.apache.lucene:lucene-analysis-common:9.11.1
>>>>>>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>>>>
org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central
>>>>>>>>>>> 2025-10-01
>>>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>>>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>>>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0
2.3.2 Central
>>>>>>>>>>> 2025-11-05
>>>>>>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>>>>>>>> org.assertj:assertj-bom:3.26.3
>>>>>>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>>>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7
Central 2024-08-21
>>>>>>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5
Central 2025-09-24
>>>>>>>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>>>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>>>>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:8.15.4
>>>>>>>>>>> 8.15.5 Central 2024-11-27
>>>>>>>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>>>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8
>>>>>>>>>>> Central new
>>>>>>>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>>>>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>>>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4
Central 2025-09-17
>>>>>>>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>>>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>>>>>>>>
org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4
>>>>>>>>>>> Central 2025-08-20
>>>>>>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final
6.6.38.Final
>>>>>>>>>>> Central new
>>>>>>>>>>> ↳ Very latest 7.1.11.Final Central
2025-12-03
>>>>>>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final
7.1.11.Final
>>>>>>>>>>> Central new
>>>>>>>>>>>
>>>>>>>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>>>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>>>>>>>>
org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>>>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>>>>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>>>>>>>> ↳ Very latest 16.0.3 Central new
>>>>>>>>>>>
org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>>>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>>>>>>>>
org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final
>>>>>>>>>>> Central 2025-11-12
>>>>>>>>>>>
org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>>>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>>>>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>>>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>>>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>>>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>>>>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>>>>>>>> ↳ Minor upgrade 5.5.1.Final Central
2025-11-12
>>>>>>>>>>> org.junit:junit-bom:5.14.1
>>>>>>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>>>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>>>>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>>>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>>>>>>>> org.ow2.asm:asm:9.7.1
>>>>>>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>>>>>>>>
org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>>>>>>>> ↳ Minor upgrade 1.1.0.Final Central
2024-02-07
>>>>>>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>>>>>>>>
org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final
>>>>>>>>>>> Central 2025-10-22
>>>>>>>>>>> org.xerial.snappy:snappy-java:1.1.10.5
1.1.10.8 Central
>>>>>>>>>>> 2025-07-24
>>>>>>>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>>>>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>>>>>>>> 92 items
>>>>>>>>>>>
>>>>>>>>>>> Generated on 2025-12-03
>>>>>>>>>>>
>>>>>>>>>>> Report generated by Maven Dependency Updater
>>>>>>>>>>>
<https://github.com/jboss-set/maven-dependency-updater>
>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>> wildfly-dev mailing list --
wildfly-dev(a)lists.jboss.org
>>>>>>>>>>> To unsubscribe send an email to
>>>>>>>>>>> wildfly-dev-leave(a)lists.jboss.org
>>>>>>>>>>> Privacy Statement:
>>>>>>>>>>>
https://www.redhat.com/en/about/privacy-policy
>>>>>>>>>>> List Archives:
>>>>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Brian Stansberry
>>>>>>>>>> Architect, JBoss EAP
>>>>>>>>>> WildFly Project Lead
>>>>>>>>>> He/Him/His
>>>>>>>>>> _______________________________________________
>>>>>>>>>> wildfly-dev mailing list --
wildfly-dev(a)lists.jboss.org
>>>>>>>>>> To unsubscribe send an email to
>>>>>>>>>> wildfly-dev-leave(a)lists.jboss.org
>>>>>>>>>> Privacy Statement:
>>>>>>>>>> https://www.redhat.com/en/about/privacy-policy
>>>>>>>>>> List Archives:
>>>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Brian Stansberry
>>>>>>>> Architect, JBoss EAP
>>>>>>>> WildFly Project Lead
>>>>>>>> He/Him/His
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Brian Stansberry
>>>>>>> Collaborative Partner - IBM
>>>>>>> Architect, JBoss EAP
>>>>>>> WildFly Project Lead
>>>>>>> He/Him/His
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Brian Stansberry
>>>>>> Collaborative Partner - IBM
>>>>>> Architect, JBoss EAP
>>>>>> WildFly Project Lead
>>>>>> He/Him/His
>>>>>>
>>>>>
>>>
>>> --
>>> Brian Stansberry
>>> Collaborative Partner - IBM
>>> Architect, JBoss EAP
>>> WildFly Project Lead
>>> He/Him/His
>>>
>>
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
4:21 a.m.
New subject: Dependabot problems WAS: Possible component upgrades report - wildfly:main
Great news, dependabot is fully working again, no parsing issues and last
run opened 10 new PRs (and have their owners assigned).
This is a kind reminder to component owners that the *update PRs are not
meant to be long-lived* because as dependabot will keep hitting the maximum
PRs open limit, it will again eventually stop sending new updates.
Rado
On Mon, Feb 2, 2026 at 5:54 PM Brian Stansberry <bstansbe(a)redhat.com> wrote:
Thanks, Rado. And thanks for
https://issues.redhat.com/browse/WFLY-21429
to track the driver problem.
I tried to ping some folks who are more familiar with the use cases around
these database driver profiles; we'll see what they say.
I see that the various ds=xxx profiles are unchanged since summer of 2012.
So, unless the users of these are also using -Dds.jdbc.driver.version,
they may be cruft.
Best regards,
Brian
On Mon, Feb 2, 2026 at 9:55 AM Radoslav Husar <rhusar(a)redhat.com> wrote:
> Good news, after the merge of the first workaround (
> https://github.com/wildfly/wildfly/pull/19577) Dependabot hasn't run so
> I triggered a run manually. It opened a couple new remaning PRs it didn't
> before so I went ahead and assigned owners.
>
> However, it hit more (last) problem which is parsing of the following:
>
> <dependency>
> <groupId>jdbcdrivers</groupId>
> <artifactId>${ds.db}</artifactId>
> <version>${ds.jdbc.driver.version}</version>
> </dependency>
>
>
> It appears this is also reported as
> https://github.com/dependabot/dependabot-core/issues/13236 and probably
> fixed by the same PR we are waiting for
> https://github.com/dependabot/dependabot-core/pull/13746
>
>
> https://github.com/dependabot/dependabot-core/issues/13236#issuecomment-3...
>
> This time I am not sure if we have a viable workaround other than to
> create a profile for each driver with fully defined dependencies.
>
> Thoughts?
>
> Rado
>
>
> On Tue, Jan 27, 2026 at 12:15 PM Radoslav Husar <rhusar(a)redhat.com>
> wrote:
>
>> OK, thanks Brian. This kicked off so I handled *all* the newly opened 10
>> PRs with either merge or assignment to rightful owners.
>>
>> Unfortunately CI failed us this time – #ci-servers > JDK21 problems?
>>
<https://wildfly.zulipchat.com/#narrow/channel/174177-ci-servers/topic/JDK...
so
>> a lot of jobs are to be rerun.
>>
>> Thanks,
>> Rado
>>
>> On Mon, Jan 26, 2026 at 11:44 PM Brian Stansberry <bstansbe(a)redhat.com>
>> wrote:
>>
>>> Thanks, Rado!
>>>
>>> https://github.com/wildfly/wildfly/actions/runs/21376865486 is running
>>>
>>> On Mon, Jan 26, 2026 at 4:05 PM Radoslav Husar <rhusar(a)redhat.com>
>>> wrote:
>>>
>>>> Brian, looks like I found the problem – the issue is that after 30
>>>> failed runs all GitHub Actions stop. Can you perform one of the
suggested
>>>> actions below to get us going for another 30 days and hopefully in the
>>>> meantime the above issues will be resolved?
>>>>
>>>> From their website: Sometimes, due to misconfiguration or incompatible
>>>> versions, Dependabot jobs for a repository will fail and Dependabot will
>>>> continue to run and continue to fail. Now, after 30 failed runs,
Dependabot
>>>> will immediately fail subsequent scheduled jobs until you trigger a
check
>>>> for updates from the dependency graph or by updating a manifest file.
>>>> Dependabot security update jobs will still trigger as usual.
>>>>
>>>> Thanks,
>>>> Rado
>>>>
>>>>
>>>> On Mon, Jan 26, 2026 at 10:49 PM Radoslav Husar
<rhusar(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Just to share where we stand on fixing this upstream, the issue has
>>>>> been raised as
>>>>> https://github.com/dependabot/dependabot-core/issues/13713
>>>>> and there is already a fix available at
>>>>> https://github.com/dependabot/dependabot-core/pull/13746
>>>>>
>>>>> I asked if there is something we can do to help move this forward.
>>>>>
>>>>> Also, just to note, when I try to restart the dependabot workflows -
>>>>> they aren't re-runnable :-(
>>>>>
>>>>> > Warning: Dependabot workflows cannot be re-run. Retrigger this
>>>>> update via Dependabot instead.
>>>>>
>>>>> Rado
>>>>>
>>>>>
>>>>> On Mon, Jan 26, 2026 at 8:35 PM Brian Stansberry
<bstansbe(a)redhat.com>
>>>>> wrote:
>>>>>
>>>>>> Looking at
>>>>>>
https://github.com/wildfly/wildfly/actions/workflows/dependabot/dependabo...,
>>>>>> it looks like the last time a 'maven in' job ran was Dec
30. Since then
>>>>>> it's only 'github_actions in' jobs.
>>>>>>
>>>>>> On Mon, Jan 26, 2026 at 1:20 PM Brian Stansberry <
>>>>>> bstansbe(a)redhat.com> wrote:
>>>>>>
>>>>>>> I'm forking this into a separate thread as it looks like
>>>>>>> dependabot's not submitting PRs at all to wildfly/wildfly
in a number of
>>>>>>> weeks.
>>>>>>>
>>>>>>> I haven't looked into why.
>>>>>>>
>>>>>>> Until that is sorted please pay extra attention to these
'Possible
>>>>>>> component upgrades report' emails and be proactive about
sending up upgrade
>>>>>>> PRs in areas you are responsible for.
>>>>>>>
>>>>>>> On Fri, Dec 5, 2025 at 11:22 AM Brian Stansberry <
>>>>>>> bstansbe(a)redhat.com> wrote:
>>>>>>>
>>>>>>>> Thanks, Rado! Hopefully the dependabot folks will figure
it out.
>>>>>>>>
>>>>>>>> On Fri, Dec 5, 2025 at 3:46 AM Radoslav Husar
<rhusar(a)redhat.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Funny enough, I was investigating this too last week
and
>>>>>>>>> concluded it's most likely a dependabot bug. It
is a relatively common
>>>>>>>>> problem that it stumbles with complicated projects
and WildFly is
>>>>>>>>> inevitably a complicated project from a dependency
perspective. It's not
>>>>>>>>> uncommon for us to have to change pom.xml in a way
that dependabot could
>>>>>>>>> work with it. Which is much harder for projects like
WF...
>>>>>>>>>
>>>>>>>>> The '{message: "ERROR: Invalid expression:
>>>>>>>>> /project/groupId}.channel"}' seemed to me to
be a 'off by 1
>>>>>>>>> error' and it really meant channels, but then
again, that line
>>>>>>>>>
<channels.maven.groupId>${project.groupId}.channels
>>>>>>>>> </channels.maven.groupId> is there since 2024,
which seems to
>>>>>>>>> hint at something changing in dependabot.
>>>>>>>>>
>>>>>>>>> I ran out of options so I filed
>>>>>>>>>
https://github.com/dependabot/dependabot-core/issues/13713
>>>>>>>>> upstream. Feel free to add onto it.
>>>>>>>>>
>>>>>>>>> Rado
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Dec 3, 2025 at 10:36 PM Brian Stansberry via
wildfly-dev <
>>>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>>>
>>>>>>>>>> I'm not asking anyone to do anything here;
I'm just recording
>>>>>>>>>> some info about a curiosity in case we eventually
dig more into it.
>>>>>>>>>>
>>>>>>>>>> We've been getting relatively few dependabot
PRs lately, but
>>>>>>>>>> there are a lot of micros on this report, so that
was interesting to me.
>>>>>>>>>>
>>>>>>>>>> Much of it is because we either deliberately
disabled
>>>>>>>>>> dependabot for a GA (e.g. is some team manually
manages the artifact as
>>>>>>>>>> part of a broader update strategy for whatever
thing depends on it), or
>>>>>>>>>> because we explicitly closed a dependabot PR so
some team could manually
>>>>>>>>>> deal with that artifact. All that's ok so
long as teams don't forget.
>>>>>>>>>>
>>>>>>>>>> But there are a number of others that fail
because dependabot
>>>>>>>>>> fails trying to generate the upgrade PR. These
all have the same symptom in
>>>>>>>>>> the dependabot log:
>>>>>>>>>>
>>>>>>>>>> Handled error whilst updating
the_groupId:the_artifact_id:
>>>>>>>>>> dependency_file_not_evaluatable {message:
"ERROR: Invalid expression:
>>>>>>>>>> /project/groupId}.channel"}
>>>>>>>>>>
>>>>>>>>>> A gist at
>>>>>>>>>>
https://gist.github.com/bstansberry/5bbd2b64ac324421628c08958c4210b8
>>>>>>>>>> has more details.
>>>>>>>>>>
>>>>>>>>>> I poked a bit at some of the various relevant
poms and didn't
>>>>>>>>>> see anything about "groupId}.channel"
so ???.
>>>>>>>>>>
>>>>>>>>>> The root WF pom itself has
"<channels.maven.groupId>${project.groupId}.channels</channels.maven.groupId>"
>>>>>>>>>> but that has the trailing 's', plus
it's been there for ages, plus I'd
>>>>>>>>>> think if that was somehow problematic no
dependabot PRs would work. But we
>>>>>>>>>> do get some.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Dec 3, 2025 at 9:51 AM Tomas Hofman via
wildfly-dev <
>>>>>>>>>> wildfly-dev(a)lists.jboss.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Component Upgrade Report
>>>>>>>>>>>
>>>>>>>>>>> Following repositories were searched:
>>>>>>>>>>>
>>>>>>>>>>> - Central https://repo1.maven.org/maven2/
>>>>>>>>>>> - JBossPublic
>>>>>>>>>>>
https://repository.jboss.org/nexus/content/repositories/public/
>>>>>>>>>>>
>>>>>>>>>>> Possible Component Upgrades
>>>>>>>>>>> GAV New Version Repository Since
>>>>>>>>>>> com.fasterxml:classmate:1.5.1
>>>>>>>>>>> ↳ Minor upgrade 1.7.1 Central 2025-10-01
>>>>>>>>>>> com.fasterxml.woodstox:woodstox-core:7.0.0
>>>>>>>>>>> ↳ Minor upgrade 7.1.1 Central 2025-06-04
>>>>>>>>>>>
com.google.api.grpc:proto-google-common-protos:2.0.1
>>>>>>>>>>> ↳ Minor upgrade 2.63.1 Central 2025-11-12
>>>>>>>>>>> com.google.code.gson:gson:2.13.1 2.13.2
Central 2025-09-17
>>>>>>>>>>> com.google.guava:guava:33.0.0-jre
>>>>>>>>>>> ↳ Minor upgrade 33.5.0-jre Central
2025-09-24
>>>>>>>>>>> com.google.protobuf:protobuf-java:4.28.3
>>>>>>>>>>> ↳ Minor upgrade 4.33.1 Central 2025-11-19
>>>>>>>>>>> com.h2database:h2:2.2.224
>>>>>>>>>>> ↳ Minor upgrade 2.4.240 Central 2025-10-01
>>>>>>>>>>> com.nimbusds:nimbus-jose-jwt:10.3.1
>>>>>>>>>>> ↳ Minor upgrade 10.6 Central 2025-11-12
>>>>>>>>>>> com.sun.istack:istack-commons-runtime:4.1.2
>>>>>>>>>>> ↳ Minor upgrade 4.2.0 Central 2024-02-07
>>>>>>>>>>> commons-codec:commons-codec:1.17.2
>>>>>>>>>>> ↳ Minor upgrade 1.20.0 Central 2025-11-12
>>>>>>>>>>>
commons-collections:commons-collections:3.2.2
>>>>>>>>>>> ↳ Very latest 20040616 Central 2024-02-07
>>>>>>>>>>> commons-io:commons-io:2.16.1
>>>>>>>>>>> ↳ Minor upgrade 2.21.0 Central 2025-11-12
>>>>>>>>>>> de.dentrassi.crypto:pem-keystore:2.4.0
>>>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-11-20
>>>>>>>>>>> io.agroal:agroal-api:2.0
>>>>>>>>>>> ↳ Minor upgrade 2.8 Central 2025-08-20
>>>>>>>>>>>
io.github.resilience4j:resilience4j-core:2.2.0
>>>>>>>>>>> ↳ Minor upgrade 2.3.0 Central 2025-01-08
>>>>>>>>>>> io.grpc:grpc-api:1.70.0
>>>>>>>>>>> ↳ Minor upgrade 1.77.0 Central 2025-11-19
>>>>>>>>>>> io.micrometer:micrometer-commons:1.15.6
>>>>>>>>>>> ↳ Minor upgrade 1.16.0 Central 2025-11-12
>>>>>>>>>>> io.netty:netty-all:4.0.19.Final 4.0.56.Final
Central 2024-02-07
>>>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central
2025-10-15
>>>>>>>>>>> io.netty:netty-bom:4.1.128.Final
>>>>>>>>>>> ↳ Minor upgrade 4.2.7.Final Central
2025-10-15
>>>>>>>>>>> io.opentelemetry:opentelemetry-api:1.48.0
>>>>>>>>>>> ↳ Minor upgrade 1.56.0 Central 2025-11-12
>>>>>>>>>>>
>>>>>>>>>>>
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.14.0
>>>>>>>>>>> ↳ Minor upgrade 2.22.0 Central 2025-11-26
>>>>>>>>>>>
io.opentelemetry.semconv:opentelemetry-semconv:1.32.0
>>>>>>>>>>> ↳ Minor upgrade 1.37.0 Central 2025-09-03
>>>>>>>>>>> io.prometheus:prometheus-metrics-config:1.3.3
1.3.10 Central
>>>>>>>>>>> 2025-07-09
>>>>>>>>>>> ↳ Minor upgrade 1.4.3 Central 2025-11-12
>>>>>>>>>>> io.smallrye:smallrye-jwt:4.3.1
>>>>>>>>>>> ↳ Minor upgrade 4.6.2 Central 2025-05-28
>>>>>>>>>>> io.smallrye:smallrye-open-api-core:4.2.1
4.2.3 Central
>>>>>>>>>>> 2025-11-26
>>>>>>>>>>> io.smallrye.config:smallrye-config:3.13.4
>>>>>>>>>>> ↳ Minor upgrade 3.14.1 Central 2025-10-15
>>>>>>>>>>> io.smallrye.reactive:mutiny:2.8.0
>>>>>>>>>>> ↳ Minor upgrade 2.9.5 Central 2025-10-29
>>>>>>>>>>> ↳ Very latest 3.1.0 Central new
>>>>>>>>>>>
io.smallrye.reactive:smallrye-mutiny-vertx-amqp-client:3.17.1
>>>>>>>>>>> ↳ Minor upgrade 3.21.1 Central new
>>>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-converter-api:2.6.0
>>>>>>>>>>> ↳ Minor upgrade 2.7.0 Central 2024-02-07
>>>>>>>>>>> ↳ Very latest 3.0.3 Central 2025-04-16
>>>>>>>>>>>
io.smallrye.reactive:smallrye-reactive-messaging-amqp:4.30.0
>>>>>>>>>>> ↳ Minor upgrade 4.31.0 Central 2025-11-12
>>>>>>>>>>> io.vertx:vertx-amqp-client:4.5.22
>>>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>>>> io.vertx:vertx-kafka-client:4.4.9
>>>>>>>>>>> ↳ Minor upgrade 4.5.22 Central 2025-10-22
>>>>>>>>>>> ↳ Very latest 5.0.5 Central 2025-10-22
>>>>>>>>>>>
jakarta.annotation:jakarta.annotation-api:2.1.1
>>>>>>>>>>> ↳ Very latest 3.0.0 Central 2024-04-10
>>>>>>>>>>>
jakarta.enterprise:jakarta.enterprise.cdi-api:2.0.2
>>>>>>>>>>> ↳ Very latest 4.1.0 Central 2024-04-17
>>>>>>>>>>>
jakarta.enterprise:jakarta.enterprise.cdi-api:4.0.1
>>>>>>>>>>> ↳ Minor upgrade 4.1.0 Central 2024-04-17
>>>>>>>>>>>
>>>>>>>>>>>
jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api:3.0.3
>>>>>>>>>>> 3.0.4 Central 2024-07-03
>>>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2024-06-26
>>>>>>>>>>> jakarta.faces:jakarta.faces-api:4.0.1
>>>>>>>>>>> ↳ Minor upgrade 4.1.2 Central 2024-11-06
>>>>>>>>>>> jakarta.inject:jakarta.inject-api:1.0.5
>>>>>>>>>>> ↳ Very latest 2.0.1 Central 2024-02-07
>>>>>>>>>>> jakarta.mail:jakarta.mail-api:2.1.3 2.1.5
Central 2025-09-24
>>>>>>>>>>> jakarta.mvc:jakarta.mvc-api:2.1.0
>>>>>>>>>>> ↳ Very latest 3.0.0 Central 2025-05-14
>>>>>>>>>>>
jakarta.persistence:jakarta.persistence-api:3.1.0
>>>>>>>>>>> ↳ Minor upgrade 3.2.0 Central 2024-05-22
>>>>>>>>>>>
>>>>>>>>>>>
jakarta.security.enterprise:jakarta.security.enterprise-api:3.0.0
>>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-26
>>>>>>>>>>> jakarta.servlet:jakarta.servlet-api:6.0.0
>>>>>>>>>>> ↳ Minor upgrade 6.1.0 Central 2024-06-12
>>>>>>>>>>>
jakarta.servlet.jsp:jakarta.servlet.jsp-api:3.1.1
>>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-06-12
>>>>>>>>>>>
jakarta.validation:jakarta.validation-api:3.0.2
>>>>>>>>>>> ↳ Minor upgrade 3.1.1 Central 2025-02-05
>>>>>>>>>>>
jakarta.websocket:jakarta.websocket-api:2.1.1
>>>>>>>>>>> ↳ Minor upgrade 2.2.0 Central 2024-05-29
>>>>>>>>>>> jakarta.ws.rs:jakarta.ws.rs-api:3.1.0
>>>>>>>>>>> ↳ Very latest 4.0.0 Central 2024-05-08
>>>>>>>>>>> joda-time:joda-time:2.12.7
>>>>>>>>>>> ↳ Minor upgrade 2.14.0 Central 2025-04-02
>>>>>>>>>>> net.bytebuddy:byte-buddy:1.15.11
>>>>>>>>>>> ↳ Minor upgrade 1.18.2 Central 2025-12-03
>>>>>>>>>>> net.bytebuddy:byte-buddy:1.17.6 1.17.8
Central 2025-10-15
>>>>>>>>>>> ↳ Minor upgrade 1.18.2 Central new
>>>>>>>>>>> net.shibboleth.utilities:java-support:8.0.0
>>>>>>>>>>> ↳ Minor upgrade 8.4.2 JBossPublic 2024-04-17
>>>>>>>>>>> org.antlr:antlr4:4.13.0 4.13.2 Central
2024-08-14
>>>>>>>>>>> org.apache.avro:avro:1.12.0 1.12.1 Central
2025-10-22
>>>>>>>>>>> org.apache.cxf:cxf-core:4.0.10
>>>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-11-19
>>>>>>>>>>>
org.apache.cxf.xjc-utils:cxf-xjc-runtime:4.1.0 4.1.1 Central
>>>>>>>>>>> 2025-10-29
>>>>>>>>>>> org.apache.kafka:kafka-clients:3.9.1
>>>>>>>>>>> ↳ Very latest 4.1.1 Central 2025-11-19
>>>>>>>>>>> org.apache.kerby:kerb-server-api-all:2.0.3
>>>>>>>>>>> ↳ Minor upgrade 2.1.1 Central 2025-11-26
>>>>>>>>>>>
org.apache.lucene:lucene-analysis-common:9.11.1
>>>>>>>>>>> ↳ Minor upgrade 9.12.3 Central 2025-10-01
>>>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>>>>
org.apache.lucene:lucene-analysis-common:9.12.2 9.12.3 Central
>>>>>>>>>>> 2025-10-01
>>>>>>>>>>> ↳ Very latest 10.3.2 Central 2025-11-19
>>>>>>>>>>> org.apache.santuario:xmlsec:3.0.6
>>>>>>>>>>> ↳ Very latest 4.0.4 Central 2025-04-16
>>>>>>>>>>> org.apache.ws.xmlschema:xmlschema-core:2.3.0
2.3.2 Central
>>>>>>>>>>> 2025-11-05
>>>>>>>>>>> org.apache.wss4j:wss4j-bindings:3.0.5
>>>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-11-05
>>>>>>>>>>> org.assertj:assertj-bom:3.26.3
>>>>>>>>>>> ↳ Minor upgrade 3.27.6 Central 2025-09-24
>>>>>>>>>>> org.cryptacular:cryptacular:1.2.5 1.2.7
Central 2024-08-21
>>>>>>>>>>> org.eclipse.angus:angus-mail:2.0.4 2.0.5
Central 2025-09-24
>>>>>>>>>>> org.eclipse.jdt:ecj:3.33.0
>>>>>>>>>>> ↳ Minor upgrade 3.43.0 Central 2025-09-10
>>>>>>>>>>> org.eclipse.krazo:krazo-core:3.0.1
>>>>>>>>>>> ↳ Very latest 4.0.1 Central 2025-06-11
>>>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:8.15.4
>>>>>>>>>>> 8.15.5 Central 2024-11-27
>>>>>>>>>>> ↳ Minor upgrade 8.19.8 Central new
>>>>>>>>>>> ↳ Very latest 9.2.2 Central 2025-12-03
>>>>>>>>>>>
org.elasticsearch.client:elasticsearch-rest-client:9.1.3 9.1.8
>>>>>>>>>>> Central new
>>>>>>>>>>> ↳ Minor upgrade 9.2.2 Central new
>>>>>>>>>>> org.glassfish:jakarta.faces:4.0.12
>>>>>>>>>>> ↳ Minor upgrade 4.1.4 Central 2025-09-17
>>>>>>>>>>> org.glassfish:jakarta.faces:4.1.3 4.1.4
Central 2025-09-17
>>>>>>>>>>> org.glassfish.expressly:expressly:5.0.0
>>>>>>>>>>> ↳ Very latest 6.0.0 Central 2025-05-21
>>>>>>>>>>>
org.glassfish.soteria:jakarta.security.enterprise:3.0.3 3.0.4
>>>>>>>>>>> Central 2025-08-20
>>>>>>>>>>> org.hibernate.orm:hibernate-core:6.6.37.Final
6.6.38.Final
>>>>>>>>>>> Central new
>>>>>>>>>>> ↳ Very latest 7.1.11.Final Central
2025-12-03
>>>>>>>>>>> org.hibernate.orm:hibernate-core:7.1.2.Final
7.1.11.Final
>>>>>>>>>>> Central new
>>>>>>>>>>>
>>>>>>>>>>>
org.hibernate.search:hibernate-search-backend-elasticsearch:7.2.4.Final
>>>>>>>>>>> ↳ Very latest 8.1.2.Final Central 2025-09-10
>>>>>>>>>>>
org.hibernate.validator:hibernate-validator:8.0.3.Final
>>>>>>>>>>> ↳ Very latest 9.1.0.Final Central 2025-11-12
>>>>>>>>>>> org.infinispan:infinispan-bom:15.2.6.Final
>>>>>>>>>>> ↳ Very latest 16.0.3 Central new
>>>>>>>>>>>
org.jboss.genericjms:generic-jms-ra-jar:3.0.0.Final
>>>>>>>>>>> ↳ Minor upgrade 3.1.0 Central 2024-02-07
>>>>>>>>>>>
org.jboss.openjdk-orb:openjdk-orb:10.1.1.Final 10.1.3.Final
>>>>>>>>>>> Central 2025-11-12
>>>>>>>>>>>
org.jboss.resteasy:resteasy-atom-provider:6.2.14.Final
>>>>>>>>>>> ↳ Very latest 7.0.0.Final Central 2025-10-01
>>>>>>>>>>> org.jboss.weld:weld-api:5.0.SP3
>>>>>>>>>>> ↳ Very latest 6.0.Final Central 2024-12-18
>>>>>>>>>>> org.jboss.weld:weld-core-impl:5.1.6.Final
>>>>>>>>>>> ↳ Very latest 6.0.3.Final Central 2025-05-21
>>>>>>>>>>> org.jgroups:jgroups:5.4.12.Final
>>>>>>>>>>> ↳ Minor upgrade 5.5.1.Final Central
2025-11-12
>>>>>>>>>>> org.junit:junit-bom:5.14.1
>>>>>>>>>>> ↳ Very latest 6.0.1 Central 2025-11-05
>>>>>>>>>>> org.lz4:lz4-java:1.8.0 1.8.1 Central new
>>>>>>>>>>> org.opensaml:opensaml-profile-api:4.3.2
>>>>>>>>>>> ↳ Very latest 5.1.6 JBossPublic 2025-08-27
>>>>>>>>>>> org.ow2.asm:asm:9.7.1
>>>>>>>>>>> ↳ Minor upgrade 9.9 Central 2025-10-15
>>>>>>>>>>>
org.wildfly:wildfly-naming-client:1.0.17.Final
>>>>>>>>>>> ↳ Minor upgrade 1.1.0.Final Central
2024-02-07
>>>>>>>>>>> ↳ Very latest 2.0.1.Final Central 2024-02-07
>>>>>>>>>>>
org.wildfly.glow:wildfly-glow-core:1.5.1.Final 1.5.2.Final
>>>>>>>>>>> Central 2025-10-22
>>>>>>>>>>> org.xerial.snappy:snappy-java:1.1.10.5
1.1.10.8 Central
>>>>>>>>>>> 2025-07-24
>>>>>>>>>>> software.amazon.awssdk:annotations:2.36.3
>>>>>>>>>>> ↳ Minor upgrade 2.40.0 Central new
>>>>>>>>>>> 92 items
>>>>>>>>>>>
>>>>>>>>>>> Generated on 2025-12-03
>>>>>>>>>>>
>>>>>>>>>>> Report generated by Maven Dependency Updater
>>>>>>>>>>>
<https://github.com/jboss-set/maven-dependency-updater>
>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>> wildfly-dev mailing list --
wildfly-dev(a)lists.jboss.org
>>>>>>>>>>> To unsubscribe send an email to
>>>>>>>>>>> wildfly-dev-leave(a)lists.jboss.org
>>>>>>>>>>> Privacy Statement:
>>>>>>>>>>>
https://www.redhat.com/en/about/privacy-policy
>>>>>>>>>>> List Archives:
>>>>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Brian Stansberry
>>>>>>>>>> Architect, JBoss EAP
>>>>>>>>>> WildFly Project Lead
>>>>>>>>>> He/Him/His
>>>>>>>>>> _______________________________________________
>>>>>>>>>> wildfly-dev mailing list --
wildfly-dev(a)lists.jboss.org
>>>>>>>>>> To unsubscribe send an email to
>>>>>>>>>> wildfly-dev-leave(a)lists.jboss.org
>>>>>>>>>> Privacy Statement:
>>>>>>>>>> https://www.redhat.com/en/about/privacy-policy
>>>>>>>>>> List Archives:
>>>>>>>>>>
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Brian Stansberry
>>>>>>>> Architect, JBoss EAP
>>>>>>>> WildFly Project Lead
>>>>>>>> He/Him/His
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Brian Stansberry
>>>>>>> Collaborative Partner - IBM
>>>>>>> Architect, JBoss EAP
>>>>>>> WildFly Project Lead
>>>>>>> He/Him/His
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Brian Stansberry
>>>>>> Collaborative Partner - IBM
>>>>>> Architect, JBoss EAP
>>>>>> WildFly Project Lead
>>>>>> He/Him/His
>>>>>>
>>>>>
>>>
>>> --
>>> Brian Stansberry
>>> Collaborative Partner - IBM
>>> Architect, JBoss EAP
>>> WildFly Project Lead
>>> He/Him/His
>>>
>>
--
Brian Stansberry
Collaborative Partner - IBM
Architect, JBoss EAP
WildFly Project Lead
He/Him/His
59
days inactive
123
days old
13 comments
3 participants
participants (3)
-
Brian Stansberry -
Radoslav Husar -
thofman@redhat.com