dependabot-core
dependabot-core copied to clipboard
[Maven] Dependabot does not detect upgrades
It does not seem that Dependabot supports the following syntax :
<properties>
<graphql.java.major.version>18</graphql.java.major.version>
<graphql.java.version>${graphql.java.major.version}.2</graphql.java.version>
</properties>
Pom file: https://github.com/vert-x3/vertx-web/blob/master/vertx-web-graphql/pom.xml#L31-L38
Dependabot Configuration file : https://github.com/vert-x3/vertx-web/blob/master/.github/dependabot.yml
Package ecosystem maven
Package manager version any
Other example where this happens :
<properties>
<protoc.version>3.21.2</protoc.version>
</properties>
<plugins>
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
<artifactId>protobuf-maven-plugin</artifactId>
<version>0.6.1</version>
<configuration>
<!--
The version of protoc must match protobuf-java. If you don't depend on
protobuf-java directly, you will be transitively depending on the
protobuf-java version that grpc depends on.
-->
<protocArtifact>com.google.protobuf:protoc:${protoc.version}:exe:${os.detected.classifier}</protocArtifact>
<pluginId>grpc-java</pluginId>
<pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}</pluginArtifact>
<protocPlugins>
<protocPlugin>
<id>vertx-grpc-protoc-plugin</id>
<groupId>io.vertx</groupId>
<artifactId>vertx-grpc-protoc-plugin</artifactId>
<version>${project.version}</version>
<mainClass>io.vertx.grpc.protoc.plugin.VertxGrpcGenerator</mainClass>
</protocPlugin>
</protocPlugins>
</configuration>
<executions>
<execution>
<id>compile</id>
<goals>
<goal>compile</goal>
<goal>compile-custom</goal>
</goals>
<configuration>
<outputDirectory>${project.basedir}/src/main/java</outputDirectory>
<clearOutputDirectory>false</clearOutputDirectory>
</configuration>
</execution>
<execution>
<id>test-compile</id>
<goals>
<goal>test-compile</goal>
<goal>test-compile-custom</goal>
</goals>
</execution>
</executions>
</plugin>
See https://github.com/vert-x3/vertx-grpc/blob/master/vertx-grpc/pom.xml#L34
This turned out to be quite complicated to implement. And I don't think we need it as it happens very rarely
Feel to re-open it if needed