dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

[Maven] Dependabot does not detect upgrades

Open yeikel opened this issue 1 year ago • 1 comments

It does not seem that Dependabot supports the following syntax :

 <properties>
    <graphql.java.major.version>18</graphql.java.major.version>
    <graphql.java.version>${graphql.java.major.version}.2</graphql.java.version>
  </properties>

Pom file: https://github.com/vert-x3/vertx-web/blob/master/vertx-web-graphql/pom.xml#L31-L38

Dependabot Configuration file : https://github.com/vert-x3/vertx-web/blob/master/.github/dependabot.yml

Package ecosystem maven

Package manager version any

yeikel avatar Jul 27 '22 21:07 yeikel

Other example where this happens :

<properties>
    <protoc.version>3.21.2</protoc.version>
  </properties>

<plugins>
      <plugin>
        <groupId>org.xolstice.maven.plugins</groupId>
        <artifactId>protobuf-maven-plugin</artifactId>
        <version>0.6.1</version>
        <configuration>
          <!--
            The version of protoc must match protobuf-java. If you don't depend on
            protobuf-java directly, you will be transitively depending on the
            protobuf-java version that grpc depends on.
          -->
          <protocArtifact>com.google.protobuf:protoc:${protoc.version}:exe:${os.detected.classifier}</protocArtifact>
          <pluginId>grpc-java</pluginId>
          <pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:${os.detected.classifier}</pluginArtifact>
          <protocPlugins>
            <protocPlugin>
              <id>vertx-grpc-protoc-plugin</id>
              <groupId>io.vertx</groupId>
              <artifactId>vertx-grpc-protoc-plugin</artifactId>
              <version>${project.version}</version>
              <mainClass>io.vertx.grpc.protoc.plugin.VertxGrpcGenerator</mainClass>
            </protocPlugin>
          </protocPlugins>
        </configuration>
        <executions>
          <execution>
            <id>compile</id>
            <goals>
              <goal>compile</goal>
              <goal>compile-custom</goal>
            </goals>
            <configuration>
              <outputDirectory>${project.basedir}/src/main/java</outputDirectory>
              <clearOutputDirectory>false</clearOutputDirectory>
            </configuration>
          </execution>
          <execution>
            <id>test-compile</id>
            <goals>
              <goal>test-compile</goal>
              <goal>test-compile-custom</goal>
            </goals>
          </execution>
        </executions>
      </plugin>

See https://github.com/vert-x3/vertx-grpc/blob/master/vertx-grpc/pom.xml#L34

yeikel avatar Jul 28 '22 14:07 yeikel

This turned out to be quite complicated to implement. And I don't think we need it as it happens very rarely

Feel to re-open it if needed

yeikel avatar Apr 22 '23 01:04 yeikel