rewrite icon indicating copy to clipboard operation
rewrite copied to clipboard
verified publisher icon openrewrite

UpgradeDependencyVersion does not correctly stabilize when using Wildcards with multiple dependencyManagement entries

Open MrThaler opened this issue 1 month ago • 1 comments

What version of OpenRewrite are you using?

I am using

  • rewrite-recipe-bom 3.18.0

How are you running OpenRewrite?

Writing my own recipe, trying to reproduce odd behavior in JUnit tests.

What is the smallest, simplest way to reproduce the problem?

@Test
    void multipleDependencyManagementEntriesTest() {
    rewriteRun(
        spec ->
            spec.recipe(new UpgradeDependencyVersion("*", "*", "latest.minor", null, null, null)),
        pomXml(
            """
                          <project>
                              <groupId>org.openrewrite.example</groupId>
                              <artifactId>my-app-server</artifactId>
                              <version>1</version>
                              <dependencyManagement>
                                  <dependencies>
                                      <dependency>
                                          <groupId>org.junit.jupiter</groupId>
                                          <artifactId>junit-jupiter-api</artifactId>
                                          <version>5.2.0</version>
                                      </dependency>
                                      <dependency>
                                          <groupId>org.slf4j</groupId>
                                          <artifactId>slf4j-api</artifactId>
                                          <version>1.7.33</version>
                                      </dependency>
                                  </dependencies>
                              </dependencyManagement>
                          </project>
                          """,
            """
                          <project>
                              <groupId>org.openrewrite.example</groupId>
                              <artifactId>my-app-server</artifactId>
                              <version>1</version>
                              <dependencyManagement>
                                  <dependencies>
                                      <dependency>
                                          <groupId>org.junit.jupiter</groupId>
                                          <artifactId>junit-jupiter-api</artifactId>
                                          <version>5.14.1</version>
                                      </dependency>
                                      <dependency>
                                          <groupId>org.slf4j</groupId>
                                          <artifactId>slf4j-api</artifactId>
                                          <version>1.7.36</version>
                                      </dependency>
                                  </dependencies>
                              </dependencyManagement>
                          </project>
                          """));
    }

What did you expect to see?

The test should succeed. Both dependencyManagement entries should be updated to the most recent version within in their major version.

What did you see instead?

The tests fail because UpgradeDependencyVersion takes multiple cycles to stabilize. However, when increasing the cycles the resulting pom.xml does seem to be correct.

What steps are needed to reproduce the behavior?

As far as I can see this issue does not prevent when the dependencyManagement consists of (for example) an imported BOM and a regular entry such as in the "upgradeAllManagedDependenciesToPatchReleases" test.

MrThaler avatar Nov 21 '25 13:11 MrThaler

There's now a proposed fix in

  • https://github.com/openrewrite/rewrite/pull/6355

timtebeek avatar Nov 29 '25 22:11 timtebeek