[I] mvnup: comment out dependencies with unresolved property expressions [maven]

Mon, 18 May 2026 08:46:45 -0700 


gnodet opened a new issue, #12080:
URL: https://github.com/apache/maven/issues/12080

   ## Problem
   
   Maven 4's `MavenValidator.validateDependency()` rejects dependencies with 
uninterpolated property expressions (e.g., `${guava-version}`) that are not 
defined anywhere. This affects projects like `activemq-openwire` which have 
dead/orphan managed dependency entries in `<dependencyManagement>` with 
undefined properties:
   
   ```xml
   <dependencyManagement>
     <dependencies>
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
         <version>${guava-version}</version>  <!-- property never defined -->
       </dependency>
     </dependencies>
   </dependencyManagement>
   ```
   
   Maven 3 silently ignores these because the dependency is never actually 
resolved. Maven 4 validates all dependency coordinates and rejects 
uninterpolated expressions:
   
   ```
   Suppressed: java.lang.IllegalArgumentException: Not fully interpolated 
dependency com.google.guava:guava:jar:${guava-version} ()
   ```
   
   The POM is arguably wrong, but `mvnup` could fix this automatically.
   
   ## Proposed Solution
   
   Add a new compatibility fix in `CompatibilityFixStrategy` that:
   
   1. Collects all properties defined in `<properties>` sections across all 
project POMs (including profile properties)
   2. Scans `<dependencies>` and `<dependencyManagement>` entries for `${...}` 
expressions in groupId, artifactId, or version
   3. Skips well-known built-in properties (`project.*`, `env.*`, `settings.*`, 
`maven.*`, `revision`, `sha1`, `changelist`, etc.)
   4. Comments out dependency entries whose property expressions are not 
defined in any project POM
   
   Example output after fix:
   ```xml
   <!-- mvnup: commented out - undefined property 'guava-version'
   <dependency>
     <groupId>com.google.guava</groupId>
     <artifactId>guava</artifactId>
     <version>${guava-version}</version>
   </dependency>
   -->
   ```
   
   This runs as part of the default `--model` compatibility fixes.
   
   ## Affected Projects (from RC-5 testing)
   
   7 projects fail with this pattern:
   - activemq-openwire (`${guava-version}`)
   - mina-sshd
   - causeway-app-helloworld, causeway-app-demo, causeway-app-simpleapp
   - logging-log4j-audit
   - sling-app-cms
   
   _Claude Code on behalf of Guillaume Nodet_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to