PR upgraded three libraries, but version did not exist for two of them
jasonmclaren opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
maven
Package manager version
3.8.5
Language version
Java 1.8
Manifest location and content before the Dependabot update
My pom.xml included these lines:
<properties>
<jackson.version>2.13.3</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
</dependencies>
dependabot.yml content
No response
Updated dependency
Dependabot submitted a PR to bump com.fasterxml.jackson.core:jackson-databind from 2.13.3 to 2.13.4.2
What you expected to see, versus what you actually saw
I expected to upgrade all three jackson libraries to the new version, since the change was done by modifying the jackson.version variable.
I instead saw errors from maven, because jackson-core and jackson-annotations v2.13.4.2 do not exist.
Native package manager behavior
$ mvn compile
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------< com:example:web >-------------------------
[INFO] Building web 1.0
[INFO] --------------------------------[ war ]---------------------------------
[WARNING] The POM for com.fasterxml.jackson.core:jackson-core:jar:2.13.4.2 is missing, no dependency information available
[WARNING] The POM for com.fasterxml.jackson.core:jackson-annotations:jar:2.13.4.2 is missing, no dependency information available
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.716 s
[INFO] Finished at: 2024-05-21T12:20:28-07:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project web: Could not resolve dependencies for project com.example:web:war:1.0: The following artifacts could not be resolved: com.fasterxml.jackson.core:jackson-core:jar:2.13.4.2, com.fasterxml.jackson.core:jackson-annotations:jar:2.13.4.2: com.fasterxml.jackson.core:jackson-core:jar:2.13.4.2 was not found in https://repo.maven.apache.org/maven2 during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of central has elapsed or updates are forced -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
Images of the diff or a link to the PR, issue, or logs
![Screenshot 2024-05-21 at 12 38 23](https://private-user-images.githubusercontent.com/57369/332559842-7f15ec08-797a-473f-a3e6-ca5801cbbfe5.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTcwNjMwMjEsIm5iZiI6MTcxNzA2MjcyMSwicGF0aCI6Ii81NzM2OS8zMzI1NTk4NDItN2YxNWVjMDgtNzk3YS00NzNmLWEzZTYtY2E1ODAxY2JiZmU1LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MzAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTMwVDA5NTIwMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTQ0MjVjNzQyOWMyYzEzZmFiYjMxN2FhNGUzM2YxZmFhODVlMGQ5M2UzYmM1YjE5Y2U1YzYwNzA5YjYyYWRmYzImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.5y2upp--ltHdTuLyEGYZHxkuB9QublgBl-wWLAAzTK0)
Smallest manifest that reproduces the issue
No response