-
Task
-
Resolution: Fixed
-
L3 - Default
-
None
-
None
-
None
Dependabot says:
Dependabot can't evaluate your Java dependency files. As a result, Dependabot couldn't check whether any of your dependencies are out-of-date. The error Dependabot encountered was: Property not found: project.version
I think that is because the parent pom cannot be resolved. In dependabot's log we find:
updater | INFO <job_51553063> Starting update job for camunda/camunda-bpm-platform-ee proxy | 2020/09/04 13:20:28 [108] GET https://app.camunda.com:443/nexus/content/groups/public/org/camunda/bpm/camunda-database-settings/7.14.0-SNAPSHOT/camunda-database-settings-7.14.0-SNAPSHOT.pom proxy | 2020/09/04 13:20:28 [108] 404 https://app.camunda.com:443/nexus/content/groups/public/org/camunda/bpm/camunda-database-settings/7.14.0-SNAPSHOT/camunda-database-settings-7.14.0-SNAPSHOT.pom proxy | 2020/09/04 13:20:28 [110] GET https://repo.maven.apache.org:443/maven2/org/camunda/bpm/camunda-database-settings/7.14.0-SNAPSHOT/camunda-database-settings-7.14.0-SNAPSHOT.pom proxy | 2020/09/04 13:20:28 [110] 404 https://repo.maven.apache.org:443/maven2/org/camunda/bpm/camunda-database-settings/7.14.0-SNAPSHOT/camunda-database-settings-7.14.0-SNAPSHOT.pom updater | INFO <job_51553063> Finished job processing
There is no snapshot file named camunda-database-settings-7.14.0-SNAPSHOT.pom. They have all concrete names such as camunda-database-settings-7.14.0-20200904.132539-117.pom.
However, e.g. the scan for the webapp reports the same 404s but doesn't claim that it cannot resolve the dependencies. Maybe that is because it does not use properties that are not defined as long as the parent is unresolved.
Related dependabot issue: https://github.com/dependabot/dependabot-core/issues/2305
Full dependabot scan results:
https://github.com/camunda/camunda-bpm-platform-ee/network/updates/51553063
https://github.com/camunda/camunda-bpm-platform-ee/network/updates/96835349