Prevent UpgradeDependencyVersion from downgrading ext property versions#7290
Merged
steve-aom-elliott merged 1 commit intomainfrom Apr 6, 2026
Merged
Conversation
The postVisit ExtraProperty update path in UpgradeDependencyVersion resolved a candidate version via DependencyVersionSelector.select() using only a GroupArtifact (no current version), then applied it unconditionally. Unlike the literal-version and gradle.properties paths which both use VersionComparator.upgrade() to reject downgrades, this path had no such check. This caused incorrect behavior when a composite recipe included an UpgradeDependencyVersion targeting an older major version range (e.g. 4.x) while the ext property already held a newer version (e.g. 5.x). The property would be silently downgraded.
steve-aom-elliott
added
bug
timtebeek
approved these changes
Apr 6, 2026
Jenson3210
added a commit
that referenced
this pull request
Apr 7, 2026
… is unresolvable DependencyVersionSelector.select() can return null when no matching version is found. The downgrade prevention code added in #7290 passes this null into versionComparator.upgrade() via singletonList(selectedVersion), which then calls RELEASE_PATTERN.matcher(null) and throws NullPointerException. Add a null guard consistent with the pattern used elsewhere in the same file (e.g., line 480). Fixes downstream failure in moderneinc/rewrite-spring.
3 tasks
timtebeek
pushed a commit
that referenced
this pull request
Apr 7, 2026
… is unresolvable (#7299) DependencyVersionSelector.select() can return null when no matching version is found. The downgrade prevention code added in #7290 passes this null into versionComparator.upgrade() via singletonList(selectedVersion), which then calls RELEASE_PATTERN.matcher(null) and throws NullPointerException. Add a null guard consistent with the pattern used elsewhere in the same file (e.g., line 480). Fixes downstream failure in moderneinc/rewrite-spring.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
postVisitExtraProperty update path inUpgradeDependencyVersionresolved a candidate version viaDependencyVersionSelector.select()using only aGroupArtifact(no current version), then applied it unconditionally — unlike the literal-version path and thegradle.propertiespath, which both useVersionComparator.upgrade()to reject downgradesVersionComparator.upgrade()guard to the ext property path, consistent with the other two paths in the same fileUpgradeDependencyVersiontargeting an older major version range (e.g.4.x) while the ext property already holds a newer version (e.g.5.x)Test plan
doesNotDowngradeExtPropertyVersiontest — ext property at30.1.1-jreis not downgraded when recipe targets29.0-jredoesNotDowngrade*tests passupgradesVersionInExtBlock,upgradesVersionInExtSubscriptNotation,upgradesVersionInExtBlockSetMethod)