Preserve implicitly defined version properties in Maven recipes #6691

Jenson3210 · 2026-02-06T13:19:27Z

Summary

Fixes an issue where recipes like DependencyVulnerabilityCheck, UpgradeDependencyVersion, and ChangeDependencyGroupIdAndArtifactId would incorrectly replace implicitly defined version properties (like ${project.parent.version}, ${project.version}, ${revision}) with hardcoded version values
These properties represent intentional links to parent/project versions that should be preserved to maintain the relationship between child and parent module versions in multimodule Maven projects

Changes

Added isImplicitlyDefinedVersionProperty() method to MavenVisitor to check if a value is an implicitly defined property
Updated changeChildTagValue() in MavenVisitor to skip changes when the old value is an implicitly defined version property
Added checks in ChangeDependencyGroupIdAndArtifactId and ChangeManagedDependencyGroupIdAndArtifactId where they directly use ChangeTagValueVisitor

Test plan

Added test shouldPreserveProjectParentVersionPropertyInDependencyVersion that verifies ${project.parent.version} is preserved when upgrading dependency versions
Added test shouldPreserveProjectVersionPropertyInDependencyVersion that verifies ${project.version} is preserved
Added test shouldPreserveRevisionPropertyInDependencyVersion that verifies ${revision} is preserved
All existing Maven tests pass

When upgrading dependency versions or changing dependency coordinates, recipes like UpgradeDependencyVersion and ChangeDependencyGroupIdAndArtifactId were incorrectly replacing implicitly defined version properties such as ${project.parent.version}, ${project.version}, and ${revision} with hardcoded version values. These properties represent intentional links to parent/project versions that should be preserved to maintain the relationship between child and parent module versions in multimodule Maven projects. This fix adds explicit checks in MavenVisitor.changeChildTagValue() and the direct ChangeTagValueVisitor calls in ChangeDependencyGroupIdAndArtifactId and ChangeManagedDependencyGroupIdAndArtifactId to skip changes when the current value is an implicitly defined version property. Fixes: DependencyVulnerabilityCheck resolves parent version properties to hardcoded values in multimodule Maven projects.

…ependencyGroupIdAndArtifactId Add tests that verify implicitly defined version properties like ${project.parent.version} and ${project.version} are preserved when using these recipes with a newVersion parameter. These tests pass with the fix and fail without it, confirming the fix was necessary for both recipes.

rewrite-maven/src/main/java/org/openrewrite/maven/MavenVisitor.java

rewrite-maven/src/test/java/org/openrewrite/maven/ChangeDependencyGroupIdAndArtifactIdTest.java

...e-maven/src/main/java/org/openrewrite/maven/ChangeManagedDependencyGroupIdAndArtifactId.java

rewrite-maven/src/main/java/org/openrewrite/maven/ChangeDependencyGroupIdAndArtifactId.java

...ven/src/test/java/org/openrewrite/maven/ChangeManagedDependencyGroupIdAndArtifactIdTest.java

rewrite-maven/src/test/java/org/openrewrite/maven/UpgradeDependencyVersionTest.java

- Use isImplicitlyDefinedVersionProperty() in isProperty() for consistency - Refactor empty if blocks to use negation instead of empty comment blocks - Add clarifying comments to tests explaining the scenario uses related artifacts that share version numbering

When newVersion is specified but the current version uses an implicitly defined property like ${project.parent.version}, ${project.version}, or ${revision}, skip the entire change (including groupId/artifactId) to avoid partial updates that would leave inconsistent state.

github-project-automation bot added this to OpenRewrite Feb 6, 2026

github-project-automation bot moved this to In Progress in OpenRewrite Feb 6, 2026

moderne-meeseeks bot assigned Jenson3210 Feb 6, 2026

Jenson3210 requested review from steve-aom-elliott and timtebeek February 6, 2026 14:45