Version suffix should be respected

[yeikel]

Description

In Maven, it is common for third party companies to publish artifacts with the same name but with different suffixes in the version. They often follow a different release schedule

Examples:

• Kafka libraries where confluent publishes versions with -ce (confluent platform) and ccs(community edition)
• Many Apache Spark providers

While suggesting an upgrade, Dependabot should take this into consideration to avoid suggesting an upgrade to a different provider or to move from an OSS version to a provider (like the bug below)

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

maven

dependabot.yml content

- package-ecosystem: maven
  directory: "/"
  schedule:
    interval: weekly
    time: "10:00"
    timezone: Europe/London
  reviewers:
    - "kafbat/backend"
  open-pull-requests-limit: 10
  labels:
    - "type/dependencies"
    - "scope/backend"

Updated dependency

kafka-clients

What you expected to see, versus what you actually saw

Expected: Dependabot should follow the dependency name suffix and proposes an upgrade of org.apache.kafka:kafka-clients:3.7.1 to org.apache.kafka:kafka-clients:3.9.0

Actual: Dependabot ignores the version suffix and suggests a version that follows a different lifecyle

org.apache.kafka:kafka-clients:3.7.1 to org.apache.kafka:kafka-clients:7.8.0-ce

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/kafbat/kafka-ui/pull/693/files

From 5b9ead1304536a9f03a4d942f1c6aa8121cd8d3e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 10:44:04 +0000
Subject: [PATCH] Bump org.apache.kafka:kafka-clients from 3.7.1 to 7.8.0-ce

Bumps org.apache.kafka:kafka-clients from 3.7.1 to 7.8.0-ce.

---
updated-dependencies:
- dependency-name: org.apache.kafka:kafka-clients
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 683abf771..c1d6ec6c3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -39,7 +39,7 @@
         <datasketches-java.version>3.1.0</datasketches-java.version>
         <groovy.version>3.0.13</groovy.version>
         <jackson.version>2.14.0</jackson.version>
-        <kafka-clients.version>3.7.1</kafka-clients.version>
+        <kafka-clients.version>7.8.0-ce</kafka-clients.version>
         <org.mapstruct.version>1.6.2</org.mapstruct.version>
         <org.projectlombok.version>1.18.34</org.projectlombok.version>
         <protobuf-java.version>3.25.5</protobuf-java.version>

Smallest manifest that reproduces the issue

<dependency>
            <groupId>org.apache.kafka</groupId>
            <artifactId>kafka-clients</artifactId>
            <version>3.7.1</version>
        </dependency>