fix(maven): skip dependencies using \${project.version} instead of failing (#96)

When a dependency version references \${project.version}, omnibump was failing
with an error because it could not locate where the property is set. \${project.version}
is a Maven built-in that refers to the project's own <version> tag, not a
configurable property, so the dependency cannot be bumped this way. Instead of
erroring, log an informational message and continue.

Closes https://linear.app/chainguard/issue/AUTO-655/

Author: dnegreira

pkg/languages/java/maven/maven_test.go

@@ -1395,6 +1395,39 @@ func TestMaven_Update_DependencyPropertyMissingInPomAndParentErrors(t *testing.T
 	}
 }
 
+func TestMaven_Update_DependencyWithProjectVersionSkipsGracefully(t *testing.T) {
+	tmpDir := t.TempDir()
+
+	writeFile(t, filepath.Join(tmpDir, "pom.xml"), `<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.example</groupId>
+  <artifactId>parent</artifactId>
+  <version>1.0.0</version>
+  <packaging>pom</packaging>
+  <dependencies>
+    <dependency>
+      <groupId>com.example</groupId>
+      <artifactId>internal-lib</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>`)
+
+	m := &Maven{}
+	cfg := &languages.UpdateConfig{
+		RootDir:      tmpDir,
+		ManifestFile: filepath.Join(tmpDir, "pom.xml"),
+		Dependencies: []languages.Dependency{
+			{Name: "com.example:internal-lib", Version: "2.0.0"},
+		},
+	}
+
+	if err := m.Update(context.Background(), cfg); err != nil {
+		t.Fatalf("Maven.Update() error = %v, want nil", err)
+	}
+}
+
 func TestMaven_Update_PropertiesSplitBetweenCurrentAndParent(t *testing.T) {
 	tmpDir := t.TempDir()
 	parentPom := filepath.Join(tmpDir, "pom.xml")

pkg/languages/java/maven/updater.go

@@ -152,6 +152,14 @@ func dependencyPropertyUpdates(ctx context.Context, pomPath string, patches []Pa
 					continue
 				}
 
+				// project.version is a Maven built-in that mirrors the project's own <version>
+				// tag; skip with an informational message instead of failing.
+				if propertyName == "project.version" {
+					clog.InfoContextf(ctx, "Skipping %s:%s: uses ${project.version} which is the project's own version tag, not a configurable property",
+						patch.GroupID, patch.ArtifactID)
+					continue
+				}
+
 				// Reuse the existing resolver so current-vs-parent ownership stays consistent.
 				propertyPomPath, err := resolvePropertyPomPath(ctx, pomPath, propertyName)
 				if err != nil {