24

When I'm running versions:display-dependency-updates, it will show all the newest beta / milestone versions of my dependencies. I prefer using "release" packages.

versions:use-latest-releases talks about "replacing" with the latest release version. However, I prefer updating the versions manually.

Can I run the versions plugin to give me a report on the latest "release" versions of my dependencies and plugins?

I am referring to the "type" of the package as listed on mvnrepository.org

Alex R
  • 808
  • 2
  • 10
  • 26
  • I have my doubts that you will get information about `SNAPSHOT`versions cause by default the parameter for this is set to `false`http://www.mojohaus.org/versions-maven-plugin/display-dependency-updates-mojo.html ? Which version do you use? – khmarbaise Jul 01 '16 at 15:53
  • I'm looking for "release" status. The question is not how to avoid snapshots. I edited out snapshots for clarity. – Alex R Jul 03 '16 at 19:19

2 Answers2

24

Two steps

Add rulesUri to the plugin configuration

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>versions-maven-plugin</artifactId>
    <version>2.3</version>
    <configuration>
        <rulesUri>file:///${project.basedir}/rules.xml</rulesUri>
    </configuration>
    <executions>
        <execution>
        <phase>compile</phase>
        <goals>
            <goal>display-dependency-updates</goal>
            <goal>display-plugin-updates</goal>
        </goals>
        </execution>
    </executions>
</plugin>

Add the rules.xml file to your project root directory.

<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" comparisonMethod="maven" xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
    <ignoreVersions>
        <!-- Ignore Alpha's, Beta's, release candidates and milestones -->
        <ignoreVersion type="regex">(?i).*Alpha(?:-?\d+)?</ignoreVersion>
        <ignoreVersion type="regex">(?i).*a(?:-?\d+)?</ignoreVersion>
        <ignoreVersion type="regex">(?i).*Beta(?:-?\d+)?</ignoreVersion>
        <ignoreVersion type="regex">(?i).*-B(?:-?\d+)?</ignoreVersion>
        <ignoreVersion type="regex">(?i).*RC(?:-?\d+)?</ignoreVersion>
        <ignoreVersion type="regex">(?i).*CR(?:-?\d+)?</ignoreVersion>
        <ignoreVersion type="regex">(?i).*M(?:-?\d+)?</ignoreVersion>
    </ignoreVersions>
    <rules>
    </rules>
</ruleset>

The regex filters out the unstable releases. You can also target rules for specific dependencies, see:

http://blog.xebia.com/keeping-dependencies-up-to-date-in-maven/

https://gist.github.com/seahrh/b13f4f3d618ad7c817038e0bc124ef29

Version rules will also stay for future releases of the plugin.

Emil Sierżęga
  • 1,785
  • 2
  • 31
  • 38
ruhong
  • 1,793
  • 5
  • 28
  • 34
  • I had added (?i).*-b(?:-?\d+)? but anyhow for example version: 1.5.0-b01 appears in results. I had tested this regex and shall work. – Seweryn Habdank-Wojewódzki Mar 08 '18 at 10:24
  • FWIW I tried this with both version 2.3 and 2.7 (latest as of now) and couldn't get these rules to work. rules.xml is in my multi-project root directory and I copied & pasted the above plugin. I ran with --debug and didn't see any evidence that rules.xml was being used. Executing: "mvn versions:display-dependency-updates" example output: [INFO] ch.qos.logback:logback-classic ................. 1.2.3 -> 1.3.0-alpha4 [INFO] com.esotericsoftware:kryo ......................... 4.0.1 -> 5.0.0-RC1 – Jason Sep 27 '18 at 14:02
  • Thanks for nice solution. file:///${project.basedir}/rules.xml this for windows cannot read. – Hhovhann Jun 05 '19 at 11:59
  • What if we have a root POM of `pom`, published to Maven Central, and we want this configuration to be inherited in child POMs. Will the child POMs need to provide a copy of `rules.xml`? Is there no way to include the rule within the POM itself? – Garret Wilson May 15 '22 at 15:06
  • I've added my follow-up question as https://stackoverflow.com/q/72416739 since it got no answers here in the comments. – Garret Wilson May 28 '22 at 15:05
4

Maybe I misunderstand a thing but if I use mvn versions:display-dependency-updates it will produce an output like this:

~/ws-git/test-project (two-module)$ mvn versions:display-dependency-updates
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Project : Parent
[INFO] Project : Mod-A
[INFO] Project : Mod-B
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Project : Parent 0.1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.2:display-dependency-updates (default-cli) @ project-parent ---
[INFO] The following dependencies in Dependency Management have newer versions:
[INFO]   com.beust:jcommander .................................... 1.35 -> 1.55
[INFO]   com.google.guava:guava ................................ 16.0.1 -> 19.0
[INFO]   junit:junit ............................................. 4.11 -> 4.12
[INFO]   log4j:log4j ............................. 1.2.16 -> 1.2.17-atlassian-1
[INFO]   org.apache.logging.log4j:log4j-api ...................... 2.1 -> 2.6.1
[INFO]   org.apache.logging.log4j:log4j-core ..................... 2.1 -> 2.6.1
[INFO]   org.mockito:mockito-core ........................ 1.9.5 -> 2.0.78-beta
[INFO]   org.testng:testng .................................... 6.8.8 -> 6.9.12
[INFO]
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Project : Mod-A 0.1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.2:display-dependency-updates (default-cli) @ mod-a ---
[INFO] The following dependencies in Dependency Management have newer versions:
[INFO]   com.beust:jcommander .................................... 1.35 -> 1.55
[INFO]   com.google.guava:guava ................................ 16.0.1 -> 19.0
[INFO]   junit:junit ............................................. 4.11 -> 4.12
[INFO]   log4j:log4j ............................. 1.2.16 -> 1.2.17-atlassian-1
[INFO]   org.apache.logging.log4j:log4j-api ...................... 2.1 -> 2.6.1
[INFO]   org.apache.logging.log4j:log4j-core ..................... 2.1 -> 2.6.1
[INFO]   org.mockito:mockito-core ........................ 1.9.5 -> 2.0.78-beta
[INFO]   org.testng:testng .................................... 6.8.8 -> 6.9.12
[INFO]
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Project : Mod-B 0.1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.2:display-dependency-updates (default-cli) @ mod-b ---
[INFO] The following dependencies in Dependency Management have newer versions:
[INFO]   com.beust:jcommander .................................... 1.35 -> 1.55
[INFO]   com.google.guava:guava ................................ 16.0.1 -> 19.0
[INFO]   junit:junit ............................................. 4.11 -> 4.12
[INFO]   log4j:log4j ............................. 1.2.16 -> 1.2.17-atlassian-1
[INFO]   org.apache.logging.log4j:log4j-api ...................... 2.1 -> 2.6.1
[INFO]   org.apache.logging.log4j:log4j-core ..................... 2.1 -> 2.6.1
[INFO]   org.mockito:mockito-core ........................ 1.9.5 -> 2.0.78-beta
[INFO]   org.testng:testng .................................... 6.8.8 -> 6.9.12
[INFO]
[INFO] No dependencies in Dependencies have newer versions.
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Project : Parent ................................... SUCCESS [  0.791 s]
[INFO] Project : Mod-A .................................... SUCCESS [  0.046 s]
[INFO] Project : Mod-B .................................... SUCCESS [  0.019 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.671 s
[INFO] Finished at: 2016-07-03T22:17:02+02:00
[INFO] Final Memory: 20M/439M
[INFO] ------------------------------------------------------------------------

where you can see things like junit:junit from 4.11 to 4.12 etc. Furthermore the questions is how the versions looks like of your dependencies etc. ?

khmarbaise
  • 92,914
  • 28
  • 189
  • 235
  • 3
    In your example, it proposes mockito-core version 2.0.78-beta. The latest "release" version according to maven central is 1.10.19; that's what I am looking for. So far, I have to check every package where updates are available and check for the newest "release" level update manually. – Alex R Jul 04 '16 at 19:53
  • In Central is 2.0.78-beta is the latest release http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22org.mockito%22%20AND%20a%3A%22mockito-core%22 I don't know on which Maven Central you are looking? – khmarbaise Jul 04 '16 at 20:03
  • 1
    Actually, I'm on [mvnrepository.org](https://mvnrepository.com/artifact/org.mockito/mockito-core) which also has information of the package type (release / beta / release candidate) – Alex R Jul 05 '16 at 21:17
  • @khmarbaise the thing is you do not want to use a beta but the latest relase of none alpha none beta. So if there is a 1.2 a 1.3 and a 1.4-beta you want 1.3 – tibi Jan 08 '21 at 09:14
  • You can of course use a beta if you like... because currently I'm often at JDK versions which not being supported in releases but often the beta's etc. already support them... so I often have no other choice... In the end you should decide on your own what you like to use? I would keep stable versions as long as I can... – khmarbaise Jan 08 '21 at 09:59