I have an ivy.xml file where I specify my dependencies explicitly. Is there any functionality built into Ivy that will let me discover or automatically update my dependencies which are out of date?
I don't want to use latest.release because I want a completely stable and reproducible build. But every once in a while I'll want to update some dependencies and at the same time it would be good to answer the question, which other dependencies are out of date?
Like you, I only use dynamic versions for in-house dependencies. When upgrading, at the start of a new development phase, I would use one of the repository search tools to discover new versions of 3rd party libraries:
As I'm sure you're aware, another problem is that upgrading dependencies can often lead to an involuntary upgrade of your transitive dependencies....
What I'd suggest is to generate an ivy dependency report and use this to review your code's module usage. I find this very useful especially considering that some 3rd party Maven modules are not well behaved and will import many unnecessary libraries onto my classpath.
The following is an example of my standard dependencies target:
<target name='dependencies' description='Resolve project dependencies and set classpaths'>
<ivy:resolve/>
<ivy:report todir='${ivy.reports}' graph='false' xml='false'/>
<ivy:cachepath pathid="compile.path" conf="compile"/>
<ivy:cachepath pathid="provided.path" conf="provided"/>
<ivy:cachepath pathid="runtime.path" conf="runtime"/>
<ivy:cachepath pathid="test.path" conf="test"/>
</target>
Hope this helps.... If you find a way to automatically manage this I'd be interested.
I'm not sure if this is the best solution or not, but you can create a configuration (e.g., "checklatest") that asks for the latest versions, then run a report against that.
For example, in your ivy.xml file: ...
<dependencies>
....
<dependency org="somegroup" name="somename"
rev="latest.release" conf="checklatest->default"/>
</dependencies>
and then run an ant task that uses the task for that configuration.
Even there, it isn't necessarily going to pick up the latest version -- e.g., Apache's commons-httpclient eventually got incorporated into the httpcomponents project, so a request for the latest "commons-httpclient" in group "commons-httpclient" will only find version 3.1. But if you look at the publication date on the report Ivy generates, it should be fairly clear that something happened, when the latest publication is 2007. At that point, you would have to investigate.
One workaround is to use ivy:makepom and then run mvn versions:display-dependency-updates using the generated pom.
checkdepsupdate is the rough equivalent in Ivy.
It gives you output like:
[ivy:checkdepsupdate] com.sun.mail#javax.mail 1.5.4 -> 1.6.2
[ivy:checkdepsupdate] commons-codec#commons-codec 1.10 -> 1.11
[ivy:checkdepsupdate] org.apache.commons#commons-compress 1.12 -> 1.18
[ivy:checkdepsupdate] commons-dbutils#commons-dbutils 1.5 -> 1.7
[ivy:checkdepsupdate] commons-io#commons-io 2.4 -> 2.6
[ivy:checkdepsupdate] org.apache.commons#commons-lang3 3.6 -> 3.8.1
[ivy:checkdepsupdate] org.apache.commons#commons-text 1.1 -> 1.6
[ivy:checkdepsupdate] org.apache.poi#poi 3.13 -> 4.0.0
