Re: Getting version upgrade advise to upgrade a BOM..
Thanks, This actually works. I find this surprising because apparently this plugin cannot indicate what needs to be changed, but it can do the change. Niels On Sun, May 2, 2021 at 4:25 PM Nick Stolwijk wrote: > To update the BOM dependencies you can use the Maven versions plugin: > > mvn versions:use-latest-versions versions:update-properties > -DgenerateBackupPoms=false > > Hth, > > Nick Stolwijk > > ~~~ Try to leave this world a little better than you found it and, when > your turn comes to die, you can die happy in feeling that at any rate you > have not wasted your time but have done your best ~~~ > > Lord Baden-Powell > > > On Sun, May 2, 2021 at 3:12 PM Niels Basjes wrote: > > > Hi, > > > > Thanks for the suggestion. > > Apparently the "standard" maven versions plugin does not do this > correctly > > yet. > > > > I was looking at this renovate tool yet what I found is that it seems to > > only support creating pull/merge requests. > > This is very nice but not what I want right now. > > Is there a way to run it locally (without any github/gitlab/... system) > and > > generate a patch file or just a list of problematic versions? > > > > Niels Basjes > > > > > > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki > > wrote: > > > > > Hi Niels, > > > (Thank you for using the libraries-bom! I'm one of the maintainers of > the > > > BOM.) > > > > > > I don't know how to do it in Maven. However, I often see people using > > > dependabot or > > > renovatebot integrated with their repositories. > > > An example pull request by renovatebot: > > > https://github.com/googleapis/java-securitycenter/pull/472 > > > > > > Note that RenovateBot doesn't require GitHub.com repository: > > > https://github.com/renovatebot/renovate#self-hosting > > > > > > > > > > > > > > > On Thu, Apr 29, 2021 at 5:12 PM Delany > > wrote: > > > > > > > Is it this > > https://github.com/mojohaus/versions-maven-plugin/issues/395 > > > > Regards, > > > > Delany > > > > > > > > > > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, wrote: > > > > > > > > > Hi, > > > > > > > > > > I see quite a few situations where the dependencies for toolkit are > > > > > provided in the form of a dependency you must "import" in > > > > > the dependencyManagement section. > > > > > They provide this to ensure you always have a working combination > > for a > > > > lot > > > > > of closely related dependencies. > > > > > > > > > > To illustrate the problem I ran into I created this minimal > pom.xml: > > > > > > > > > > > > > > > http://maven.apache.org/POM/4.0.0; > > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; > > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd;> > > > > > 4.0.0 > > > > > > > > > > nl.basjes.example > > > > > dependency-version-test > > > > > 0.1-SNAPSHOT > > > > > jar > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > com.google.cloud > > > > > libraries-bom > > > > > 19.0.0 > > > > > pom > > > > > import > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > com.google.cloud > > > > > google-cloud-pubsub > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Now for this example the 19.0.0 is a valid version and absolutely > not > > > the > > > > > latest version. > > > > > What I'm looking for is a command that will give me the advice to > > > update > > > > > the 19.0.0 to whatever is currently the latest version. > > > > > If I put this in an empty directory and try to get insight in what > I > > > need > > > > > to upgrade I do this: > > > > > > > > > > mvn versions:display-dependency-updates > > > > > > > > > > > > > > > The output I get from this is the full list of all underlying > > > > dependencies > > > > > for which an update is available; yet no mention of the > libraries-bom > > > > that > > > > > is in need of an update. > > > > > > > > > > What I would like is a list of the things for which an update is > > > > available; > > > > > yet here I effectively want the opposite of what I get from this > > > plugin: > > > > I > > > > > only want (should?) get the suggestion to update the libraries-bom > > and > > > > not > > > > > the full list of the versions defined in there. > > > > > > > > > > Is there a way to achieve this? > > > > > > > > > > -- > > > > > Best regards / Met vriendelijke groeten, > > > > > > > > > > Niels Basjes > > > > > > > > > > > > > > > > > > -- > > > Regards, > > > Tomo > > > > > > > > > -- > > Best regards / Met vriendelijke groeten, > > > > Niels Basjes > > > -- Best regards / Met vriendelijke groeten, Niels Basjes
Re: Getting version upgrade advise to upgrade a BOM..
To update the BOM dependencies you can use the Maven versions plugin: mvn versions:use-latest-versions versions:update-properties -DgenerateBackupPoms=false Hth, Nick Stolwijk ~~~ Try to leave this world a little better than you found it and, when your turn comes to die, you can die happy in feeling that at any rate you have not wasted your time but have done your best ~~~ Lord Baden-Powell On Sun, May 2, 2021 at 3:12 PM Niels Basjes wrote: > Hi, > > Thanks for the suggestion. > Apparently the "standard" maven versions plugin does not do this correctly > yet. > > I was looking at this renovate tool yet what I found is that it seems to > only support creating pull/merge requests. > This is very nice but not what I want right now. > Is there a way to run it locally (without any github/gitlab/... system) and > generate a patch file or just a list of problematic versions? > > Niels Basjes > > > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki > wrote: > > > Hi Niels, > > (Thank you for using the libraries-bom! I'm one of the maintainers of the > > BOM.) > > > > I don't know how to do it in Maven. However, I often see people using > > dependabot or > > renovatebot integrated with their repositories. > > An example pull request by renovatebot: > > https://github.com/googleapis/java-securitycenter/pull/472 > > > > Note that RenovateBot doesn't require GitHub.com repository: > > https://github.com/renovatebot/renovate#self-hosting > > > > > > > > > > On Thu, Apr 29, 2021 at 5:12 PM Delany > wrote: > > > > > Is it this > https://github.com/mojohaus/versions-maven-plugin/issues/395 > > > Regards, > > > Delany > > > > > > > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, wrote: > > > > > > > Hi, > > > > > > > > I see quite a few situations where the dependencies for toolkit are > > > > provided in the form of a dependency you must "import" in > > > > the dependencyManagement section. > > > > They provide this to ensure you always have a working combination > for a > > > lot > > > > of closely related dependencies. > > > > > > > > To illustrate the problem I ran into I created this minimal pom.xml: > > > > > > > > > > > > http://maven.apache.org/POM/4.0.0; > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd;> > > > > 4.0.0 > > > > > > > > nl.basjes.example > > > > dependency-version-test > > > > 0.1-SNAPSHOT > > > > jar > > > > > > > > > > > > > > > > > > > > > > > > com.google.cloud > > > > libraries-bom > > > > 19.0.0 > > > > pom > > > > import > > > > > > > > > > > > > > > > > > > > > > > > > > > > com.google.cloud > > > > google-cloud-pubsub > > > > > > > > > > > > > > > > > > > > > > > > Now for this example the 19.0.0 is a valid version and absolutely not > > the > > > > latest version. > > > > What I'm looking for is a command that will give me the advice to > > update > > > > the 19.0.0 to whatever is currently the latest version. > > > > If I put this in an empty directory and try to get insight in what I > > need > > > > to upgrade I do this: > > > > > > > > mvn versions:display-dependency-updates > > > > > > > > > > > > The output I get from this is the full list of all underlying > > > dependencies > > > > for which an update is available; yet no mention of the libraries-bom > > > that > > > > is in need of an update. > > > > > > > > What I would like is a list of the things for which an update is > > > available; > > > > yet here I effectively want the opposite of what I get from this > > plugin: > > > I > > > > only want (should?) get the suggestion to update the libraries-bom > and > > > not > > > > the full list of the versions defined in there. > > > > > > > > Is there a way to achieve this? > > > > > > > > -- > > > > Best regards / Met vriendelijke groeten, > > > > > > > > Niels Basjes > > > > > > > > > > > > > -- > > Regards, > > Tomo > > > > > -- > Best regards / Met vriendelijke groeten, > > Niels Basjes >
Re: Getting version upgrade advise to upgrade a BOM..
Hi, Thanks for the suggestion. Apparently the "standard" maven versions plugin does not do this correctly yet. I was looking at this renovate tool yet what I found is that it seems to only support creating pull/merge requests. This is very nice but not what I want right now. Is there a way to run it locally (without any github/gitlab/... system) and generate a patch file or just a list of problematic versions? Niels Basjes On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki wrote: > Hi Niels, > (Thank you for using the libraries-bom! I'm one of the maintainers of the > BOM.) > > I don't know how to do it in Maven. However, I often see people using > dependabot or > renovatebot integrated with their repositories. > An example pull request by renovatebot: > https://github.com/googleapis/java-securitycenter/pull/472 > > Note that RenovateBot doesn't require GitHub.com repository: > https://github.com/renovatebot/renovate#self-hosting > > > > > On Thu, Apr 29, 2021 at 5:12 PM Delany wrote: > > > Is it this https://github.com/mojohaus/versions-maven-plugin/issues/395 > > Regards, > > Delany > > > > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, wrote: > > > > > Hi, > > > > > > I see quite a few situations where the dependencies for toolkit are > > > provided in the form of a dependency you must "import" in > > > the dependencyManagement section. > > > They provide this to ensure you always have a working combination for a > > lot > > > of closely related dependencies. > > > > > > To illustrate the problem I ran into I created this minimal pom.xml: > > > > > > > > > http://maven.apache.org/POM/4.0.0; > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > > > http://maven.apache.org/xsd/maven-4.0.0.xsd;> > > > 4.0.0 > > > > > > nl.basjes.example > > > dependency-version-test > > > 0.1-SNAPSHOT > > > jar > > > > > > > > > > > > > > > > > > com.google.cloud > > > libraries-bom > > > 19.0.0 > > > pom > > > import > > > > > > > > > > > > > > > > > > > > > com.google.cloud > > > google-cloud-pubsub > > > > > > > > > > > > > > > > > > Now for this example the 19.0.0 is a valid version and absolutely not > the > > > latest version. > > > What I'm looking for is a command that will give me the advice to > update > > > the 19.0.0 to whatever is currently the latest version. > > > If I put this in an empty directory and try to get insight in what I > need > > > to upgrade I do this: > > > > > > mvn versions:display-dependency-updates > > > > > > > > > The output I get from this is the full list of all underlying > > dependencies > > > for which an update is available; yet no mention of the libraries-bom > > that > > > is in need of an update. > > > > > > What I would like is a list of the things for which an update is > > available; > > > yet here I effectively want the opposite of what I get from this > plugin: > > I > > > only want (should?) get the suggestion to update the libraries-bom and > > not > > > the full list of the versions defined in there. > > > > > > Is there a way to achieve this? > > > > > > -- > > > Best regards / Met vriendelijke groeten, > > > > > > Niels Basjes > > > > > > > > -- > Regards, > Tomo > -- Best regards / Met vriendelijke groeten, Niels Basjes
