Hi, Thanks for the suggestion. Apparently the "standard" maven versions plugin does not do this correctly yet.
I was looking at this renovate tool yet what I found is that it seems to only support creating pull/merge requests. This is very nice but not what I want right now. Is there a way to run it locally (without any github/gitlab/... system) and generate a patch file or just a list of problematic versions? Niels Basjes On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <suzt...@google.com.invalid> wrote: > Hi Niels, > (Thank you for using the libraries-bom! I'm one of the maintainers of the > BOM.) > > I don't know how to do it in Maven. However, I often see people using > dependabot or > renovatebot integrated with their repositories. > An example pull request by renovatebot: > https://github.com/googleapis/java-securitycenter/pull/472 > > Note that RenovateBot doesn't require GitHub.com repository: > https://github.com/renovatebot/renovate#self-hosting > > > > > On Thu, Apr 29, 2021 at 5:12 PM Delany <delany.middle...@gmail.com> wrote: > > > Is it this https://github.com/mojohaus/versions-maven-plugin/issues/395 > > Regards, > > Delany > > > > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <ni...@basjes.nl> wrote: > > > > > Hi, > > > > > > I see quite a few situations where the dependencies for toolkit are > > > provided in the form of a dependency you must "import" in > > > the dependencyManagement section. > > > They provide this to ensure you always have a working combination for a > > lot > > > of closely related dependencies. > > > > > > To illustrate the problem I ran into I created this minimal pom.xml: > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <project xmlns="http://maven.apache.org/POM/4.0.0" > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > > > http://maven.apache.org/xsd/maven-4.0.0.xsd"> > > > <modelVersion>4.0.0</modelVersion> > > > > > > <groupId>nl.basjes.example</groupId> > > > <artifactId>dependency-version-test</artifactId> > > > <version>0.1-SNAPSHOT</version> > > > <packaging>jar</packaging> > > > > > > <dependencyManagement> > > > <dependencies> > > > <dependency> > > > <!-- This is the way we get a consistent set of > versions > > of > > > the Google tools --> > > > <groupId>com.google.cloud</groupId> > > > <artifactId>libraries-bom</artifactId> > > > <version>19.0.0</version> > > > <type>pom</type> > > > <scope>import</scope> > > > </dependency> > > > </dependencies> > > > </dependencyManagement> > > > > > > <dependencies> > > > <dependency> > > > <groupId>com.google.cloud</groupId> > > > <artifactId>google-cloud-pubsub</artifactId> > > > </dependency> > > > </dependencies> > > > </project> > > > > > > > > > Now for this example the 19.0.0 is a valid version and absolutely not > the > > > latest version. > > > What I'm looking for is a command that will give me the advice to > update > > > the 19.0.0 to whatever is currently the latest version. > > > If I put this in an empty directory and try to get insight in what I > need > > > to upgrade I do this: > > > > > > mvn versions:display-dependency-updates > > > > > > > > > The output I get from this is the full list of all underlying > > dependencies > > > for which an update is available; yet no mention of the libraries-bom > > that > > > is in need of an update. > > > > > > What I would like is a list of the things for which an update is > > available; > > > yet here I effectively want the opposite of what I get from this > plugin: > > I > > > only want (should?) get the suggestion to update the libraries-bom and > > not > > > the full list of the versions defined in there. > > > > > > Is there a way to achieve this? > > > > > > -- > > > Best regards / Met vriendelijke groeten, > > > > > > Niels Basjes > > > > > > > > -- > Regards, > Tomo > -- Best regards / Met vriendelijke groeten, Niels Basjes