To update the BOM dependencies you can use the Maven versions plugin: mvn versions:use-latest-versions versions:update-properties -DgenerateBackupPoms=false
Hth, Nick Stolwijk ~~~ Try to leave this world a little better than you found it and, when your turn comes to die, you can die happy in feeling that at any rate you have not wasted your time but have done your best ~~~ Lord Baden-Powell On Sun, May 2, 2021 at 3:12 PM Niels Basjes <ni...@basjes.nl> wrote: > Hi, > > Thanks for the suggestion. > Apparently the "standard" maven versions plugin does not do this correctly > yet. > > I was looking at this renovate tool yet what I found is that it seems to > only support creating pull/merge requests. > This is very nice but not what I want right now. > Is there a way to run it locally (without any github/gitlab/... system) and > generate a patch file or just a list of problematic versions? > > Niels Basjes > > > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <suzt...@google.com.invalid> > wrote: > > > Hi Niels, > > (Thank you for using the libraries-bom! I'm one of the maintainers of the > > BOM.) > > > > I don't know how to do it in Maven. However, I often see people using > > dependabot or > > renovatebot integrated with their repositories. > > An example pull request by renovatebot: > > https://github.com/googleapis/java-securitycenter/pull/472 > > > > Note that RenovateBot doesn't require GitHub.com repository: > > https://github.com/renovatebot/renovate#self-hosting > > > > > > > > > > On Thu, Apr 29, 2021 at 5:12 PM Delany <delany.middle...@gmail.com> > wrote: > > > > > Is it this > https://github.com/mojohaus/versions-maven-plugin/issues/395 > > > Regards, > > > Delany > > > > > > > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <ni...@basjes.nl> wrote: > > > > > > > Hi, > > > > > > > > I see quite a few situations where the dependencies for toolkit are > > > > provided in the form of a dependency you must "import" in > > > > the dependencyManagement section. > > > > They provide this to ensure you always have a working combination > for a > > > lot > > > > of closely related dependencies. > > > > > > > > To illustrate the problem I ran into I created this minimal pom.xml: > > > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > > <project xmlns="http://maven.apache.org/POM/4.0.0"; > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd";> > > > > <modelVersion>4.0.0</modelVersion> > > > > > > > > <groupId>nl.basjes.example</groupId> > > > > <artifactId>dependency-version-test</artifactId> > > > > <version>0.1-SNAPSHOT</version> > > > > <packaging>jar</packaging> > > > > > > > > <dependencyManagement> > > > > <dependencies> > > > > <dependency> > > > > <!-- This is the way we get a consistent set of > > versions > > > of > > > > the Google tools --> > > > > <groupId>com.google.cloud</groupId> > > > > <artifactId>libraries-bom</artifactId> > > > > <version>19.0.0</version> > > > > <type>pom</type> > > > > <scope>import</scope> > > > > </dependency> > > > > </dependencies> > > > > </dependencyManagement> > > > > > > > > <dependencies> > > > > <dependency> > > > > <groupId>com.google.cloud</groupId> > > > > <artifactId>google-cloud-pubsub</artifactId> > > > > </dependency> > > > > </dependencies> > > > > </project> > > > > > > > > > > > > Now for this example the 19.0.0 is a valid version and absolutely not > > the > > > > latest version. > > > > What I'm looking for is a command that will give me the advice to > > update > > > > the 19.0.0 to whatever is currently the latest version. > > > > If I put this in an empty directory and try to get insight in what I > > need > > > > to upgrade I do this: > > > > > > > > mvn versions:display-dependency-updates > > > > > > > > > > > > The output I get from this is the full list of all underlying > > > dependencies > > > > for which an update is available; yet no mention of the libraries-bom > > > that > > > > is in need of an update. > > > > > > > > What I would like is a list of the things for which an update is > > > available; > > > > yet here I effectively want the opposite of what I get from this > > plugin: > > > I > > > > only want (should?) get the suggestion to update the libraries-bom > and > > > not > > > > the full list of the versions defined in there. > > > > > > > > Is there a way to achieve this? > > > > > > > > -- > > > > Best regards / Met vriendelijke groeten, > > > > > > > > Niels Basjes > > > > > > > > > > > > > -- > > Regards, > > Tomo > > > > > -- > Best regards / Met vriendelijke groeten, > > Niels Basjes >
