If your bom version is in a property you must run display-properties-update instead https://www.mojohaus.org/versions-maven-plugin/display-property-updates-mojo.html
-- http://bernd.eckenfels.net ________________________________ Von: Niels Basjes <ni...@basjes.nl> Gesendet: Monday, May 3, 2021 1:26:58 PM An: Maven Users List <users@maven.apache.org> Betreff: Re: Getting version upgrade advise to upgrade a BOM.. Hi, Update: I did some experiments to see how all of this works right now. If I do this in my test project (with a few extra deliberately placed 'old' dependencies) * mvn versions:display-dependency-updates versions:display-plugin-updates* I get - All the dependencies inside the google libraries-bom that need to be updated (like grpc). - I do *not* get a hint to update the libraries-bom itself. - The hint to update this dependency : org.slf4j:slf4j-api ................................. 1.7.25 -> 1.7.30 - The hint to update this test dependency: junit:junit ........................................... 4.13 -> 4.13.2 - The hint to update this plugin: org.sonarsource.scanner.maven:sonar-maven-plugin 3.8.0.2131 -> 3.9.0.2155 If I run the mentioned * mvn versions:use-latest-versions versions:update-properties -DgenerateBackupPoms=false* The ONLY thing that has been updated is the libraries-bom version (in a property) None of the things mentioned in the previous command have been changed or mentioned. I had a quick look at the manual of this version plugin and even tried this (with no changes) *mvn versions:use-latest-releases versions:use-releases versions:use-latest-versions versions:update-properties -DgenerateBackupPoms=false* What am I doing wrong here? Niels Basjes On Sun, May 2, 2021 at 4:38 PM Niels Basjes <ni...@basjes.nl> wrote: > Thanks, > > This actually works. > I find this surprising because apparently this plugin cannot indicate what > needs to be changed, but it can do the change. > > Niels > > On Sun, May 2, 2021 at 4:25 PM Nick Stolwijk <nick.stolw...@gmail.com> > wrote: > >> To update the BOM dependencies you can use the Maven versions plugin: >> >> mvn versions:use-latest-versions versions:update-properties >> -DgenerateBackupPoms=false >> >> Hth, >> >> Nick Stolwijk >> >> ~~~ Try to leave this world a little better than you found it and, when >> your turn comes to die, you can die happy in feeling that at any rate you >> have not wasted your time but have done your best ~~~ >> >> Lord Baden-Powell >> >> >> On Sun, May 2, 2021 at 3:12 PM Niels Basjes <ni...@basjes.nl> wrote: >> >> > Hi, >> > >> > Thanks for the suggestion. >> > Apparently the "standard" maven versions plugin does not do this >> correctly >> > yet. >> > >> > I was looking at this renovate tool yet what I found is that it seems to >> > only support creating pull/merge requests. >> > This is very nice but not what I want right now. >> > Is there a way to run it locally (without any github/gitlab/... system) >> and >> > generate a patch file or just a list of problematic versions? >> > >> > Niels Basjes >> > >> > >> > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <suzt...@google.com.invalid >> > >> > wrote: >> > >> > > Hi Niels, >> > > (Thank you for using the libraries-bom! I'm one of the maintainers of >> the >> > > BOM.) >> > > >> > > I don't know how to do it in Maven. However, I often see people using >> > > dependabot or >> > > renovatebot integrated with their repositories. >> > > An example pull request by renovatebot: >> > > https://github.com/googleapis/java-securitycenter/pull/472 >> > > >> > > Note that RenovateBot doesn't require GitHub.com repository: >> > > https://github.com/renovatebot/renovate#self-hosting >> > > >> > > >> > > >> > > >> > > On Thu, Apr 29, 2021 at 5:12 PM Delany <delany.middle...@gmail.com> >> > wrote: >> > > >> > > > Is it this >> > https://github.com/mojohaus/versions-maven-plugin/issues/395 >> > > > Regards, >> > > > Delany >> > > > >> > > > >> > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <ni...@basjes.nl> wrote: >> > > > >> > > > > Hi, >> > > > > >> > > > > I see quite a few situations where the dependencies for toolkit >> are >> > > > > provided in the form of a dependency you must "import" in >> > > > > the dependencyManagement section. >> > > > > They provide this to ensure you always have a working combination >> > for a >> > > > lot >> > > > > of closely related dependencies. >> > > > > >> > > > > To illustrate the problem I ran into I created this minimal >> pom.xml: >> > > > > >> > > > > <?xml version="1.0" encoding="UTF-8"?> >> > > > > <project xmlns="http://maven.apache.org/POM/4.0.0"; >> > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 >> > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd";> >> > > > > <modelVersion>4.0.0</modelVersion> >> > > > > >> > > > > <groupId>nl.basjes.example</groupId> >> > > > > <artifactId>dependency-version-test</artifactId> >> > > > > <version>0.1-SNAPSHOT</version> >> > > > > <packaging>jar</packaging> >> > > > > >> > > > > <dependencyManagement> >> > > > > <dependencies> >> > > > > <dependency> >> > > > > <!-- This is the way we get a consistent set of >> > > versions >> > > > of >> > > > > the Google tools --> >> > > > > <groupId>com.google.cloud</groupId> >> > > > > <artifactId>libraries-bom</artifactId> >> > > > > <version>19.0.0</version> >> > > > > <type>pom</type> >> > > > > <scope>import</scope> >> > > > > </dependency> >> > > > > </dependencies> >> > > > > </dependencyManagement> >> > > > > >> > > > > <dependencies> >> > > > > <dependency> >> > > > > <groupId>com.google.cloud</groupId> >> > > > > <artifactId>google-cloud-pubsub</artifactId> >> > > > > </dependency> >> > > > > </dependencies> >> > > > > </project> >> > > > > >> > > > > >> > > > > Now for this example the 19.0.0 is a valid version and absolutely >> not >> > > the >> > > > > latest version. >> > > > > What I'm looking for is a command that will give me the advice to >> > > update >> > > > > the 19.0.0 to whatever is currently the latest version. >> > > > > If I put this in an empty directory and try to get insight in >> what I >> > > need >> > > > > to upgrade I do this: >> > > > > >> > > > > mvn versions:display-dependency-updates >> > > > > >> > > > > >> > > > > The output I get from this is the full list of all underlying >> > > > dependencies >> > > > > for which an update is available; yet no mention of the >> libraries-bom >> > > > that >> > > > > is in need of an update. >> > > > > >> > > > > What I would like is a list of the things for which an update is >> > > > available; >> > > > > yet here I effectively want the opposite of what I get from this >> > > plugin: >> > > > I >> > > > > only want (should?) get the suggestion to update the libraries-bom >> > and >> > > > not >> > > > > the full list of the versions defined in there. >> > > > > >> > > > > Is there a way to achieve this? >> > > > > >> > > > > -- >> > > > > Best regards / Met vriendelijke groeten, >> > > > > >> > > > > Niels Basjes >> > > > > >> > > > >> > > >> > > >> > > -- >> > > Regards, >> > > Tomo >> > > >> > >> > >> > -- >> > Best regards / Met vriendelijke groeten, >> > >> > Niels Basjes >> > >> > > > -- > Best regards / Met vriendelijke groeten, > > Niels Basjes > -- Best regards / Met vriendelijke groeten, Niels Basjes
