Encounter difficulties keeping your dependencies and plugins up-to-date into your Maven POM file? The Versions Maven Plugin is a Maven plugin which provides you the information of which libraries could be updated. In this post some of my experiences with the plugin.
Installation
- In the plugins section of your POM, add the following:
<properties> ... <maven.versions.plugin>2.4</maven.versions.plugin> ... </properties> ... <build> <pluginManagement> <plugins> ... <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>versions-maven-plugin</artifactId> <version>${maven.versions.plugin}</version> </plugin> ... </plugins> </pluginManagement> </build> - That is all there is to add the plugin. But we will notice that this is not sufficient in order to have the wanted behavior of the plugin.
versions:display-dependency-updates
- Run the target which gives us an overview of the dependencies which need to be updated:
mvn versions:display-dependency-updates
- First, a list is shown of the dependencies which are checked. Below a snippet from the console output:
[INFO] artifact com.fasterxml.jackson.core:jackson-databind: checking for updates from java.net [INFO] artifact com.fasterxml.jackson.core:jackson-core: checking for updates from java.net [INFO] artifact com.fasterxml.jackson.core:jackson-databind: checking for updates from central
- Secondly, a list is shown of the dependencies where updates are available for:
[INFO] The following dependencies in Dependency Management have newer versions: [INFO] com.fasterxml.jackson.core:jackson-core ............... 2.9.1 -> 2.9.2 [INFO] com.fasterxml.jackson.core:jackson-databind ........... 2.9.1 -> 2.9.2
- Taking a closer look to the complete output, we notice that also alpha, beta, release candidates, milestone releases are listed. This is generally not want we want. It is possible to exclude these releases from the suggested updates by means of a ruleset. An example of a ruleset which excludes the alpha, beta, release and milestone release is listed here:
<?xml version="1.0" encoding="UTF-8"?> <ruleset xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" comparisonMethod="maven" xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd"> <ignoreVersions> <!-- Ignore Alpha's, Beta's, release candidates and milestones --> <ignoreVersion type="regex">(?i).*Alpha(?:-?\d+)?</ignoreVersion> <ignoreVersion type="regex">(?i).*Beta(?:-?\d+)?</ignoreVersion> <ignoreVersion type="regex">(?i).*-B(?:-?\d+)?</ignoreVersion> <ignoreVersion type="regex">(?i).*RC(?:-?\d+)?</ignoreVersion> <ignoreVersion type="regex">(?i).*CR(?:-?\d+)?</ignoreVersion> <ignoreVersion type="regex">(?i).*M(?:-?\d+)?</ignoreVersion> </ignoreVersions> <rules> </rules> </ruleset> - Now add the ruleset to the configuration of the plugin where /config/maven-versions-plugin-rules.xml is the relative path in your workspace where the ruleset is located:
<plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>versions-maven-plugin</artifactId> <version>${maven.versions.plugin}</version> <configuration> <rulesUri>file:///${session.executionRootDirectory}/config/maven-versions-plugin-rules.xml</rulesUri> </configuration> </plugin> - When the target is run again, only official releases are listed to be updated.
- Looking a bit closer to the results I noticed that sometimes a version is suggested which is not the most recent version. E.g. com.thoughtworks.xstream:xstream suggests an update to 1.4.10-java7 although my current version is 1.4.10 which is the correct one. Take a look at the maven repository to check the correct version. It clearly says that 1.4.10 is the most recent version. The same problem exists with org.postgresql:postgresql, but then with the extension jre6 and jre7. Since my project is a Java 8 project, we can just exclude these versions in the ruleset. The following ignoreVersion was added:
<ignoreVersion type="regex">(?i).*(java[6,7]|jre[6,7])</ignoreVersion>
- Sometimes you don’t want to update to a new major version. In my project, I am using the Spring Framework. Since Spring 5 is just released, the plugin keeps suggesting to upgrade to Spring 5. But, for the time being, I don’t want to update to Spring 5 yet, but I do want to receive the updates for Spring 4. Add the following to the ruleset in the rules section in order to exclude Spring 5:
<rules> <rule groupId="org.springframework" artifactId="*" comparisonMethod="maven" > <ignoreVersions> <ignoreVersion type="regex">5.(?i).*</ignoreVersion> </ignoreVersions> </rule> </rules> - The website for the Versions Maven Plugin indicate that the functionality for rulesets will be deprecated in the next version. However, the issue which is referred to, tells us that it will not be removed.
versions:display-plugin-updates
- Run the target which gives us an overview of the plugins which need to be updated:
mvn versions:display-plugin-updates
- The output produces several warnings and errors:
[WARNING] Project does not define minimum Maven version, default is: 2.0 [INFO] Plugins require minimum Maven version of: 3.0 [INFO] Note: the super-pom from Maven 3.3.9 defines some of the plugin [INFO] versions and may be influencing the plugins required minimum Maven [INFO] version. [INFO] [ERROR] Project does not define required minimum version of Maven. [ERROR] Update the pom.xml to contain maven-enforcer-plugin to [ERROR] force the maven version which is needed to build this project. [ERROR] See https://maven.apache.org/enforcer/enforcer-rules/requireMavenVersion.html [ERROR] Using the minimum version of Maven: 3.0
- Let’s follow the suggestion to add the maven-enforcer-plugin
<properties> ... <maven.version>3.3.9</maven.version> <jdk.version>1.8</jdk.version> <maven.enforcer.plugin>1.4.1</maven.enforcer.plugin> ... </properties> ... <build> <pluginManagement> <plugins> ... <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> <version>${maven.enforcer.plugin}</version> <executions> <execution> <id>enforce-versions</id> <goals> <goal>enforce</goal> </goals> <configuration> <rules> <requireMavenVersion> <version>${maven.version}</version> </requireMavenVersion> <requireJavaVersion> <version>${jdk.version}</version> </requireJavaVersion> </rules> </configuration> </execution> </executions> </plugin> ... </plugins> </pluginManagement> </build> - Unfortunately, this fix does not work. It is a known issue and according to the comments in the issue, a fix is nearby 😉
versions:display-property-updates
- Run the target which gives us an overview of the plugins which need to be updated:
mvn versions:display-property-updates
- The console output gives an overview whether the properties refer to the newest version or whether updates are available for the properties.
This concludes this overview of some of the targets of the Versions Maven Plugin. It is certainly not a complete overview, but with the above targets and configuration, this plugin is indispensable in your Maven project.
mydeveloperplanet.com 
What is file:///${session.executionRootDirectory}/config/maven-versions-plugin-rules.xml ?
Can you include the entire pom?
Where is the documentation for using rulesets in the versions plugin? Thanks!
LikeLiked by 1 person
Thank you for you comment. This is one of my first posts, I did not include a link to a GitHub repository. I must write a new version of this blog.
However, ${session.executionRootDirectory} is the directory where the mvn command is executed from. When I read this, I think it should be better to replace this with ${project.baseDir} which points to the project directory. And from there on, a path pointing to the rules.xml.
The documentation for using rulesets can be found here: http://www.mojohaus.org/versions-maven-plugin/version-rules.html
Hope this helps!
LikeLike