You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Niels Basjes <Ni...@basjes.nl> on 2021/05/02 13:12:17 UTC
Re: Getting version upgrade advise to upgrade a BOM..
Hi,
Thanks for the suggestion.
Apparently the "standard" maven versions plugin does not do this correctly
yet.
I was looking at this renovate tool yet what I found is that it seems to
only support creating pull/merge requests.
This is very nice but not what I want right now.
Is there a way to run it locally (without any github/gitlab/... system) and
generate a patch file or just a list of problematic versions?
Niels Basjes
On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <su...@google.com.invalid>
wrote:
> Hi Niels,
> (Thank you for using the libraries-bom! I'm one of the maintainers of the
> BOM.)
>
> I don't know how to do it in Maven. However, I often see people using
> dependabot or
> renovatebot integrated with their repositories.
> An example pull request by renovatebot:
> https://github.com/googleapis/java-securitycenter/pull/472
>
> Note that RenovateBot doesn't require GitHub.com repository:
> https://github.com/renovatebot/renovate#self-hosting
>
>
>
>
> On Thu, Apr 29, 2021 at 5:12 PM Delany <de...@gmail.com> wrote:
>
> > Is it this https://github.com/mojohaus/versions-maven-plugin/issues/395
> > Regards,
> > Delany
> >
> >
> > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <Ni...@basjes.nl> wrote:
> >
> > > Hi,
> > >
> > > I see quite a few situations where the dependencies for toolkit are
> > > provided in the form of a dependency you must "import" in
> > > the dependencyManagement section.
> > > They provide this to ensure you always have a working combination for a
> > lot
> > > of closely related dependencies.
> > >
> > > To illustrate the problem I ran into I created this minimal pom.xml:
> > >
> > > <?xml version="1.0" encoding="UTF-8"?>
> > > <project xmlns="http://maven.apache.org/POM/4.0.0"
> > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> > > http://maven.apache.org/xsd/maven-4.0.0.xsd">
> > > <modelVersion>4.0.0</modelVersion>
> > >
> > > <groupId>nl.basjes.example</groupId>
> > > <artifactId>dependency-version-test</artifactId>
> > > <version>0.1-SNAPSHOT</version>
> > > <packaging>jar</packaging>
> > >
> > > <dependencyManagement>
> > > <dependencies>
> > > <dependency>
> > > <!-- This is the way we get a consistent set of
> versions
> > of
> > > the Google tools -->
> > > <groupId>com.google.cloud</groupId>
> > > <artifactId>libraries-bom</artifactId>
> > > <version>19.0.0</version>
> > > <type>pom</type>
> > > <scope>import</scope>
> > > </dependency>
> > > </dependencies>
> > > </dependencyManagement>
> > >
> > > <dependencies>
> > > <dependency>
> > > <groupId>com.google.cloud</groupId>
> > > <artifactId>google-cloud-pubsub</artifactId>
> > > </dependency>
> > > </dependencies>
> > > </project>
> > >
> > >
> > > Now for this example the 19.0.0 is a valid version and absolutely not
> the
> > > latest version.
> > > What I'm looking for is a command that will give me the advice to
> update
> > > the 19.0.0 to whatever is currently the latest version.
> > > If I put this in an empty directory and try to get insight in what I
> need
> > > to upgrade I do this:
> > >
> > > mvn versions:display-dependency-updates
> > >
> > >
> > > The output I get from this is the full list of all underlying
> > dependencies
> > > for which an update is available; yet no mention of the libraries-bom
> > that
> > > is in need of an update.
> > >
> > > What I would like is a list of the things for which an update is
> > available;
> > > yet here I effectively want the opposite of what I get from this
> plugin:
> > I
> > > only want (should?) get the suggestion to update the libraries-bom and
> > not
> > > the full list of the versions defined in there.
> > >
> > > Is there a way to achieve this?
> > >
> > > --
> > > Best regards / Met vriendelijke groeten,
> > >
> > > Niels Basjes
> > >
> >
>
>
> --
> Regards,
> Tomo
>
--
Best regards / Met vriendelijke groeten,
Niels Basjes
Re: Getting version upgrade advise to upgrade a BOM..
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
If your bom version is in a property you must run display-properties-update instead https://www.mojohaus.org/versions-maven-plugin/display-property-updates-mojo.html
--
http://bernd.eckenfels.net
________________________________
Von: Niels Basjes <Ni...@basjes.nl>
Gesendet: Monday, May 3, 2021 1:26:58 PM
An: Maven Users List <us...@maven.apache.org>
Betreff: Re: Getting version upgrade advise to upgrade a BOM..
Hi,
Update: I did some experiments to see how all of this works right now.
If I do this in my test project (with a few extra deliberately placed 'old'
dependencies)
* mvn versions:display-dependency-updates
versions:display-plugin-updates*
I get
- All the dependencies inside the google libraries-bom that need to be
updated (like grpc).
- I do *not* get a hint to update the libraries-bom itself.
- The hint to update this dependency : org.slf4j:slf4j-api
................................. 1.7.25 -> 1.7.30
- The hint to update this test dependency: junit:junit
........................................... 4.13 -> 4.13.2
- The hint to update this plugin:
org.sonarsource.scanner.maven:sonar-maven-plugin 3.8.0.2131 -> 3.9.0.2155
If I run the mentioned
* mvn versions:use-latest-versions versions:update-properties
-DgenerateBackupPoms=false*
The ONLY thing that has been updated is the libraries-bom version (in a
property)
None of the things mentioned in the previous command have been changed or
mentioned.
I had a quick look at the manual of this version plugin and even tried this
(with no changes)
*mvn versions:use-latest-releases versions:use-releases
versions:use-latest-versions versions:update-properties
-DgenerateBackupPoms=false*
What am I doing wrong here?
Niels Basjes
On Sun, May 2, 2021 at 4:38 PM Niels Basjes <Ni...@basjes.nl> wrote:
> Thanks,
>
> This actually works.
> I find this surprising because apparently this plugin cannot indicate what
> needs to be changed, but it can do the change.
>
> Niels
>
> On Sun, May 2, 2021 at 4:25 PM Nick Stolwijk <ni...@gmail.com>
> wrote:
>
>> To update the BOM dependencies you can use the Maven versions plugin:
>>
>> mvn versions:use-latest-versions versions:update-properties
>> -DgenerateBackupPoms=false
>>
>> Hth,
>>
>> Nick Stolwijk
>>
>> ~~~ Try to leave this world a little better than you found it and, when
>> your turn comes to die, you can die happy in feeling that at any rate you
>> have not wasted your time but have done your best ~~~
>>
>> Lord Baden-Powell
>>
>>
>> On Sun, May 2, 2021 at 3:12 PM Niels Basjes <Ni...@basjes.nl> wrote:
>>
>> > Hi,
>> >
>> > Thanks for the suggestion.
>> > Apparently the "standard" maven versions plugin does not do this
>> correctly
>> > yet.
>> >
>> > I was looking at this renovate tool yet what I found is that it seems to
>> > only support creating pull/merge requests.
>> > This is very nice but not what I want right now.
>> > Is there a way to run it locally (without any github/gitlab/... system)
>> and
>> > generate a patch file or just a list of problematic versions?
>> >
>> > Niels Basjes
>> >
>> >
>> > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <suztomo@google.com.invalid
>> >
>> > wrote:
>> >
>> > > Hi Niels,
>> > > (Thank you for using the libraries-bom! I'm one of the maintainers of
>> the
>> > > BOM.)
>> > >
>> > > I don't know how to do it in Maven. However, I often see people using
>> > > dependabot or
>> > > renovatebot integrated with their repositories.
>> > > An example pull request by renovatebot:
>> > > https://github.com/googleapis/java-securitycenter/pull/472
>> > >
>> > > Note that RenovateBot doesn't require GitHub.com repository:
>> > > https://github.com/renovatebot/renovate#self-hosting
>> > >
>> > >
>> > >
>> > >
>> > > On Thu, Apr 29, 2021 at 5:12 PM Delany <de...@gmail.com>
>> > wrote:
>> > >
>> > > > Is it this
>> > https://github.com/mojohaus/versions-maven-plugin/issues/395
>> > > > Regards,
>> > > > Delany
>> > > >
>> > > >
>> > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <Ni...@basjes.nl> wrote:
>> > > >
>> > > > > Hi,
>> > > > >
>> > > > > I see quite a few situations where the dependencies for toolkit
>> are
>> > > > > provided in the form of a dependency you must "import" in
>> > > > > the dependencyManagement section.
>> > > > > They provide this to ensure you always have a working combination
>> > for a
>> > > > lot
>> > > > > of closely related dependencies.
>> > > > >
>> > > > > To illustrate the problem I ran into I created this minimal
>> pom.xml:
>> > > > >
>> > > > > <?xml version="1.0" encoding="UTF-8"?>
>> > > > > <project xmlns="http://maven.apache.org/POM/4.0.0"
>> > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
>> > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd">
>> > > > > <modelVersion>4.0.0</modelVersion>
>> > > > >
>> > > > > <groupId>nl.basjes.example</groupId>
>> > > > > <artifactId>dependency-version-test</artifactId>
>> > > > > <version>0.1-SNAPSHOT</version>
>> > > > > <packaging>jar</packaging>
>> > > > >
>> > > > > <dependencyManagement>
>> > > > > <dependencies>
>> > > > > <dependency>
>> > > > > <!-- This is the way we get a consistent set of
>> > > versions
>> > > > of
>> > > > > the Google tools -->
>> > > > > <groupId>com.google.cloud</groupId>
>> > > > > <artifactId>libraries-bom</artifactId>
>> > > > > <version>19.0.0</version>
>> > > > > <type>pom</type>
>> > > > > <scope>import</scope>
>> > > > > </dependency>
>> > > > > </dependencies>
>> > > > > </dependencyManagement>
>> > > > >
>> > > > > <dependencies>
>> > > > > <dependency>
>> > > > > <groupId>com.google.cloud</groupId>
>> > > > > <artifactId>google-cloud-pubsub</artifactId>
>> > > > > </dependency>
>> > > > > </dependencies>
>> > > > > </project>
>> > > > >
>> > > > >
>> > > > > Now for this example the 19.0.0 is a valid version and absolutely
>> not
>> > > the
>> > > > > latest version.
>> > > > > What I'm looking for is a command that will give me the advice to
>> > > update
>> > > > > the 19.0.0 to whatever is currently the latest version.
>> > > > > If I put this in an empty directory and try to get insight in
>> what I
>> > > need
>> > > > > to upgrade I do this:
>> > > > >
>> > > > > mvn versions:display-dependency-updates
>> > > > >
>> > > > >
>> > > > > The output I get from this is the full list of all underlying
>> > > > dependencies
>> > > > > for which an update is available; yet no mention of the
>> libraries-bom
>> > > > that
>> > > > > is in need of an update.
>> > > > >
>> > > > > What I would like is a list of the things for which an update is
>> > > > available;
>> > > > > yet here I effectively want the opposite of what I get from this
>> > > plugin:
>> > > > I
>> > > > > only want (should?) get the suggestion to update the libraries-bom
>> > and
>> > > > not
>> > > > > the full list of the versions defined in there.
>> > > > >
>> > > > > Is there a way to achieve this?
>> > > > >
>> > > > > --
>> > > > > Best regards / Met vriendelijke groeten,
>> > > > >
>> > > > > Niels Basjes
>> > > > >
>> > > >
>> > >
>> > >
>> > > --
>> > > Regards,
>> > > Tomo
>> > >
>> >
>> >
>> > --
>> > Best regards / Met vriendelijke groeten,
>> >
>> > Niels Basjes
>> >
>>
>
>
> --
> Best regards / Met vriendelijke groeten,
>
> Niels Basjes
>
--
Best regards / Met vriendelijke groeten,
Niels Basjes
Re: Getting version upgrade advise to upgrade a BOM..
Posted by Niels Basjes <Ni...@basjes.nl>.
Hi,
Update: I did some experiments to see how all of this works right now.
If I do this in my test project (with a few extra deliberately placed 'old'
dependencies)
* mvn versions:display-dependency-updates
versions:display-plugin-updates*
I get
- All the dependencies inside the google libraries-bom that need to be
updated (like grpc).
- I do *not* get a hint to update the libraries-bom itself.
- The hint to update this dependency : org.slf4j:slf4j-api
................................. 1.7.25 -> 1.7.30
- The hint to update this test dependency: junit:junit
........................................... 4.13 -> 4.13.2
- The hint to update this plugin:
org.sonarsource.scanner.maven:sonar-maven-plugin 3.8.0.2131 -> 3.9.0.2155
If I run the mentioned
* mvn versions:use-latest-versions versions:update-properties
-DgenerateBackupPoms=false*
The ONLY thing that has been updated is the libraries-bom version (in a
property)
None of the things mentioned in the previous command have been changed or
mentioned.
I had a quick look at the manual of this version plugin and even tried this
(with no changes)
*mvn versions:use-latest-releases versions:use-releases
versions:use-latest-versions versions:update-properties
-DgenerateBackupPoms=false*
What am I doing wrong here?
Niels Basjes
On Sun, May 2, 2021 at 4:38 PM Niels Basjes <Ni...@basjes.nl> wrote:
> Thanks,
>
> This actually works.
> I find this surprising because apparently this plugin cannot indicate what
> needs to be changed, but it can do the change.
>
> Niels
>
> On Sun, May 2, 2021 at 4:25 PM Nick Stolwijk <ni...@gmail.com>
> wrote:
>
>> To update the BOM dependencies you can use the Maven versions plugin:
>>
>> mvn versions:use-latest-versions versions:update-properties
>> -DgenerateBackupPoms=false
>>
>> Hth,
>>
>> Nick Stolwijk
>>
>> ~~~ Try to leave this world a little better than you found it and, when
>> your turn comes to die, you can die happy in feeling that at any rate you
>> have not wasted your time but have done your best ~~~
>>
>> Lord Baden-Powell
>>
>>
>> On Sun, May 2, 2021 at 3:12 PM Niels Basjes <Ni...@basjes.nl> wrote:
>>
>> > Hi,
>> >
>> > Thanks for the suggestion.
>> > Apparently the "standard" maven versions plugin does not do this
>> correctly
>> > yet.
>> >
>> > I was looking at this renovate tool yet what I found is that it seems to
>> > only support creating pull/merge requests.
>> > This is very nice but not what I want right now.
>> > Is there a way to run it locally (without any github/gitlab/... system)
>> and
>> > generate a patch file or just a list of problematic versions?
>> >
>> > Niels Basjes
>> >
>> >
>> > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <suztomo@google.com.invalid
>> >
>> > wrote:
>> >
>> > > Hi Niels,
>> > > (Thank you for using the libraries-bom! I'm one of the maintainers of
>> the
>> > > BOM.)
>> > >
>> > > I don't know how to do it in Maven. However, I often see people using
>> > > dependabot or
>> > > renovatebot integrated with their repositories.
>> > > An example pull request by renovatebot:
>> > > https://github.com/googleapis/java-securitycenter/pull/472
>> > >
>> > > Note that RenovateBot doesn't require GitHub.com repository:
>> > > https://github.com/renovatebot/renovate#self-hosting
>> > >
>> > >
>> > >
>> > >
>> > > On Thu, Apr 29, 2021 at 5:12 PM Delany <de...@gmail.com>
>> > wrote:
>> > >
>> > > > Is it this
>> > https://github.com/mojohaus/versions-maven-plugin/issues/395
>> > > > Regards,
>> > > > Delany
>> > > >
>> > > >
>> > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <Ni...@basjes.nl> wrote:
>> > > >
>> > > > > Hi,
>> > > > >
>> > > > > I see quite a few situations where the dependencies for toolkit
>> are
>> > > > > provided in the form of a dependency you must "import" in
>> > > > > the dependencyManagement section.
>> > > > > They provide this to ensure you always have a working combination
>> > for a
>> > > > lot
>> > > > > of closely related dependencies.
>> > > > >
>> > > > > To illustrate the problem I ran into I created this minimal
>> pom.xml:
>> > > > >
>> > > > > <?xml version="1.0" encoding="UTF-8"?>
>> > > > > <project xmlns="http://maven.apache.org/POM/4.0.0"
>> > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
>> > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd">
>> > > > > <modelVersion>4.0.0</modelVersion>
>> > > > >
>> > > > > <groupId>nl.basjes.example</groupId>
>> > > > > <artifactId>dependency-version-test</artifactId>
>> > > > > <version>0.1-SNAPSHOT</version>
>> > > > > <packaging>jar</packaging>
>> > > > >
>> > > > > <dependencyManagement>
>> > > > > <dependencies>
>> > > > > <dependency>
>> > > > > <!-- This is the way we get a consistent set of
>> > > versions
>> > > > of
>> > > > > the Google tools -->
>> > > > > <groupId>com.google.cloud</groupId>
>> > > > > <artifactId>libraries-bom</artifactId>
>> > > > > <version>19.0.0</version>
>> > > > > <type>pom</type>
>> > > > > <scope>import</scope>
>> > > > > </dependency>
>> > > > > </dependencies>
>> > > > > </dependencyManagement>
>> > > > >
>> > > > > <dependencies>
>> > > > > <dependency>
>> > > > > <groupId>com.google.cloud</groupId>
>> > > > > <artifactId>google-cloud-pubsub</artifactId>
>> > > > > </dependency>
>> > > > > </dependencies>
>> > > > > </project>
>> > > > >
>> > > > >
>> > > > > Now for this example the 19.0.0 is a valid version and absolutely
>> not
>> > > the
>> > > > > latest version.
>> > > > > What I'm looking for is a command that will give me the advice to
>> > > update
>> > > > > the 19.0.0 to whatever is currently the latest version.
>> > > > > If I put this in an empty directory and try to get insight in
>> what I
>> > > need
>> > > > > to upgrade I do this:
>> > > > >
>> > > > > mvn versions:display-dependency-updates
>> > > > >
>> > > > >
>> > > > > The output I get from this is the full list of all underlying
>> > > > dependencies
>> > > > > for which an update is available; yet no mention of the
>> libraries-bom
>> > > > that
>> > > > > is in need of an update.
>> > > > >
>> > > > > What I would like is a list of the things for which an update is
>> > > > available;
>> > > > > yet here I effectively want the opposite of what I get from this
>> > > plugin:
>> > > > I
>> > > > > only want (should?) get the suggestion to update the libraries-bom
>> > and
>> > > > not
>> > > > > the full list of the versions defined in there.
>> > > > >
>> > > > > Is there a way to achieve this?
>> > > > >
>> > > > > --
>> > > > > Best regards / Met vriendelijke groeten,
>> > > > >
>> > > > > Niels Basjes
>> > > > >
>> > > >
>> > >
>> > >
>> > > --
>> > > Regards,
>> > > Tomo
>> > >
>> >
>> >
>> > --
>> > Best regards / Met vriendelijke groeten,
>> >
>> > Niels Basjes
>> >
>>
>
>
> --
> Best regards / Met vriendelijke groeten,
>
> Niels Basjes
>
--
Best regards / Met vriendelijke groeten,
Niels Basjes
Re: Getting version upgrade advise to upgrade a BOM..
Posted by Niels Basjes <Ni...@basjes.nl>.
Thanks,
This actually works.
I find this surprising because apparently this plugin cannot indicate what
needs to be changed, but it can do the change.
Niels
On Sun, May 2, 2021 at 4:25 PM Nick Stolwijk <ni...@gmail.com>
wrote:
> To update the BOM dependencies you can use the Maven versions plugin:
>
> mvn versions:use-latest-versions versions:update-properties
> -DgenerateBackupPoms=false
>
> Hth,
>
> Nick Stolwijk
>
> ~~~ Try to leave this world a little better than you found it and, when
> your turn comes to die, you can die happy in feeling that at any rate you
> have not wasted your time but have done your best ~~~
>
> Lord Baden-Powell
>
>
> On Sun, May 2, 2021 at 3:12 PM Niels Basjes <Ni...@basjes.nl> wrote:
>
> > Hi,
> >
> > Thanks for the suggestion.
> > Apparently the "standard" maven versions plugin does not do this
> correctly
> > yet.
> >
> > I was looking at this renovate tool yet what I found is that it seems to
> > only support creating pull/merge requests.
> > This is very nice but not what I want right now.
> > Is there a way to run it locally (without any github/gitlab/... system)
> and
> > generate a patch file or just a list of problematic versions?
> >
> > Niels Basjes
> >
> >
> > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <su...@google.com.invalid>
> > wrote:
> >
> > > Hi Niels,
> > > (Thank you for using the libraries-bom! I'm one of the maintainers of
> the
> > > BOM.)
> > >
> > > I don't know how to do it in Maven. However, I often see people using
> > > dependabot or
> > > renovatebot integrated with their repositories.
> > > An example pull request by renovatebot:
> > > https://github.com/googleapis/java-securitycenter/pull/472
> > >
> > > Note that RenovateBot doesn't require GitHub.com repository:
> > > https://github.com/renovatebot/renovate#self-hosting
> > >
> > >
> > >
> > >
> > > On Thu, Apr 29, 2021 at 5:12 PM Delany <de...@gmail.com>
> > wrote:
> > >
> > > > Is it this
> > https://github.com/mojohaus/versions-maven-plugin/issues/395
> > > > Regards,
> > > > Delany
> > > >
> > > >
> > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <Ni...@basjes.nl> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > I see quite a few situations where the dependencies for toolkit are
> > > > > provided in the form of a dependency you must "import" in
> > > > > the dependencyManagement section.
> > > > > They provide this to ensure you always have a working combination
> > for a
> > > > lot
> > > > > of closely related dependencies.
> > > > >
> > > > > To illustrate the problem I ran into I created this minimal
> pom.xml:
> > > > >
> > > > > <?xml version="1.0" encoding="UTF-8"?>
> > > > > <project xmlns="http://maven.apache.org/POM/4.0.0"
> > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd">
> > > > > <modelVersion>4.0.0</modelVersion>
> > > > >
> > > > > <groupId>nl.basjes.example</groupId>
> > > > > <artifactId>dependency-version-test</artifactId>
> > > > > <version>0.1-SNAPSHOT</version>
> > > > > <packaging>jar</packaging>
> > > > >
> > > > > <dependencyManagement>
> > > > > <dependencies>
> > > > > <dependency>
> > > > > <!-- This is the way we get a consistent set of
> > > versions
> > > > of
> > > > > the Google tools -->
> > > > > <groupId>com.google.cloud</groupId>
> > > > > <artifactId>libraries-bom</artifactId>
> > > > > <version>19.0.0</version>
> > > > > <type>pom</type>
> > > > > <scope>import</scope>
> > > > > </dependency>
> > > > > </dependencies>
> > > > > </dependencyManagement>
> > > > >
> > > > > <dependencies>
> > > > > <dependency>
> > > > > <groupId>com.google.cloud</groupId>
> > > > > <artifactId>google-cloud-pubsub</artifactId>
> > > > > </dependency>
> > > > > </dependencies>
> > > > > </project>
> > > > >
> > > > >
> > > > > Now for this example the 19.0.0 is a valid version and absolutely
> not
> > > the
> > > > > latest version.
> > > > > What I'm looking for is a command that will give me the advice to
> > > update
> > > > > the 19.0.0 to whatever is currently the latest version.
> > > > > If I put this in an empty directory and try to get insight in what
> I
> > > need
> > > > > to upgrade I do this:
> > > > >
> > > > > mvn versions:display-dependency-updates
> > > > >
> > > > >
> > > > > The output I get from this is the full list of all underlying
> > > > dependencies
> > > > > for which an update is available; yet no mention of the
> libraries-bom
> > > > that
> > > > > is in need of an update.
> > > > >
> > > > > What I would like is a list of the things for which an update is
> > > > available;
> > > > > yet here I effectively want the opposite of what I get from this
> > > plugin:
> > > > I
> > > > > only want (should?) get the suggestion to update the libraries-bom
> > and
> > > > not
> > > > > the full list of the versions defined in there.
> > > > >
> > > > > Is there a way to achieve this?
> > > > >
> > > > > --
> > > > > Best regards / Met vriendelijke groeten,
> > > > >
> > > > > Niels Basjes
> > > > >
> > > >
> > >
> > >
> > > --
> > > Regards,
> > > Tomo
> > >
> >
> >
> > --
> > Best regards / Met vriendelijke groeten,
> >
> > Niels Basjes
> >
>
--
Best regards / Met vriendelijke groeten,
Niels Basjes
Re: Getting version upgrade advise to upgrade a BOM..
Posted by Nick Stolwijk <ni...@gmail.com>.
To update the BOM dependencies you can use the Maven versions plugin:
mvn versions:use-latest-versions versions:update-properties
-DgenerateBackupPoms=false
Hth,
Nick Stolwijk
~~~ Try to leave this world a little better than you found it and, when
your turn comes to die, you can die happy in feeling that at any rate you
have not wasted your time but have done your best ~~~
Lord Baden-Powell
On Sun, May 2, 2021 at 3:12 PM Niels Basjes <Ni...@basjes.nl> wrote:
> Hi,
>
> Thanks for the suggestion.
> Apparently the "standard" maven versions plugin does not do this correctly
> yet.
>
> I was looking at this renovate tool yet what I found is that it seems to
> only support creating pull/merge requests.
> This is very nice but not what I want right now.
> Is there a way to run it locally (without any github/gitlab/... system) and
> generate a patch file or just a list of problematic versions?
>
> Niels Basjes
>
>
> On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <su...@google.com.invalid>
> wrote:
>
> > Hi Niels,
> > (Thank you for using the libraries-bom! I'm one of the maintainers of the
> > BOM.)
> >
> > I don't know how to do it in Maven. However, I often see people using
> > dependabot or
> > renovatebot integrated with their repositories.
> > An example pull request by renovatebot:
> > https://github.com/googleapis/java-securitycenter/pull/472
> >
> > Note that RenovateBot doesn't require GitHub.com repository:
> > https://github.com/renovatebot/renovate#self-hosting
> >
> >
> >
> >
> > On Thu, Apr 29, 2021 at 5:12 PM Delany <de...@gmail.com>
> wrote:
> >
> > > Is it this
> https://github.com/mojohaus/versions-maven-plugin/issues/395
> > > Regards,
> > > Delany
> > >
> > >
> > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <Ni...@basjes.nl> wrote:
> > >
> > > > Hi,
> > > >
> > > > I see quite a few situations where the dependencies for toolkit are
> > > > provided in the form of a dependency you must "import" in
> > > > the dependencyManagement section.
> > > > They provide this to ensure you always have a working combination
> for a
> > > lot
> > > > of closely related dependencies.
> > > >
> > > > To illustrate the problem I ran into I created this minimal pom.xml:
> > > >
> > > > <?xml version="1.0" encoding="UTF-8"?>
> > > > <project xmlns="http://maven.apache.org/POM/4.0.0"
> > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> > > > http://maven.apache.org/xsd/maven-4.0.0.xsd">
> > > > <modelVersion>4.0.0</modelVersion>
> > > >
> > > > <groupId>nl.basjes.example</groupId>
> > > > <artifactId>dependency-version-test</artifactId>
> > > > <version>0.1-SNAPSHOT</version>
> > > > <packaging>jar</packaging>
> > > >
> > > > <dependencyManagement>
> > > > <dependencies>
> > > > <dependency>
> > > > <!-- This is the way we get a consistent set of
> > versions
> > > of
> > > > the Google tools -->
> > > > <groupId>com.google.cloud</groupId>
> > > > <artifactId>libraries-bom</artifactId>
> > > > <version>19.0.0</version>
> > > > <type>pom</type>
> > > > <scope>import</scope>
> > > > </dependency>
> > > > </dependencies>
> > > > </dependencyManagement>
> > > >
> > > > <dependencies>
> > > > <dependency>
> > > > <groupId>com.google.cloud</groupId>
> > > > <artifactId>google-cloud-pubsub</artifactId>
> > > > </dependency>
> > > > </dependencies>
> > > > </project>
> > > >
> > > >
> > > > Now for this example the 19.0.0 is a valid version and absolutely not
> > the
> > > > latest version.
> > > > What I'm looking for is a command that will give me the advice to
> > update
> > > > the 19.0.0 to whatever is currently the latest version.
> > > > If I put this in an empty directory and try to get insight in what I
> > need
> > > > to upgrade I do this:
> > > >
> > > > mvn versions:display-dependency-updates
> > > >
> > > >
> > > > The output I get from this is the full list of all underlying
> > > dependencies
> > > > for which an update is available; yet no mention of the libraries-bom
> > > that
> > > > is in need of an update.
> > > >
> > > > What I would like is a list of the things for which an update is
> > > available;
> > > > yet here I effectively want the opposite of what I get from this
> > plugin:
> > > I
> > > > only want (should?) get the suggestion to update the libraries-bom
> and
> > > not
> > > > the full list of the versions defined in there.
> > > >
> > > > Is there a way to achieve this?
> > > >
> > > > --
> > > > Best regards / Met vriendelijke groeten,
> > > >
> > > > Niels Basjes
> > > >
> > >
> >
> >
> > --
> > Regards,
> > Tomo
> >
>
>
> --
> Best regards / Met vriendelijke groeten,
>
> Niels Basjes
>