Select Page

Keep your software stack up to date with the Apache Maven Versions Plugin

Keep your software stack up to date with the Apache Maven Versions Plugin

It is not unusual in a project to have a huge number of third party artifacts and Plug-in. Apache #Maven help you keep track of them, along with their transitive dependencies.

But how do you know when a new version of an artifact is available?  This is where the #Maven Versions plug-in come hand in.

The Versions Plug-in is used when you want to manage the versions of artifacts in a project’s POM.

By running

mvn versions:display-dependency-updates

in any Apache #Maven project or modules, you’ll get for example (we have a lot of 25 #Maven modules, here is only one presented as an example, the list being too long)

[INFO] -------------------------------------------------------------------------------------------------- 
[INFO] Building Unnamed - com.innoveo:skye-services-api:jar:2.2.0-M-06 
[INFO] -------------------------------------------------------------------------------------------------- 
[INFO] 
[INFO] The following dependencies in Dependency Management have newer versions: 
[INFO]   junit:junit ............................................. 4.4 -> 4.8.1 
[INFO]   log4j:log4j ......................................... 1.2.15 -> 1.2.16 
[INFO]   org.springframework:spring ...................... 2.5.6 -> 2.5.6.SEC02 
[INFO]   org.springframework:spring-test ............... 2.5.6 -> 3.0.4.RELEASE

Attention:

It is not always an easy task to update some core components or 3rd party libraries in a complex software, as it may introduce some regressions, incompatibilities..

At least thanks to this Versions plug in, you are aware that they may be something newer to try. What this plug in do not report is why you may want to update some artifacts libraries:

  • Do I have to use the latest version x.y.z because of  security issues?
  • Will i get more performances by updating to x.y.z?
  • New Version x.y.z resolve bug xxxx, will I have other annoying issues?

In all the above case, you are on your own, but this is not the scope of this plug in. You’ll have anyway to

  1. Carefully decide which library can be updated,
  2. Match it to your software roadmap,
  3. Have enough confidence in your test suite (unit test, BDD, integration tests) and testing team,
  4. Communicate with your customer (for security issues in 3rd party library)
  5. .. and the list goes on

The Versions Plug-in has a lot of interesting goals.

Some are also updating values across all pom.xml for you.

  • versions:update-parent updates the parent section of a project so that it references the newest available version. For example, if you use a corporate root POM, this goal can be helpful if you need to ensure you are using the latest version of the corporate root POM.
  • versions:update-properties updates properties defined in a project so that they correspond to the latest available version of specific dependencies. This can be useful if a suite of dependencies must all be locked to one version.
  • versions:update-child-modules updates the parent section of the child modules of a project so the version matches the version of the current project. For example, if you have an aggregator pom that is also the parent for the projects that it aggregates and the children and parent versions get out of sync, this mojo can help fix the versions of the child modules. (Note you may need to invoke Maven with the -N option in order to run this goal if your project is broken so badly that it cannot build because of the version mis-match).
  • versions:lock-snapshots searches the pom for all -SNAPSHOT versions and replaces them with the current timestamp version of that -SNAPSHOT, e.g. -20090327.172306-4
  • versions:unlock-snapshots searches the pom for all timestamp locked snapshot versions and replaces them with -SNAPSHOT.
  • versions:resolve-ranges finds dependencies using version ranges and resolves the range to the specific version being used.
  • versions:set can be used to set the project version from the command line.
  • versions:use-releases searches the pom for all -SNAPSHOT versions which have been released and replaces them with the corresponding release version.
  • versions:use-next-releases searches the pom for all non-SNAPSHOT versions which have been a newer release and replaces them with the next release version.
  • versions:use-latest-releases searches the pom for all non-SNAPSHOT versions which have been a newer release and replaces them with the latest release version.
  • versions:use-next-snapshots searches the pom for all non-SNAPSHOT versions which have been a newer -SNAPSHOT version and replaces them with the next -SNAPSHOT version.
  • versions:use-latest-snapshots searches the pom for all non-SNAPSHOT versions which have been a newer -SNAPSHOT version and replaces them with the latest -SNAPSHOT version.
  • versions:use-next-versions searches the pom for all versions which have been a newer version and replaces them with the next version.
  • versions:use-latest-versions searches the pom for all versions which have been a newer version and replaces them with the latest version.
  • versions:commit removes the pom.xml.versionsBackup files. Forms one half of the built-in “Poor Man’s SCM”.
  • versions:revert restores the pom.xml files from the pom.xml.versionsBackup files. Forms one half of the built-in “Poor Man’s SCM”.

The easiest way to live dangerously is to try to update all 3rd parties in one shot by issuing

mvn versions:use-latest-versions

but that’s another story 🙂

About The Author

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories