Looking for an effortless way to update Maven dependencies? Updating dependencies manually can be tedious and prone to errors. With the Maven Versions plugin, you can efficiently update Maven dependencies and plugins automatically. This blog post covers everything you need to know about updating dependencies using the Maven Versions plugin for dependency and plugin updates, best practices, and more.
Introduction
Maven is a popular build automation tool used in Java projects that manages dependencies and builds Java projects automatically. Keeping the dependencies and plugins up to date is essential to ensure that the project is secure and runs smoothly. We will explore how to seamlessly update all the dependencies and plugins to the latest versions with just a few commands.
Versions Maven Plugin
Maven provides a plugin called the “versions” plugin, which can be used to update dependencies and plugins in your project. This plugin provides several goals to help you manage your dependencies and plugins efficiently.
Advantages of Updating Dependencies and Plugins
Updating your project’s dependencies and plugins is important for several reasons. It ensures that your project uses the latest version of the dependency or plugin, which may contain bug fixes, security updates, and new features. It also helps to maintain compatibility with other dependencies and plugins that are being used in your project. In addition, updating dependencies and plugins can improve the performance of your project, as newer versions may be optimized for speed and memory usage.
Disadvantages of Updating Dependencies and Plugins Manually
Updating dependencies and plugins manually can be a time-consuming and error-prone process. It’s easy to miss updates or introduce conflicts between dependencies and plugins. It’s also difficult to keep track of which versions of each dependency and plugin are being used in your project. Using the Maven “versions” plugin automates the process of updating dependencies and plugins, reducing the risk of errors and making it easier to manage updates.
Update Maven Dependencies Using Maven Versions Plugin
The Maven “versions” plugin provides several goals to help you manage dependencies and plugins in your project. Here are some scenarios and the commands to use in each case:
1. Displaying Available Updates
You can use the Versions plugin to display available updates for dependencies/plugins in your project.
To display available updates for dependencies, use the following command:
mvn versions:display-dependency-updates
Display Dependencies UpdatesThis goal shows the latest version available for each dependency used in the project.
To display available updates for plugins, use the following command:
mvn versions:display-plugin-updates
Display Plugins UpdatesThis goal shows the latest versions available for each plugin used in the project.
To display available updates for properties, use the following command:
For a few dependencies, we specify the version inside the properties section of pom.xml. For such use cases, the display-properties-updates goal of the Versions plugin can be useful.
mvn versions:display-property-updates
Display Properties UpdatesThis goal shows the latest versions available for each property used in the project.
To display available updates for parent POM, use the following command:
mvn versions:display-parent-updates
Display Parent POM UpdatesThis goal displays the latest versions available for the parent POM of your project.
2. Generating Reports
You can use the Versions plugin to generate reports of available updates for dependencies/plugins in your project. The generated report is in HTML format which can be viewed in a browser.
To generate a report of available updates for dependencies, use the following command:
mvn versions:dependency-updates-report
Dependencies Updates ReportThis goal generates a report of the available updates for all the dependencies in your project.
To generate a report of available updates for plugins, use the following command:
mvn versions:plugin-updates-report
Plugins Updates ReportThis goal generates a report of the available updates for all the plugins in your project.
To generate a report of available updates for properties, use the following command:
mvn versions:property-updates-report
Properties Updates ReportThis goal generates a report of the available updates for all the properties in your project.
3. Performing Updates
Based on your requirement, you can use the Versions plugin to update dependencies/plugins in your project.
Updating to the Next Release of the Dependencies
When a new Release version of a dependency is available, you may want to update to the next Release version. You can use the Versions plugin to update to the next Release version. To do this, use the following command:
mvn versions:use-next-releases
Update to Next ReleaseThis command updates all the dependencies to the next RELEASE version.
Updating to the Latest Release of the Dependencies
When you run the “use-latest-releases” goal, it scans all the dependencies in your project and checks their latest available releases. If there are any updates available, it updates the version numbers in your pom.xml file.
mvn versions:use-latest-releases
Update to Latest ReleaseThis command will update all the dependencies in your project to their latest release versions.
Updating to the Latest Snapshot of the Dependencies
When you run the “use-latest-snapshots” goal, it scans all the dependencies in your project and checks their latest available snapshot versions. If there are any updates available, it updates the version numbers in your pom.xml file.
It is important to note that updating to the latest snapshot versions of dependencies can sometimes lead to compatibility issues with your project. Snapshots are not guaranteed to be stable and may contain experimental or unfinished features. It is recommended to thoroughly test your project after updating to ensure that everything works as expected.
mvn versions:use-latest-snapshots
Update to Latest SnapshotThis command searches the pom for all non-SNAPSHOT versions which have a newer -SNAPSHOT version and replaces them with the latest -SNAPSHOT version.
Updating to the Latest Version of the Dependencies
When you run the “use-latest-versions” goal, it scans all the dependencies in your project and checks their latest available versions. If there are any updates available, it updates the version numbers in your pom.xml file.
mvn versions:use-latest-versions
Update to Latest VersionThis command will update all the dependencies in your project to their latest available versions
Note: By default, dependencies will be updated to the latest stable release. Dependencies will not be upgraded to snapshot versions even if their latest snapshot version is available.
Updating Parent Pom to the Latest Version
When you run the “update-parent” goal, it scans the parent POM of your Maven project and checks if there is a newer version available. If there is a newer version available, it updates the version number in your project’s POM file.
This is a useful feature because it ensures that your project is using the latest version of the parent POM, which may contain important updates or bug fixes.
mvn versions:update-parent
Update ParentThis command will update the parent POM version of your project to the latest available release version.
It is important to note that updating the parent POM version can sometimes lead to compatibility issues with your project, especially if there have been major changes in the newer version of the parent POM. Therefore, it is recommended to thoroughly test your project after updating it to ensure that everything works as expected.
Updating Properties to the Latest Version
When you run the “update-properties” goal, it scans your POM file and checks if there are any properties defined in it. If it finds any properties that have a newer version available, it updates the property value in your POM file.
mvn versions:update-properties
Update PropertiesThis command will update any properties in your project’s POM file to the latest available version.
Updating to the Next Snapshot of the Dependencies
When you run the “use-next-snapshots” goal, the Maven Versions plugin will update the version of any SNAPSHOT dependencies in your project to the next available SNAPSHOT version. This can be useful when you want to stay up to date with the latest changes in the development version of a library or framework.
mvn versions:use-next-snapshots
Update to Next SnapshotThis command will update the version of any SNAPSHOT dependencies in your project to the next available SNAPSHOT version.
Updating to the Next Version of the Dependencies
When you run the “use-next-versions” goal, the Maven Versions plugin will update the version of any dependencies in your project to the next available version. This can be useful when you want to stay up to date with the latest stable release of a library or framework.
mvn versions:use-next-versions
Update to Next VersionThis command will update the version of any dependencies in your project to the next available version.
Migrating Snapshots to Release Version
When you run the “use-releases” goal, the Maven Versions plugin will update the version of any SNAPSHOT dependencies to the latest stable release version.
mvn versions:use-releases
Use ReleaseThis command will update the version of any SNAPSHOT dependencies in your project to the latest stable release version.
4. Final Actions
When you update the dependencies to the required versions using the Versions plugin, it creates the pom.xml.versionsBackup file. It basically creates a backup file with the original POM file and adds the .versionsBackup
extension to the file name.
Committing the Changes
Once the changes are validated post the dependencies update, you can remove the backup file with the commit command.
mvn versions:commit
Accept ChangesThis command removes the pom.xml.versionsBackup
file that was created by the plugin during the previous version update.
Reverting the Changes
When the changes made to the POM file cause issues and need to be undone it can be undone using the revert command. By running this command, the original POM file will be restored from the backup files created by the plugin.
mvn versions:revert
Rollback ChangesThis command restores the content of pom.xml.versionsBackup
file that was created by the plugin during the previous version update.
Example
Here we have considered one pom.xml of Spring Boot 2.x application in which we have added couple of dependencies and plugins. We will see the output of different goals when we run on this pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.9</version>
</parent>
<groupId>com.example</groupId>
<artifactId>spring-boot-2-hello-world</artifactId>
<version>1.0.2-SNAPSHOT</version>
<name>spring-boot-2-hello-world</name>
<description>A simple Spring Boot 2.x app to send hello world message to a user</description>
<properties>
<java.version>1.8</java.version>
<lombok.version>1.18.22</lombok.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.11</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.19.0</version>
</dependency>
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<version>8.0.31</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.12.3</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<inherited>true</inherited>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.3.0</version>
<executions>
<execution>
<id>enforce-maven-3</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireMavenVersion>
<version>3.2.5</version>
</requireMavenVersion>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.0.0</version>
</plugin>
</plugins>
</build>
</project>
pom.xmlDisplaying Available Updates
In the below screenshots, you will see when we run the “display-dependency-updates” and “display-plugin-updates” goal, the Versions plugin displays the latest version available for dependencies and plugins that are defined in pom.xml
Note:
For display-plugin-updates goal to work properly, you need to add maven-enforcer plugin in your pom.xml or else you will see build failures during the goal execution.
Generating reports
In the below screenshots, you will see when we run the “dependency-updates-report” goal, the Versions plugin generates the report for dependencies that are defined in pom.xml. This report is in HTML format that can be viewed in a browser.
Performing Updates
In the below screenshots, you will see when we run the use-latest-releases goal, the Versions plugin will update the dependencies to their latest release version.
FAQs
Why is it important to update dependencies and plugins?
Updating dependencies and plugins ensures that your project is using the latest stable versions of libraries and tools, which can improve performance, security, and functionality. Additionally, updating dependencies and plugins can help to address known issues or vulnerabilities in earlier versions.
Can updating dependencies and plugins cause compatibility issues?
Yes, updating dependencies and plugins can introduce compatibility issues, especially if you are using libraries or tools that have been deprecated or removed in newer versions. It is important to thoroughly test your code after updating dependencies and plugins to ensure that it still works as expected.
Can I exclude certain versions of a dependency when updating?
Yes, you can exclude certain versions of a dependency by using the “-Dexcludes” or “-DexcludesList” parameter when running the goal. Pattern “groupId:artifactId:type:classifier:version”. In the case of excludesList, multiple values should be comma separated.
What should I do if updating a dependency causes issues in my project?
If updating a dependency causes issues in your project, you can roll back the changes by reverting to the previous version using the “mvn versions:revert” goal.
Things to Consider
Here are some things to consider when upgrading project dependencies and plugins:
- Always test your code after updating dependencies and plugins to ensure that it still works as expected.
- Always test updates in a separate branch before merging them into the main branch.
- Keep track of changes to your project’s dependencies and plugins by using a version control system.
- Use the latest stable versions of dependencies and plugins to avoid compatibility issues.
Conclusion
Updating your project’s dependencies and plugins is essential for maintaining the security, stability, and performance of your project. Using a plugin like Maven’s “versions” plugin can make the process of updating dependencies and plugins more efficient and reliable. By following best practices and considering potential issues, you can keep your project up-to-date and running smoothly.
Learn More
Interested in learning more?
Check out our blog on how to handle errors and retries in Spring Boot application using Spring Retry.
Dear Bunty, Your blog on update-maven-dependencies is quite useful. It is the decent way to keep the microservices up to date. I have one question. If we want to fetch the list of successive versions, how can we do that? For example, If we have we are using an dependency artfact version 1.4.2 and next version is 1.4.3–> 1.4.5–>1.5.1–>2.0. How can I get such information in a report?
Thank you!
Gaurav