Update Maven Dependencies

Update Maven Dependencies Effortlessly: How to Keep Your Project Up-to-Date

Spring Boot

Looking for an effortless way to update Maven dependencies? Updating dependencies manually can be tedious and prone to errors. With the Maven Versions plugin, you can efficiently update Maven dependencies and plugins automatically. This blog post covers everything you need to know about updating dependencies using the Maven Versions plugin for dependency and plugin updates, best practices, and more.

Table of Contents

Introduction

Maven is a popular build automation tool used in Java projects that manages dependencies and builds Java projects automatically. Keeping the dependencies and plugins up to date is essential to ensure that the project is secure and runs smoothly. We will explore how to seamlessly update all the dependencies and plugins to the latest versions with just a few commands.

Versions Maven Plugin

Maven provides a plugin called the “versions” plugin, which can be used to update dependencies and plugins in your project. This plugin provides several goals to help you manage your dependencies and plugins efficiently.



Advantages of Updating Dependencies and Plugins

Updating your project’s dependencies and plugins is important for several reasons. It ensures that your project uses the latest version of the dependency or plugin, which may contain bug fixes, security updates, and new features. It also helps to maintain compatibility with other dependencies and plugins that are being used in your project. In addition, updating dependencies and plugins can improve the performance of your project, as newer versions may be optimized for speed and memory usage.

Disadvantages of Updating Dependencies and Plugins Manually

Updating dependencies and plugins manually can be a time-consuming and error-prone process. It’s easy to miss updates or introduce conflicts between dependencies and plugins. It’s also difficult to keep track of which versions of each dependency and plugin are being used in your project. Using the Maven “versions” plugin automates the process of updating dependencies and plugins, reducing the risk of errors and making it easier to manage updates.



Update Maven Dependencies Using Maven Versions Plugin

The Maven “versions” plugin provides several goals to help you manage dependencies and plugins in your project. Here are some scenarios and the commands to use in each case:

1. Displaying Available Updates

You can use the Versions plugin to display available updates for dependencies/plugins in your project.

To display available updates for dependencies, use the following command:

mvn versions:display-dependency-updates
Display Dependencies Updates

This goal shows the latest version available for each dependency used in the project.

To display available updates for plugins, use the following command:

mvn versions:display-plugin-updates
Display Plugins Updates

This goal shows the latest versions available for each plugin used in the project.

To display available updates for properties, use the following command:

For a few dependencies, we specify the version inside the properties section of pom.xml. For such use cases, the display-properties-updates goal of the Versions plugin can be useful.

mvn versions:display-property-updates
Display Properties Updates

This goal shows the latest versions available for each property used in the project.

To display available updates for parent POM, use the following command:

mvn versions:display-parent-updates
Display Parent POM Updates

This goal displays the latest versions available for the parent POM of your project.



2. Generating Reports

You can use the Versions plugin to generate reports of available updates for dependencies/plugins in your project. The generated report is in HTML format which can be viewed in a browser.

To generate a report of available updates for dependencies, use the following command:

mvn versions:dependency-updates-report
Dependencies Updates Report

This goal generates a report of the available updates for all the dependencies in your project.

To generate a report of available updates for plugins, use the following command:

mvn versions:plugin-updates-report
Plugins Updates Report

This goal generates a report of the available updates for all the plugins in your project.

To generate a report of available updates for properties, use the following command:

mvn versions:property-updates-report
Properties Updates Report

This goal generates a report of the available updates for all the properties in your project.



3. Performing Updates

Based on your requirement, you can use the Versions plugin to update dependencies/plugins in your project.

Updating to the Next Release of the Dependencies

When a new Release version of a dependency is available, you may want to update to the next Release version. You can use the Versions plugin to update to the next Release version. To do this, use the following command:

mvn versions:use-next-releases
Update to Next Release

This command updates all the dependencies to the next RELEASE version.

Updating to the Latest Release of the Dependencies

When you run the “use-latest-releases” goal, it scans all the dependencies in your project and checks their latest available releases. If there are any updates available, it updates the version numbers in your pom.xml file.

mvn versions:use-latest-releases
Update to Latest Release

This command will update all the dependencies in your project to their latest release versions.

Updating to the Latest Snapshot of the Dependencies

When you run the “use-latest-snapshots” goal, it scans all the dependencies in your project and checks their latest available snapshot versions. If there are any updates available, it updates the version numbers in your pom.xml file.

It is important to note that updating to the latest snapshot versions of dependencies can sometimes lead to compatibility issues with your project. Snapshots are not guaranteed to be stable and may contain experimental or unfinished features. It is recommended to thoroughly test your project after updating to ensure that everything works as expected.

mvn versions:use-latest-snapshots
Update to Latest Snapshot

This command searches the pom for all non-SNAPSHOT versions which have a newer -SNAPSHOT version and replaces them with the latest -SNAPSHOT version.



Updating to the Latest Version of the Dependencies

When you run the “use-latest-versions” goal, it scans all the dependencies in your project and checks their latest available versions. If there are any updates available, it updates the version numbers in your pom.xml file.

mvn versions:use-latest-versions
Update to Latest Version

This command will update all the dependencies in your project to their latest available versions

Note: By default, dependencies will be updated to the latest stable release. Dependencies will not be upgraded to snapshot versions even if their latest snapshot version is available.

Updating Parent Pom to the Latest Version

When you run the “update-parent” goal, it scans the parent POM of your Maven project and checks if there is a newer version available. If there is a newer version available, it updates the version number in your project’s POM file.

This is a useful feature because it ensures that your project is using the latest version of the parent POM, which may contain important updates or bug fixes.

mvn versions:update-parent
Update Parent

This command will update the parent POM version of your project to the latest available release version.

It is important to note that updating the parent POM version can sometimes lead to compatibility issues with your project, especially if there have been major changes in the newer version of the parent POM. Therefore, it is recommended to thoroughly test your project after updating it to ensure that everything works as expected.

Updating Properties to the Latest Version

When you run the “update-properties” goal, it scans your POM file and checks if there are any properties defined in it. If it finds any properties that have a newer version available, it updates the property value in your POM file.

mvn versions:update-properties
Update Properties

This command will update any properties in your project’s POM file to the latest available version.



Updating to the Next Snapshot of the Dependencies

When you run the “use-next-snapshots” goal, the Maven Versions plugin will update the version of any SNAPSHOT dependencies in your project to the next available SNAPSHOT version. This can be useful when you want to stay up to date with the latest changes in the development version of a library or framework.

mvn versions:use-next-snapshots
Update to Next Snapshot

This command will update the version of any SNAPSHOT dependencies in your project to the next available SNAPSHOT version.

Updating to the Next Version of the Dependencies

When you run the “use-next-versions” goal, the Maven Versions plugin will update the version of any dependencies in your project to the next available version. This can be useful when you want to stay up to date with the latest stable release of a library or framework.

mvn versions:use-next-versions
Update to Next Version

This command will update the version of any dependencies in your project to the next available version.

Migrating Snapshots to Release Version

When you run the “use-releases” goal, the Maven Versions plugin will update the version of any SNAPSHOT dependencies to the latest stable release version.

mvn versions:use-releases
Use Release

This command will update the version of any SNAPSHOT dependencies in your project to the latest stable release version.



4. Final Actions

When you update the dependencies to the required versions using the Versions plugin, it creates the pom.xml.versionsBackup file. It basically creates a backup file with the original POM file and adds the .versionsBackup extension to the file name.

Committing the Changes

Once the changes are validated post the dependencies update, you can remove the backup file with the commit command.

mvn versions:commit
Accept Changes

This command removes the pom.xml.versionsBackup file that was created by the plugin during the previous version update.

Reverting the Changes

When the changes made to the POM file cause issues and need to be undone it can be undone using the revert command. By running this command, the original POM file will be restored from the backup files created by the plugin.

mvn versions:revert
Rollback Changes

This command restores the content of pom.xml.versionsBackup file that was created by the plugin during the previous version update.



Example

Here we have considered one pom.xml of Spring Boot 2.x application in which we have added couple of dependencies and plugins. We will see the output of different goals when we run on this pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project
	xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.7.9</version>
	</parent>
	
	<groupId>com.example</groupId>
	<artifactId>spring-boot-2-hello-world</artifactId>
	<version>1.0.2-SNAPSHOT</version>
	
	<name>spring-boot-2-hello-world</name>
	<description>A simple Spring Boot 2.x app to send hello world message to a user</description>
	
	<properties>
		<java.version>1.8</java.version>
		<lombok.version>1.18.22</lombok.version>
	</properties>
	
	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.apache.commons</groupId>
			<artifactId>commons-lang3</artifactId>
			<version>3.11</version>
		</dependency>
		<dependency>
			<groupId>org.apache.logging.log4j</groupId>
			<artifactId>log4j-core</artifactId>
			<version>2.19.0</version>
		</dependency>
		<dependency>
			<groupId>com.mysql</groupId>
			<artifactId>mysql-connector-j</artifactId>
			<version>8.0.31</version>
		</dependency>
		<dependency>
			<groupId>joda-time</groupId>
			<artifactId>joda-time</artifactId>
			<version>2.12.3</version>
		</dependency>
		<dependency>
			<groupId>org.projectlombok</groupId>
			<artifactId>lombok</artifactId>
			<version>${lombok.version}</version>
			<scope>provided</scope>
		</dependency>
		
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>
	
	<build>
		<plugins>
			<plugin>
				<inherited>true</inherited>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-enforcer-plugin</artifactId>
				<version>3.3.0</version>
				<executions>
					<execution>
						<id>enforce-maven-3</id>
						<goals>
							<goal>enforce</goal>
						</goals>
						<configuration>
							<rules>
								<requireMavenVersion>
									<version>3.2.5</version>
								</requireMavenVersion>
							</rules>
							<fail>true</fail>
						</configuration>
					</execution>
				</executions>
			</plugin>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-clean-plugin</artifactId>
				<version>3.0.0</version>
			</plugin>
		</plugins>
	</build>
</project>
pom.xml

Displaying Available Updates

In the below screenshots, you will see when we run the “display-dependency-updates” and “display-plugin-updates” goal, the Versions plugin displays the latest version available for dependencies and plugins that are defined in pom.xml

Maven Versions Display Dependencies Update CommandMaven Versions Display Dependencies Update ResultMaven Versions Display Plugin Update

Note:

For display-plugin-updates goal to work properly, you need to add maven-enforcer plugin in your pom.xml or else you will see build failures during the goal execution.

Generating reports

In the below screenshots, you will see when we run the “dependency-updates-report” goal, the Versions plugin generates the report for dependencies that are defined in pom.xml. This report is in HTML format that can be viewed in a browser.

Maven Versions Dependencies Update ReportMaven Versions Dependencies Update Report HTML

Performing Updates

In the below screenshots, you will see when we run the use-latest-releases goal, the Versions plugin will update the dependencies to their latest release version.

Maven Versions Use Latest ReleasesMaven Versions Use Latest Releases Pom Vs Backup


FAQs

Why is it important to update dependencies and plugins?

Updating dependencies and plugins ensures that your project is using the latest stable versions of libraries and tools, which can improve performance, security, and functionality. Additionally, updating dependencies and plugins can help to address known issues or vulnerabilities in earlier versions.

Can updating dependencies and plugins cause compatibility issues?

Yes, updating dependencies and plugins can introduce compatibility issues, especially if you are using libraries or tools that have been deprecated or removed in newer versions. It is important to thoroughly test your code after updating dependencies and plugins to ensure that it still works as expected.

Can I exclude certain versions of a dependency when updating?

Yes, you can exclude certain versions of a dependency by using the “-Dexcludes” or “-DexcludesList” parameter when running the goal. Pattern “groupId:artifactId:type:classifier:version”. In the case of excludesList, multiple values should be comma separated.

What should I do if updating a dependency causes issues in my project?

If updating a dependency causes issues in your project, you can roll back the changes by reverting to the previous version using the “mvn versions:revert” goal.

Things to Consider

Here are some things to consider when upgrading project dependencies and plugins:

  • Always test your code after updating dependencies and plugins to ensure that it still works as expected.
  • Always test updates in a separate branch before merging them into the main branch.
  • Keep track of changes to your project’s dependencies and plugins by using a version control system.
  • Use the latest stable versions of dependencies and plugins to avoid compatibility issues.

    Conclusion

    Updating your project’s dependencies and plugins is essential for maintaining the security, stability, and performance of your project. Using a plugin like Maven’s “versions” plugin can make the process of updating dependencies and plugins more efficient and reliable. By following best practices and considering potential issues, you can keep your project up-to-date and running smoothly.



    Learn More

    #

    Interested in learning more?

    Check out our blog on how to handle errors and retries in Spring Boot application using Spring Retry.

    Learn More

    2 Responses

    1. Gaurav Sharma

      Dear Bunty, Your blog on update-maven-dependencies is quite useful. It is the decent way to keep the microservices up to date. I have one question. If we want to fetch the list of successive versions, how can we do that? For example, If we have we are using an dependency artfact version 1.4.2 and next version is 1.4.3–> 1.4.5–>1.5.1–>2.0. How can I get such information in a report?

      Thank you!
      Gaurav

      • Bunty RaghaniAuthor

        Thank you for your patience, and I apologize for the delay in my response.

        After a thorough investigation, I couldn’t find a direct Maven goal that lists all available versions for a specific dependency. However, there is an alternative approach you can consider. You can use the below Maven goal to generate a comprehensive HTML report that includes all available versions, both major and minor. This will generate a detailed report, and you can find the information you need within the HTML output.

        Maven Command: mvn versions:dependency-updates-aggregate-report

        I hope this helps!

    Add a Comment

    Your email address will not be published.