Re: finding source of outdated dependencies
Ah! So, reading between the lines, you're recommending that I issue this command: mvn help:effective-pom -Dverbose=true I didn't know there was a `verbose` option for the effective POM that had anything to do with dependency management. Thanks. That gives me effective dependency management, along with the POM it comes from—even with line numbers. Nice! And (drumroll …) it looks like `biz.aQute.bnd:biz.aQute.bnd.annotation:6.4.1` is coming from `org.apache.logging:logging-parent:10.1.1`. And `org.mockito:mockito-inline:4.8.1` was getting in because one of my own dependencies hasn't been updated to use my newer root POM, which manages the versions of testing libraries. hehe It's good to find out—and now to know /how/ to find out. Thanks, Tamás. Garret On 11/9/2023 5:25 PM, Tamás Cservenák wrote: Well, depMgt is "flattened" (so if depMgt import of POM imports another POM and ...), and if you use verbose with effective, you will see the source of flattened things, at least T On Thu, Nov 9, 2023 at 9:18 PM Garret Wilson wrote: On 11/9/2023 5:10 PM, Tamás Cservenák wrote: Howdy, Did you try to take a peek at effective POM? Hi. The effective POM doesn't show me anything helpful—and I don't know that I expected it to. The effective POM simple resolves the inheritance tree, right? I don't know if that would have any relationship to transitive dependency management. But also,https://issues.apache.org/jira/browse/MPH-183 So that seems to be a suggestion someone made to make the effective POM show something about dependency management, but was never finished/integrated? Garret On Thu, Nov 9, 2023 at 9:04 PM Garret Wilson wrote: In my Maven project (an aggregate project with child projects) I issue the following command for the Versions Maven Plugin: mvn versions:display-dependency-updates There are a couple of outdated dependencies I'm not sure where are coming from: [INFO] The following dependencies in Dependency Management have newer versions: [INFO] biz.aQute.bnd:biz.aQute.bnd.annotation 6.4.1 -> 7.0.0 [INFO] org.mockito:mockito-inline 4.8.1 -> 5.2.0 Unfortunately, try as I might, I can't find which library references these. I've tried the following with the Maven Dependency Plugin, both in the root project and in child projects: mvn dependency:tree None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or `org.mockito:mockito-inline`. The two suspects are: * `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or `org.apache.logging.log4j:log4j-bom:2.21.1` (for `biz.aQute.bnd:biz.aQute.bnd.annotation`) * `com.fasterxml.jackson:jackson-bom:2.15.3` (for `org.mockito:mockito-inline`) But those are just suspicions based upon the additional dependency management I have in the subprojects where those outdated dependencies show up. Is there any command I can use to find out which dependency is bringing in the outdated dependencies listed by the Versions Maven Plugin? Thanks, Garret - To unsubscribe,e-mail:users-unsubscr...@maven.apache.org For additional commands,e-mail:users-h...@maven.apache.org
Re: finding source of outdated dependencies
You can try: mvn versions:display-dependency-updates -DprocessDependencyManagementTransitive=false https://www.mojohaus.org/versions/versions-maven-plugin/display-dependency-updates-mojo.html#processDependencyManagementTransitive czw., 9 lis 2023 o 21:04 Garret Wilson napisał(a): > > In my Maven project (an aggregate project with child projects) I issue > the following command for the Versions Maven Plugin: > > mvn versions:display-dependency-updates > > There are a couple of outdated dependencies I'm not sure where are > coming from: > > [INFO] The following dependencies in Dependency Management have newer > versions: > [INFO] biz.aQute.bnd:biz.aQute.bnd.annotation 6.4.1 > -> 7.0.0 > [INFO] org.mockito:mockito-inline 4.8.1 > -> 5.2.0 > > Unfortunately, try as I might, I can't find which library references > these. I've tried the following with the Maven Dependency Plugin, both > in the root project and in child projects: > > mvn dependency:tree > > None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or > `org.mockito:mockito-inline`. > > The two suspects are: > > * `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or > `org.apache.logging.log4j:log4j-bom:2.21.1` (for > `biz.aQute.bnd:biz.aQute.bnd.annotation`) > * `com.fasterxml.jackson:jackson-bom:2.15.3` (for > `org.mockito:mockito-inline`) > > But those are just suspicions based upon the additional dependency > management I have in the subprojects where those outdated dependencies > show up. > > Is there any command I can use to find out which dependency is bringing > in the outdated dependencies listed by the Versions Maven Plugin? > > Thanks, > > Garret > > > - > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > -- Sławomir Jaranowski - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: finding source of outdated dependencies
Well, depMgt is "flattened" (so if depMgt import of POM imports another POM and ...), and if you use verbose with effective, you will see the source of flattened things, at least T On Thu, Nov 9, 2023 at 9:18 PM Garret Wilson wrote: > On 11/9/2023 5:10 PM, Tamás Cservenák wrote: > > Howdy, > > > > Did you try to take a peek at effective POM? > > Hi. The effective POM doesn't show me anything helpful—and I don't know > that I expected it to. The effective POM simple resolves the inheritance > tree, right? I don't know if that would have any relationship to > transitive dependency management. > > > But also,https://issues.apache.org/jira/browse/MPH-183 > > So that seems to be a suggestion someone made to make the effective POM > show something about dependency management, but was never > finished/integrated? > > Garret > > > On Thu, Nov 9, 2023 at 9:04 PM Garret Wilson > > wrote: > > > >> In my Maven project (an aggregate project with child projects) I issue > >> the following command for the Versions Maven Plugin: > >> > >> mvn versions:display-dependency-updates > >> > >> There are a couple of outdated dependencies I'm not sure where are > >> coming from: > >> > >> [INFO] The following dependencies in Dependency Management have newer > >> versions: > >> [INFO] biz.aQute.bnd:biz.aQute.bnd.annotation 6.4.1 > >> -> 7.0.0 > >> [INFO] org.mockito:mockito-inline 4.8.1 > >> -> 5.2.0 > >> > >> Unfortunately, try as I might, I can't find which library references > >> these. I've tried the following with the Maven Dependency Plugin, both > >> in the root project and in child projects: > >> > >> mvn dependency:tree > >> > >> None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or > >> `org.mockito:mockito-inline`. > >> > >> The two suspects are: > >> > >> * `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or > >> `org.apache.logging.log4j:log4j-bom:2.21.1` (for > >> `biz.aQute.bnd:biz.aQute.bnd.annotation`) > >> * `com.fasterxml.jackson:jackson-bom:2.15.3` (for > >> `org.mockito:mockito-inline`) > >> > >> But those are just suspicions based upon the additional dependency > >> management I have in the subprojects where those outdated dependencies > >> show up. > >> > >> Is there any command I can use to find out which dependency is bringing > >> in the outdated dependencies listed by the Versions Maven Plugin? > >> > >> Thanks, > >> > >> Garret > >> > >> > >> - > >> To unsubscribe, e-mail:users-unsubscr...@maven.apache.org > >> For additional commands, e-mail:users-h...@maven.apache.org > >> > >>
Re: finding source of outdated dependencies
On 11/9/2023 5:10 PM, Tamás Cservenák wrote: Howdy, Did you try to take a peek at effective POM? Hi. The effective POM doesn't show me anything helpful—and I don't know that I expected it to. The effective POM simple resolves the inheritance tree, right? I don't know if that would have any relationship to transitive dependency management. But also,https://issues.apache.org/jira/browse/MPH-183 So that seems to be a suggestion someone made to make the effective POM show something about dependency management, but was never finished/integrated? Garret On Thu, Nov 9, 2023 at 9:04 PM Garret Wilson wrote: In my Maven project (an aggregate project with child projects) I issue the following command for the Versions Maven Plugin: mvn versions:display-dependency-updates There are a couple of outdated dependencies I'm not sure where are coming from: [INFO] The following dependencies in Dependency Management have newer versions: [INFO] biz.aQute.bnd:biz.aQute.bnd.annotation 6.4.1 -> 7.0.0 [INFO] org.mockito:mockito-inline 4.8.1 -> 5.2.0 Unfortunately, try as I might, I can't find which library references these. I've tried the following with the Maven Dependency Plugin, both in the root project and in child projects: mvn dependency:tree None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or `org.mockito:mockito-inline`. The two suspects are: * `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or `org.apache.logging.log4j:log4j-bom:2.21.1` (for `biz.aQute.bnd:biz.aQute.bnd.annotation`) * `com.fasterxml.jackson:jackson-bom:2.15.3` (for `org.mockito:mockito-inline`) But those are just suspicions based upon the additional dependency management I have in the subprojects where those outdated dependencies show up. Is there any command I can use to find out which dependency is bringing in the outdated dependencies listed by the Versions Maven Plugin? Thanks, Garret - To unsubscribe, e-mail:users-unsubscr...@maven.apache.org For additional commands, e-mail:users-h...@maven.apache.org
Re: finding source of outdated dependencies
Howdy, Did you try to take a peek at effective POM? But also, https://issues.apache.org/jira/browse/MPH-183 T On Thu, Nov 9, 2023 at 9:04 PM Garret Wilson wrote: > In my Maven project (an aggregate project with child projects) I issue > the following command for the Versions Maven Plugin: > > mvn versions:display-dependency-updates > > There are a couple of outdated dependencies I'm not sure where are > coming from: > > [INFO] The following dependencies in Dependency Management have newer > versions: > [INFO] biz.aQute.bnd:biz.aQute.bnd.annotation 6.4.1 > -> 7.0.0 > [INFO] org.mockito:mockito-inline 4.8.1 > -> 5.2.0 > > Unfortunately, try as I might, I can't find which library references > these. I've tried the following with the Maven Dependency Plugin, both > in the root project and in child projects: > > mvn dependency:tree > > None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or > `org.mockito:mockito-inline`. > > The two suspects are: > > * `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or > `org.apache.logging.log4j:log4j-bom:2.21.1` (for > `biz.aQute.bnd:biz.aQute.bnd.annotation`) > * `com.fasterxml.jackson:jackson-bom:2.15.3` (for > `org.mockito:mockito-inline`) > > But those are just suspicions based upon the additional dependency > management I have in the subprojects where those outdated dependencies > show up. > > Is there any command I can use to find out which dependency is bringing > in the outdated dependencies listed by the Versions Maven Plugin? > > Thanks, > > Garret > > > - > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > >
finding source of outdated dependencies
In my Maven project (an aggregate project with child projects) I issue the following command for the Versions Maven Plugin: mvn versions:display-dependency-updates There are a couple of outdated dependencies I'm not sure where are coming from: [INFO] The following dependencies in Dependency Management have newer versions: [INFO] biz.aQute.bnd:biz.aQute.bnd.annotation 6.4.1 -> 7.0.0 [INFO] org.mockito:mockito-inline 4.8.1 -> 5.2.0 Unfortunately, try as I might, I can't find which library references these. I've tried the following with the Maven Dependency Plugin, both in the root project and in child projects: mvn dependency:tree None of the output mentions `biz.aQute.bnd:biz.aQute.bnd.annotation` or `org.mockito:mockito-inline`. The two suspects are: * `com.amazonaws:aws-lambda-java-log4j2:1.6.0` or `org.apache.logging.log4j:log4j-bom:2.21.1` (for `biz.aQute.bnd:biz.aQute.bnd.annotation`) * `com.fasterxml.jackson:jackson-bom:2.15.3` (for `org.mockito:mockito-inline`) But those are just suspicions based upon the additional dependency management I have in the subprojects where those outdated dependencies show up. Is there any command I can use to find out which dependency is bringing in the outdated dependencies listed by the Versions Maven Plugin? Thanks, Garret - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
