Hi Niels, (Thank you for using the libraries-bom! I'm one of the maintainers of the BOM.)
I don't know how to do it in Maven. However, I often see people using dependabot or renovatebot integrated with their repositories. An example pull request by renovatebot: https://github.com/googleapis/java-securitycenter/pull/472 Note that RenovateBot doesn't require GitHub.com repository: https://github.com/renovatebot/renovate#self-hosting On Thu, Apr 29, 2021 at 5:12 PM Delany <[email protected]> wrote: > Is it this https://github.com/mojohaus/versions-maven-plugin/issues/395 > Regards, > Delany > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <[email protected]> wrote: > > > Hi, > > > > I see quite a few situations where the dependencies for toolkit are > > provided in the form of a dependency you must "import" in > > the dependencyManagement section. > > They provide this to ensure you always have a working combination for a > lot > > of closely related dependencies. > > > > To illustrate the problem I ran into I created this minimal pom.xml: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <project xmlns="http://maven.apache.org/POM/4.0.0"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > > http://maven.apache.org/xsd/maven-4.0.0.xsd";> > > <modelVersion>4.0.0</modelVersion> > > > > <groupId>nl.basjes.example</groupId> > > <artifactId>dependency-version-test</artifactId> > > <version>0.1-SNAPSHOT</version> > > <packaging>jar</packaging> > > > > <dependencyManagement> > > <dependencies> > > <dependency> > > <!-- This is the way we get a consistent set of versions > of > > the Google tools --> > > <groupId>com.google.cloud</groupId> > > <artifactId>libraries-bom</artifactId> > > <version>19.0.0</version> > > <type>pom</type> > > <scope>import</scope> > > </dependency> > > </dependencies> > > </dependencyManagement> > > > > <dependencies> > > <dependency> > > <groupId>com.google.cloud</groupId> > > <artifactId>google-cloud-pubsub</artifactId> > > </dependency> > > </dependencies> > > </project> > > > > > > Now for this example the 19.0.0 is a valid version and absolutely not the > > latest version. > > What I'm looking for is a command that will give me the advice to update > > the 19.0.0 to whatever is currently the latest version. > > If I put this in an empty directory and try to get insight in what I need > > to upgrade I do this: > > > > mvn versions:display-dependency-updates > > > > > > The output I get from this is the full list of all underlying > dependencies > > for which an update is available; yet no mention of the libraries-bom > that > > is in need of an update. > > > > What I would like is a list of the things for which an update is > available; > > yet here I effectively want the opposite of what I get from this plugin: > I > > only want (should?) get the suggestion to update the libraries-bom and > not > > the full list of the versions defined in there. > > > > Is there a way to achieve this? > > > > -- > > Best regards / Met vriendelijke groeten, > > > > Niels Basjes > > > -- Regards, Tomo
