Thanks, This actually works. I find this surprising because apparently this plugin cannot indicate what needs to be changed, but it can do the change.
Niels On Sun, May 2, 2021 at 4:25 PM Nick Stolwijk <[email protected]> wrote: > To update the BOM dependencies you can use the Maven versions plugin: > > mvn versions:use-latest-versions versions:update-properties > -DgenerateBackupPoms=false > > Hth, > > Nick Stolwijk > > ~~~ Try to leave this world a little better than you found it and, when > your turn comes to die, you can die happy in feeling that at any rate you > have not wasted your time but have done your best ~~~ > > Lord Baden-Powell > > > On Sun, May 2, 2021 at 3:12 PM Niels Basjes <[email protected]> wrote: > > > Hi, > > > > Thanks for the suggestion. > > Apparently the "standard" maven versions plugin does not do this > correctly > > yet. > > > > I was looking at this renovate tool yet what I found is that it seems to > > only support creating pull/merge requests. > > This is very nice but not what I want right now. > > Is there a way to run it locally (without any github/gitlab/... system) > and > > generate a patch file or just a list of problematic versions? > > > > Niels Basjes > > > > > > On Fri, Apr 30, 2021 at 3:40 AM Tomo Suzuki <[email protected]> > > wrote: > > > > > Hi Niels, > > > (Thank you for using the libraries-bom! I'm one of the maintainers of > the > > > BOM.) > > > > > > I don't know how to do it in Maven. However, I often see people using > > > dependabot or > > > renovatebot integrated with their repositories. > > > An example pull request by renovatebot: > > > https://github.com/googleapis/java-securitycenter/pull/472 > > > > > > Note that RenovateBot doesn't require GitHub.com repository: > > > https://github.com/renovatebot/renovate#self-hosting > > > > > > > > > > > > > > > On Thu, Apr 29, 2021 at 5:12 PM Delany <[email protected]> > > wrote: > > > > > > > Is it this > > https://github.com/mojohaus/versions-maven-plugin/issues/395 > > > > Regards, > > > > Delany > > > > > > > > > > > > On Thu, 29 Apr 2021, 22:22 Niels Basjes, <[email protected]> wrote: > > > > > > > > > Hi, > > > > > > > > > > I see quite a few situations where the dependencies for toolkit are > > > > > provided in the form of a dependency you must "import" in > > > > > the dependencyManagement section. > > > > > They provide this to ensure you always have a working combination > > for a > > > > lot > > > > > of closely related dependencies. > > > > > > > > > > To illustrate the problem I ran into I created this minimal > pom.xml: > > > > > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > > > <project xmlns="http://maven.apache.org/POM/4.0.0"; > > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > > > > > http://maven.apache.org/xsd/maven-4.0.0.xsd";> > > > > > <modelVersion>4.0.0</modelVersion> > > > > > > > > > > <groupId>nl.basjes.example</groupId> > > > > > <artifactId>dependency-version-test</artifactId> > > > > > <version>0.1-SNAPSHOT</version> > > > > > <packaging>jar</packaging> > > > > > > > > > > <dependencyManagement> > > > > > <dependencies> > > > > > <dependency> > > > > > <!-- This is the way we get a consistent set of > > > versions > > > > of > > > > > the Google tools --> > > > > > <groupId>com.google.cloud</groupId> > > > > > <artifactId>libraries-bom</artifactId> > > > > > <version>19.0.0</version> > > > > > <type>pom</type> > > > > > <scope>import</scope> > > > > > </dependency> > > > > > </dependencies> > > > > > </dependencyManagement> > > > > > > > > > > <dependencies> > > > > > <dependency> > > > > > <groupId>com.google.cloud</groupId> > > > > > <artifactId>google-cloud-pubsub</artifactId> > > > > > </dependency> > > > > > </dependencies> > > > > > </project> > > > > > > > > > > > > > > > Now for this example the 19.0.0 is a valid version and absolutely > not > > > the > > > > > latest version. > > > > > What I'm looking for is a command that will give me the advice to > > > update > > > > > the 19.0.0 to whatever is currently the latest version. > > > > > If I put this in an empty directory and try to get insight in what > I > > > need > > > > > to upgrade I do this: > > > > > > > > > > mvn versions:display-dependency-updates > > > > > > > > > > > > > > > The output I get from this is the full list of all underlying > > > > dependencies > > > > > for which an update is available; yet no mention of the > libraries-bom > > > > that > > > > > is in need of an update. > > > > > > > > > > What I would like is a list of the things for which an update is > > > > available; > > > > > yet here I effectively want the opposite of what I get from this > > > plugin: > > > > I > > > > > only want (should?) get the suggestion to update the libraries-bom > > and > > > > not > > > > > the full list of the versions defined in there. > > > > > > > > > > Is there a way to achieve this? > > > > > > > > > > -- > > > > > Best regards / Met vriendelijke groeten, > > > > > > > > > > Niels Basjes > > > > > > > > > > > > > > > > > > -- > > > Regards, > > > Tomo > > > > > > > > > -- > > Best regards / Met vriendelijke groeten, > > > > Niels Basjes > > > -- Best regards / Met vriendelijke groeten, Niels Basjes
