Master Automatic Maven Dependency Updates with the Versions Plugin
This tutorial explains how to use the Maven Versions plugin to automate dependency upgrades, integrate them into CI pipelines, handle snapshots, filter unwanted versions, and apply various update goals, providing a reliable and repeatable approach to keep Java projects up‑to‑date.
1. Overview
Manually upgrading Maven dependencies is tedious, especially in projects with many frequently updated libraries. This tutorial shows how to use the Versions Maven plugin to keep dependencies up‑to‑date, which is especially useful in CI pipelines for automatic upgrades, testing, and committing or rolling back results.
2. Maven version range syntax
In Maven 2 developers could specify version ranges so artifacts could be upgraded without manual intervention. The syntax is still valid, but it is recommended to use the Versions Maven plugin for better control.
2.1. Deprecated syntax
Maven 2 also provided two special meta‑versions: LATEST (finds the newest possible version) and RELEASE (targets the latest non‑snapshot version). These are still functional but lead to unpredictability and are discouraged in CI environments.
3. Versions Maven plugin
The plugin is now the de‑facto standard for version management, offering goals from high‑level remote repository comparison to low‑level timestamp locking of snapshots.
3.1. Test cases
Define test cases:
Three RELEASE versions with hard‑coded versions
A RELEASE version using a property version
A SNAPSHOT version
<dependencies>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.15.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.13.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>${commons-compress-version}</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
<version>1.9.1-SNAPSHOT</version>
</dependency>
</dependencies>
<properties>
<commons-compress-version>1.15</commons-compress-version>
</properties>When defining the plugin, exclude a specific artifact:
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.7</version>
<configuration>
<excludes>
<exclude>org.apache.commons:commons-collections4</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>4. Display available updates
Use versions:display-dependency-updates to see which dependencies have newer RELEASE versions. The command lists all RELEASE updates, including those excluded from the update process, but skips SNAPSHOT versions.
5. Update dependencies
The first run creates a pom.xml.versionsBackup backup of the original pom.xml . Subsequent runs modify pom.xml , and you can commit changes with mvn versions:commit or revert with mvn versions:revert.
5.1. Convert SNAPSHOT to RELEASE
Run versions:use-releases to replace SNAPSHOT versions with the corresponding released versions.
mvn versions:use-releases5.2. Update to next RELEASE
Run versions:use-next-releases to upgrade each non‑SNAPSHOT dependency to the next version, respecting exclusions.
mvn versions:use-next-releases5.3. Update to latest RELEASE
Run versions:use-latest-releases to upgrade each non‑SNAPSHOT dependency to the latest released version.
mvn versions:use-latest-releases6. Filter unwanted versions
You can ignore certain versions by configuring the plugin to load rules from an external file, e.g.,
<rulesUri>http://www.mycompany.com/maven-version-rules.xml</rulesUri>or a local file.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.7</version>
<configuration>
<rulesUri>http://www.mycompany.com/maven-version-rules.xml</rulesUri>
</configuration>
</plugin>6.1. Global ignore
Configure a ruleset to ignore versions matching a regex, such as .*-beta.
<ruleset comparisonMethod="maven"
xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
<ignoreVersions>
<ignoreVersion type="regex">.*-beta</ignoreVersion>
</ignoreVersions>
</ruleset>6.2. Rule‑based ignore
Define more specific rules, for example ignoring versions ending with -RELEASE or a particular version like 2.1.0.
<ruleset comparisonMethod="maven"
xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
<rules>
<rule groupId="com.mycompany.maven" comparisonMethod="maven">
<ignoreVersions>
<ignoreVersion type="regex">.*-RELEASE</ignoreVersion>
<ignoreVersion>2.1.0</ignoreVersion>
</ignoreVersions>
</rule>
</rules>
</ruleset>7. Conclusion
We have learned how to safely and automatically check and update project dependencies in a Maven‑compatible way.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Cognitive Technology Team
Cognitive Technology Team regularly delivers the latest IT news, original content, programming tutorials and experience sharing, with daily perks awaiting you.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.