versions: Unexpected behavior of -DallowMajorReleases=false

Recently seen output of display-dependency-updates:

$ mvn org.codehaus.mojo:versions-maven-plugin:2.8.1:display-dependency-updates
[INFO] Scanning for projects...
[INFO] 
[INFO] -------------------< org.jenkins-ci:update-center2 >--------------------
[INFO] Building Jenkins Update Center Generator 3.6-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- versions-maven-plugin:2.8.1:display-dependency-updates (default-cli) @ update-center2 ---
[INFO] The following dependencies in Dependency Management have newer versions:
[INFO]   com.github.spotbugs:spotbugs-annotations ............. 3.1.12 -> 4.2.2
[INFO]   junit:junit ........................................... 4.13 -> 4.13.2
[INFO]   org.codehaus.mojo:animal-sniffer-annotations ............ 1.18 -> 1.20
[INFO] 
[INFO] The following dependencies in Dependencies have newer versions:
[INFO]   com.squareup.okhttp3:mockwebserver ............ 4.8.0 -> 5.0.0-alpha.2
[INFO]   com.squareup.okhttp3:okhttp-urlconnection ..... 4.8.0 -> 5.0.0-alpha.2
[INFO]   commons-codec:commons-codec .................. 1.14 -> 20041127.091804
[INFO]   commons-io:commons-io ......................... 2.7 -> 20030203.000550
[INFO]   jaxen:jaxen ............................... 1.2.0 -> 1.2.0-atlassian-2
[INFO]   org.jetbrains.kotlin:kotlin-stdlib-common ......... 1.3.72 -> 1.5.0-M1
[INFO] 
[INFO] The following dependencies in Plugin Dependencies have newer versions:
[INFO]   org.codehaus.mojo:extra-enforcer-rules .................... 1.2 -> 1.3
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.058 s
[INFO] Finished at: 2021-03-20T10:59:07+01:00
[INFO] ------------------------------------------------------------------------

A lot of these suggested updates are to prereleases (alpha, RC, M). A quick look at the docs suggests -DallowMajorUpdates=false -DallowAnyUpdates=false. Applying that:

$ mvn -DallowMajorUpdates=false -DallowAnyUpdates=false -DallowSnapshots=false org.codehaus.mojo:versions-maven-plugin:2.8.1:display-dependency-updates
[INFO] Scanning for projects...
[INFO] 
[INFO] -------------------< org.jenkins-ci:update-center2 >--------------------
[INFO] Building Jenkins Update Center Generator 3.6-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- versions-maven-plugin:2.8.1:display-dependency-updates (default-cli) @ update-center2 ---
[INFO] The following dependencies in Dependency Management have newer versions:
[INFO]   com.github.spotbugs:spotbugs-annotations ......... 3.1.12 -> 4.0.0-RC3
[INFO]   org.codehaus.mojo:animal-sniffer-annotations ............ 1.18 -> 1.20
[INFO] 
[INFO] The following dependencies in Dependencies have newer versions:
[INFO]   com.squareup.okhttp3:mockwebserver ............ 4.8.0 -> 5.0.0-alpha.2
[INFO]   com.squareup.okhttp3:okhttp-urlconnection ..... 4.8.0 -> 5.0.0-alpha.2
[INFO]   commons-codec:commons-codec ............................. 1.14 -> 1.15
[INFO]   commons-io:commons-io ................................... 2.7 -> 2.8.0
[INFO]   org.jetbrains.kotlin:kotlin-stdlib-common ......... 1.3.72 -> 1.5.0-M1
[INFO] 
[INFO] The following dependencies in Plugin Dependencies have newer versions:
[INFO]   org.codehaus.mojo:extra-enforcer-rules .................... 1.2 -> 1.3
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.072 s
[INFO] Finished at: 2021-03-20T10:59:23+01:00
[INFO] ------------------------------------------------------------------------

Well, that’s not helpful. spotbugs-annotations is even worse now, instead of 4.2.2 I get 4.0.0-RC3.

It looks like -DallowMajorUpdates=false allows the latest release older than (X+1).0, and based on Maven version math AFAIUI, that includes pre-release versions like (X+1).0-RC3 – which is pretty unhelpful for my use case of trying to apply simple updates to actual releases.

Either of the following would be an improvement:

  • With -DallowMajorUpdates=false, look only for releases within the same major version (i.e. “version number starts with X”).
  • Add an option to exclude prerelease versions. This would also provide better results for some of the other dependencies shown, and combined with -DallowMajorUpdates=false I could get the latest available release of the current major line.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 1
  • Comments: 32 (29 by maintainers)

Commits related to this issue

Most upvoted comments

Sorry. This is indeed a bug. I must have overlooked this paragraph:

It looks like -DallowMajorUpdates=false allows the latest release older than (X+1).0, and based on Maven version math AFAIUI, that includes pre-release versions like (X+1).0-RC3 – which is pretty unhelpful for my use case of trying to apply simple updates to actual releases.

Yes, those qualified releases are indeed considered older than the .0 version, so the range which is being considered by the plugin is not at all correct.

@sultan are you working on this by any chance? I saw that you were still busy with a PR for correcting range limits. Otherwise I’ll gladly tackle this one.

+3
ajarmoniuk on Sep 29, 2022

Please use the newly added -Dmaven.version.ignore switch to filter out pre-release qualifiers. E.g.

"-Dmaven.version.ignore=.+-(M\d+|SNAPSHOT|RC.*)"

(On POSIX-compatible shells, the option must be surrounded in single or double quotes so that it’s not expanded by the shell)

See also #684

+3
ajarmoniuk on Sep 21, 2022

Use mojohaus. or something, not maven. please.

+2
cstamas on Sep 21, 2022

This looks great. When can we expect 2.13.0 to be released? 😅

@fgabolde - please follow #742

+1
slawekjaranowski on Oct 10, 2022

Almost done…

+1
ajarmoniuk on Oct 1, 2022

ternary operator looks correct to me too.

in order to get correct result i was required to execute : -DallowAnyUpdates=false -DallowMajorUpdates=false

about improvements: allowMinor allowMinor etc could be replaced by an enum with NULL/EMPTY equivalent to MAJOR, examples -DupdateScope=major -DupdateUpTo=major

Subinc Inc Minor Major
YES YES YES YES Major/Any/All/Empty/Null/
YES YES YES no Minor/MinorOrLess
YES YES no no Inc/IncOrLess
YES no no no SubInc/SubincOnly

others are a bit more complicated, i would like to introduce the possibility to disallow previews :

Snapshots Previews :
Milestones RCs		 Releases
YES YES YES Any/All/Empty/Null
YES no no Snapshots Only
no YES no Previews Only
no no YES Releases Only
no YES YES All but Snapshots
YES no YES All but Previews
YES YES no All but Releases
+1
sultan on Sep 29, 2022

not working on anything rn, feel free to start, i’ll jump on the boat later to help

+1
sultan on Sep 29, 2022
Read more comments on GitHub
← versions: ${revision} not being updated
versions: Versions Maven Plugin not showing latest plugins available with ignores. →