By default, maven does not ignore versions ending with qualifier strings when searching for the latest version of an artifact.
For example, versions ending with -alpha
, -beta3
, -M-2
, and -RC1
will be considered as valid upgrade candidates.
Consider the case of your project having a dependency on version 3.2.1
of a certain artifact and 3.3.0-beta
is released.
The maven-versions-plugin
will, by default, consider that to be valid upgrade.
To make maven-plugin-versions
ignore such qualified versions read on.
There's no need to create a rule to ignore SNAPSHOT releases because
the allowSnapshots
configuration parameter is false
by default.
Based on:
- Version number rules § Rules.xml
https://www.mojohaus.org/versions/versions-maven-plugin/version-rules.html - How to display dependency updates only for release versions
https://stackoverflow.com/q/38146719
Make a file next to your pom called, say, versions-ruleset.xml
<?xml version="1.0" encoding="UTF-8"?>
<ruleset comparisonMethod="maven"
xmlns="https://www.mojohaus.org/VERSIONS/RULE/2.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://www.mojohaus.org/VERSIONS/RULE/2.1.0 https://www.mojohaus.org/versions/versions-model/xsd/rule-2.1.0.xsd">
<ignoreVersions>
<!-- Ignore Alpha's, Beta's, release candidates and milestones -->
<ignoreVersion type="regex">(?i).*alpha(-?\d+)?</ignoreVersion>
<ignoreVersion type="regex">(?i).*beta(-?\d+)?</ignoreVersion>
<ignoreVersion type="regex">(?i).*rc(-?\d+)?</ignoreVersion>
<ignoreVersion type="regex">(?i).*m(-?\d+)?</ignoreVersion>
</ignoreVersions>
<rules>
<!-- You can add more specific rules here -->
</rules>
</ruleset>
Explanation of the regex (refer to Java 8 regex documentation):
(?i)
— sets the case-insensitive flag.*
— zero or more charactersalpha
— the literal stringalpha
(...)?
— optional group, contents of which follow-?
— optional hyphen\d
— a digit
It should be noted that these regex patterns, like glob patterns, are tested against the whole version string. This is similar to grep's -x, --line-regexp option: "this is like parenthesizing the pattern and then surrounding it with ^ and $."
We can simplify this configuration by making use of alternation in the regex:
<?xml version="1.0" encoding="UTF-8"?>
<ruleset comparisonMethod="maven"
xmlns="https://www.mojohaus.org/VERSIONS/RULE/2.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://www.mojohaus.org/VERSIONS/RULE/2.1.0 https://www.mojohaus.org/versions/versions-model/xsd/rule-2.1.0.xsd">
<ignoreVersions>
<!-- Ignore Alpha's, Beta's, release candidates and milestones -->
<ignoreVersion type="regex">(?i).*(alpha|beta|rc|m)(-?\d+)?</ignoreVersion>
</ignoreVersions>
<rules>
<!-- You can add more specific rules here -->
</rules>
</ruleset>
Once you have your versions-ruleset.xml
file prepared, you must reference it in
the maven-versions-plugin
configuration in your pom's pluginManagement
section.
pom.xml: project > build > pluginManagement
:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.8.1</version>
<configuration>
<rulesUri>file:///${project.basedir}/versions-rules.xml</rulesUri>
</configuration>
</plugin>
[S]tarting with version 2.13.0 it is possible to provide the
ruleSet
element directly in the POM
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.8.1</version>
<configuration>
<ruleSet>
<ignoreVersions>
<ignoreVersion>
<type>regex</type>
<version>(?i).*-(alpha|beta|m|rc)(-?\d+)?</version>
</ignoreVersion>
</ignoreVersions>
</ruleSet>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.8.1</version>
<configuration>
<ignoredVersions>(?i).*-(alpha|beta|m|rc)(-?\d+)?</ignoredVersions>
</configuration>
</plugin>
Note: You can supply this configuration parameter multiple regex by separating them with commas.
Learn more:
ignoredVersions
https://www.mojohaus.org/versions/versions-maven-plugin/display-dependency-updates-mojo.html#ignoredVersions- Using the maven.version.ignore property
https://www.mojohaus.org/versions/versions-maven-plugin/version-rules.html#using-the-maven-version-ignore-property
The aforementioned ignoredVersions
parameter has a corresponding user property: maven.version.ignore
.
You can specify the maven.version.ignore
property in your pom.xml
or on the command line, just like any other property.
Example of using it in pom.xml
:
pom.xml: project > properties
:
<maven.version.ignore>(?i).*-(alpha|beta|m|rc)(-?\d+)?</maven.version.ignore>
Example of using it on the command line:
./mvnw -U -Dmaven.version.ignore='(?i).*-(alpha|beta|m|rc)(-?\d+)?' versions:display-plugin-updates
The -U, --update-snapshots
option "forces a check for missing releases and updated snapshots on remote repositories." You might find it necessary sometimes to accurately reflect the latest releases on remote maven repositories, at least as a temporary workaround. See discussions:
- Versions Maven Plugin not showing latest plugins available with ignores. #959
mojohaus/versions#959 - Maven Artifact Resolver not seeing latest plugins on Maven Central on my machine
https://stackoverflow.com/q/76307809 - Not detecting numerous Plugins updates available #415
mojohaus/versions#415
You can compare version strings using the maven-artifact.jar
:
$ java -jar maven-artifact.jar 3.2.1 3.2.1-beta
Display parameters as parsed by Maven (in canonical form and as a list of tokens) and comparison result:
1. 3.2.1 -> 3.2.1; tokens: [3, 2, 1]
3.2.1 > 3.2.1-beta
2. 3.2.1-beta -> 3.2.1-beta; tokens: [3, 2, 1, [beta]]
$ java -jar maven-artifact.jar 3.2.1 3.3.0-beta
Display parameters as parsed by Maven (in canonical form and as a list of tokens) and comparison result:
1. 3.2.1 -> 3.2.1; tokens: [3, 2, 1]
3.2.1 < 3.3.0-beta
2. 3.3.0-beta -> 3.3-beta; tokens: [3, 3, [beta]]
As seen in these discussions:
display-dependency-updates
version comparison algorithm bug for-pfd
mojohaus/versions#744- Legit but Useless: Maven Version Ranges Explained | by Michael Kutz | Medium
https://michakutz.medium.com/legit-but-useless-maven-version-ranges-explained-d4ba66ac654