Dependency Updates Available (SL002)
Checks for available updates to dependencies and plugins in a Maven project.
Description
Uses the Maven Versions Plugin to detect newer dependency, plugin, parent, and property versions. Reports the latest overall version, the latest minor version within the current major, and the latest patch version within the current minor (when applicable). Does not show updates to dependencies where no version is specified due to the dependency being managed by the parent.
Rationale
Keeping dependencies up-to-date improves security and stability. Major updates may be breaking and should be evaluated.
Findings
-
ERROR
-
Client module JAR not found; project needs to be built locally
-
-
INFO
-
Newer dependency/plugin/parent/property version detected
-
Major version update detected (consult PO or consider latest minor)
-
Latest minor within current major and latest patch within current minor suggested
-
Noncompliant
<!-- Example showing outdated dependency version in a POM -->
<project>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<version>2.7.5</version> <!-- outdated -->
</dependency>
</dependencies>
</project>Compliant
<!-- Example showing up-to-date dependency version in a POM -->
<project>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<version>${spring-boot.version}</version> <!-- managed and up-to-date -->
</dependency>
</dependencies>
</project>