Manage your maven dependencies

Publié par Éric Le Merdy

Your dependencies has to be managed properly to avoid the mess of uncontrolled dependencies.

Centralized

All dependencies version are centralized in the parent pom in the dedicated <dependencyManagement> and <pluginManagement> sections.

Controlled

An analyze can be performed regularly with the maven-dependency-plugin:

mvn dependency:analyze

The report detects :

  • used and declared: nothing to do

  • used and undeclared: either declare the dependency in the pom or remove the code. Every code dependency must be declared to avoid uncontrolled use of transitive dependencies.

  • unused and declared: either remove the dependency in the pom or declare the dependency as used. This is the case for spring starter or log library implementation for exemple. Your code requires them at runtime but not at compilation time.

    To declare a used dependency, use the following snippet:

    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-dependency-plugin</artifactId>
        <configuration>
            <usedDependencies>
                <usedDependency>{groupId}:{artifactId}</usedDependency>
            </usedDependencies>
        </configuration>
    </plugin>
    

Up-to-date

An analyze is performed regularly with the maven-versions-plugin.

Parent

To use the latest parent version:

mvn versions:update-parent
# Review changes, perform a build
mvn versions:commit

Dependencies

To use latest dependencies released version automatically:

mvn versions:use-latest-releases
# Review changes, perform a build
mvn versions:commit

 Plugins

To use the latest plugins version:

mvn versions:display-plugin-updates
# Change versions whenever possible