search

mojohaus / versions

Versions Maven Plugin
https://www.mojohaus.org/versions/versions-maven-plugin/
Apache License 2.0
328 stars 266 forks source link

display-dependency-updates only showing updates from the most major allowed segment? #960

Closed jarmoniuk closed 1 year ago

jarmoniuk commented 1 year ago

While working on a small refactoring job for #291, I cam across a major bug: looks like display-dependency-updates and possibly also other goals, will only report updates from the most major allowed segment, and ignore updates from lesser segments -- unless allowAnyUpdates is selected for display-dependency-updates. The latter is completely not verified as goals use different routines to retrieve updates.

Result of display-dependency-updates with allowAnyUpdates on the project itself:

The following dependencies in Dependency Management have newer versions:
  dom4j:dom4j ................................. 1.6.1 -> 20040902.021138
  org.apache.maven:maven-artifact ............... 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-compat ................. 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-core ................... 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-model .................. 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-plugin-api ............. 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-settings ............... 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven.doxia:doxia-core ................. 1.12.0 -> 2.0.0-M6
  org.apache.maven.doxia:doxia-integration-tools ... 1.11.1 -> 2.0.0-M10
  org.apache.maven.doxia:doxia-sink-api ............. 1.12.0 -> 2.0.0-M6
  org.apache.maven.doxia:doxia-site-renderer ....... 1.11.1 -> 2.0.0-M10
  org.apache.maven.enforcer:enforcer-api ................ 3.2.1 -> 3.3.0
  org.apache.maven.plugin-testing:maven-plugin-testing-harness ...
                                                  3.3.0 -> 4.0.0-alpha-1
  org.apache.maven.plugin-tools:maven-plugin-annotations ...
                                                          3.8.1 -> 3.9.0
  org.apache.maven.reporting:maven-reporting-api ..... 3.1.1 -> 4.0.0-M6
  org.apache.maven.reporting:maven-reporting-impl .... 3.2.0 -> 4.0.0-M8
  org.junit.jupiter:junit-jupiter ................... 5.9.3 -> 5.10.0-M1
  org.junit.jupiter:junit-jupiter-api ............... 5.9.3 -> 5.10.0-M1
  org.junit.jupiter:junit-jupiter-engine ............ 5.9.3 -> 5.10.0-M1
  org.junit.jupiter:junit-jupiter-migrationsupport ...
                                                      5.9.3 -> 5.10.0-M1
  org.junit.jupiter:junit-jupiter-params ............ 5.9.3 -> 5.10.0-M1
  org.junit.platform:junit-platform-commons ......... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-console ......... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-engine .......... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-jfr ............. 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-launcher ........ 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-reporting ....... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-runner .......... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-suite ........... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-suite-api ....... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-suite-commons ... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-suite-engine .... 1.9.3 -> 1.10.0-M1
  org.junit.platform:junit-platform-testkit ......... 1.9.3 -> 1.10.0-M1
  org.junit.vintage:junit-vintage-engine ............ 5.9.3 -> 5.10.0-M1
  org.mockito:mockito-inline ........................... 4.11.0 -> 5.2.0
  org.slf4j:slf4j-simple ............................... 1.7.36 -> 2.0.7

The following dependencies in pluginManagement of plugins have newer versions:
  com.puppycrawl.tools:checkstyle ....................... 9.3 -> 10.11.0

The following dependencies in Plugin Dependencies have newer versions:
  com.puppycrawl.tools:checkstyle ....................... 9.3 -> 10.11.0

result of display-dependency-updates with allowAnyUpdates=false and allowMajorUpdates=allowMinorUpdates=allowIncrementalUpdates=true:

The following dependencies in Dependency Management have newer versions:
  dom4j:dom4j ................................. 1.6.1 -> 20040902.021138
  org.apache.maven:maven-artifact ............... 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-compat ................. 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-core ................... 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-model .................. 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-plugin-api ............. 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven:maven-settings ............... 3.2.5 -> 4.0.0-alpha-5
  org.apache.maven.doxia:doxia-core ................. 1.12.0 -> 2.0.0-M6
  org.apache.maven.doxia:doxia-integration-tools ... 1.11.1 -> 2.0.0-M10
  org.apache.maven.doxia:doxia-sink-api ............. 1.12.0 -> 2.0.0-M6
  org.apache.maven.doxia:doxia-site-renderer ....... 1.11.1 -> 2.0.0-M10
  org.apache.maven.plugin-testing:maven-plugin-testing-harness ...
                                                  3.3.0 -> 4.0.0-alpha-1
  org.apache.maven.reporting:maven-reporting-api ..... 3.1.1 -> 4.0.0-M6
  org.apache.maven.reporting:maven-reporting-impl .... 3.2.0 -> 4.0.0-M8
  org.mockito:mockito-inline ........................... 4.11.0 -> 5.2.0
  org.slf4j:slf4j-simple ............................... 1.7.36 -> 2.0.7

The following dependencies in pluginManagement of plugins have newer versions:
  com.puppycrawl.tools:checkstyle ....................... 9.3 -> 10.11.0

The following dependencies in Plugin Dependencies have newer versions:
  com.puppycrawl.tools:checkstyle ....................... 9.3 -> 10.11.0

I guess that might be a major bug if confirmed and it would be best to include the fix in the coming release (postpone if necessary).

gmshake commented 1 year ago

Also encounter this with version 2.15.0.

jarmoniuk commented 1 year ago

A fix is almost ready, but I don't know if it's gonna make it to 2.16.0.

Also, VersionDetails and especially ArtifactVersions is a big pile of mud in a dire need of rearchitecting. But that's something for >2.16.0.

EDIT: Don't want to ship anything unfinished. Let's skip the release for this as well.

I've found yet another bug there, albeit with a lesser significance, because it concerns version ranges: if an artifact is defined using two or more ranges, and the selected version falls in the first range, the versions in between the ranges will never get selected.

[, 1.0.0]   v1=1.1.0   v2=1.1.1   v3=1.9.0  (2.0.0, 10.0.0)

from the above, v1, v2, v3 will never get shown as possible updates.