search

spring-attic / bomr

Command-line tool for creating and updating a Maven bom
32 stars 5 forks source link

Provide a summary of dependencies that didn't match the policy rather than ignoring them #15

Open snicoll opened 5 years ago

snicoll commented 5 years ago

We've missed a dependency update on master for a dependency that was at 0.12.2-RC4 and jumped straight to 1.0.0.RC2. The branch uses same-major-version so it ignored the fact a new major was available.

This use case is totally unusual but as we're relying on bomr so much these days I wondered if adding a log entry for dependency that matched wouldn't be a good thing.

A single line with the dependency id and a comma separated list of newer versions that are available even though they don't match the policy would be a good start to spot this kind of scenario.

wilkinsona commented 5 years ago

I think the summary would add quite a bit of noise. You'd have to review and re-review its output each time your ran Bomr to see if there was a major upgrade that you wanted to make even though you're using a same major version upgrade policy. I wonder if it wouldn't be better to use any combined with prohibited upgrades for new majors that we definitely don't want?

snicoll commented 5 years ago

This is an interesting idea and certainly worth a try on master 👍

snicoll commented 5 years ago

I ran master with the any policy and got the following output

Antlr2 2.7.7

    1. 20030911

Please select a version:

Logback 1.2.3

    1. 1.3.0-alpha0
    2. 1.3.0-alpha1
    3. 1.3.0-alpha2
    4. 1.3.0-alpha3
    5. 1.3.0-alpha4

Please select a version:

Atomikos 4.0.6

    1. 5.0.0
    2. 5.0.1

Please select a version:

Cassandra Driver 3.7.2

    1. 4.0.0 (Some modules are missing: cassandra-driver-mapping)

Please select a version:

Jackson 2.9.9.20190807

    1. 2.10.0.pr1

Please select a version:

Woodstox 5.0.3

    1. 5.1.0
    2. 5.2.0
    3. 5.2.1
    4. 5.3.0
    5. 6.0.0.pr1
    6. 6.0.0.pr2

Please select a version:

Caffeine 2.7.0

    1. 2.8.0

Please select a version:

Mssql Jdbc 6.4.0.jre8

    1. 6.4.0.jre9
    2. 6.5.0.jre8-preview
    3. 6.5.0.jre9-preview
    4. 6.5.1.jre8-preview
    5. 6.5.1.jre9-preview
    6. 6.5.2.jre8-preview
    7. 6.5.2.jre9-preview
    8. 6.5.3.jre8-preview
    9. 6.5.3.jre10-preview
    10. 6.5.4.jre8-preview
    11. 6.5.4.jre10-preview
    12. 7.0.0.jre8
    13. 7.0.0.jre10
    14. 7.1.0.jre8-preview
    15. 7.1.0.jre10-preview
    16. 7.1.1.jre8-preview
    17. 7.1.1.jre10-preview
    18. 7.1.2.jre8-preview
    19. 7.1.2.jre11-preview
    20. 7.1.3.jre8-preview
    21. 7.1.3.jre11-preview
    22. 7.1.4.jre8-preview
    23. 7.1.4.jre11-preview
    24. 7.2.0.jre8
    25. 7.2.0.jre11
    26. 7.2.1.jre8
    27. 7.2.1.jre11
    28. 7.2.2.jre8
    29. 7.2.2.jre11
    30. 7.3.0.jre8-preview
    31. 7.3.0.jre11-preview
    32. 7.3.1.jre8-preview
    33. 7.3.1.jre11-preview
    34. 7.3.1.jre12-preview
    35. 7.4.0.jre8
    36. 7.4.0.jre11
    37. 7.4.0.jre12
    38. 7.4.1.jre8
    39. 7.4.1.jre11
    40. 7.4.1.jre12

Please select a version:

Okhttp3 3.14.2

    1. 4.0.0-alpha01 (Some modules are missing: okhttp-testing-support)
    2. 4.0.0-alpha02 (Some modules are missing: okhttp-testing-support)
    3. 4.0.0-RC1 (Some modules are missing: okhttp-testing-support)
    4. 4.0.0-RC2 (Some modules are missing: okhttp-testing-support)
    5. 4.0.0-RC3 (Some modules are missing: okhttp-testing-support)
    6. 4.0.0 (Some modules are missing: okhttp-testing-support)
    7. 4.0.1 (Some modules are missing: okhttp-testing-support)
    8. 4.1.0 (Some modules are missing: okhttp-testing-support)

Please select a version:

Rest Assured 3.3.0

    1. 4.0.0

Please select a version:

Undertow 2.0.23.Final

    1. 2.0.24.Final

Please select a version:

Javax Jaxb 2.3.1

    1. 2.4.0-b180725.0427
    2. 2.4.0-b180830.0359

Please select a version:

Junit 4.12

    1. 4.13-beta-1
    2. 4.13-beta-2
    3. 4.13-beta-3

Please select a version:

Byte Buddy 1.10.0

    1. 1.10.1

Please select a version:

Jna 4.5.2

    1. 5.0.0
    2. 5.1.0
    3. 5.2.0
    4. 5.3.0
    5. 5.3.1
    6. 5.4.0

Please select a version:

Commons Dbcp2 2.6.0

    1. 2.7.0

Please select a version:

Log4j2 2.12.0

    1. 2.12.1

Please select a version:

Groovy 2.5.7

    1. 2.5.8
    2. 2.6.0-alpha-1 (Some modules are missing: groovy-cli-commons, groovy-cli-picocli, groovy-datetime, groovy-dateutil, groovy-jaxb, groovy-json-direct, groovy-test-junit5)
    3. 2.6.0-alpha-2 (Some modules are missing: groovy-cli-commons, groovy-cli-picocli, groovy-datetime, groovy-dateutil, groovy-jaxb, groovy-json-direct, groovy-test-junit5)
    4. 2.6.0-alpha-3 (Some modules are missing: groovy-cli-commons, groovy-cli-picocli, groovy-datetime, groovy-dateutil, groovy-jaxb, groovy-test-junit5)
    5. 2.6.0-alpha-4 (Some modules are missing: groovy-jaxb)
    6. 3.0.0-alpha-1 (Some modules are missing: groovy-cli-commons, groovy-cli-picocli, groovy-datetime, groovy-dateutil, groovy-jaxb, groovy-json-direct, groovy-test-junit5)
    7. 3.0.0-alpha-2 (Some modules are missing: groovy-cli-commons, groovy-cli-picocli, groovy-jaxb, groovy-test-junit5)
    8. 3.0.0-alpha-3 (Some modules are missing: groovy-jaxb)
    9. 3.0.0-alpha-4 (Some modules are missing: groovy-json-direct)
    10. 3.0.0-beta-1 (Some modules are missing: groovy-json-direct)
    11. 3.0.0-beta-2 (Some modules are missing: groovy-json-direct)
    12. 3.0.0-beta-3 (Some modules are missing: groovy-json-direct)

Please select a version:

Jetty 9.4.19.v20190610

    1. 10.0.0-alpha0

Please select a version:

Elasticsearch 6.8.2

    1. 7.0.0-alpha1
    2. 7.0.0-alpha2
    3. 7.0.0-beta1
    4. 7.0.0-rc1
    5. 7.0.0-rc2
    6. 7.0.0
    7. 7.0.1
    8. 7.1.0
    9. 7.1.1
    10. 7.2.0
    11. 7.2.1
    12. 7.3.0

Please select a version:

Jaybird 3.0.6

    1. 4.0.0-beta-1

Please select a version:

Flyway 5.2.4

    1. 6.0.0-beta
    2. 6.0.0-beta2

Please select a version:

Glassfish Jaxb 2.3.2

    1. 2.4.0-b180725.0644
    2. 2.4.0-b180830.0438

Please select a version:

Hibernate 5.4.4.Final

    1. 6.0.0.Alpha2 (Some modules are missing: hibernate-c3p0, hibernate-ehcache, hibernate-entitymanager, hibernate-envers, hibernate-hikaricp, hibernate-java8, hibernate-jcache, hibernate-proxool, hibernate-spatial, hibernate-testing, hibernate-vibur)

Please select a version:

Hibernate Validator 6.0.17.Final

    1. 6.1.0.Alpha1
    2. 6.1.0.Alpha2
    3. 6.1.0.Alpha3
    4. 6.1.0.Alpha4
    5. 6.1.0.Alpha5
    6. 6.1.0.Alpha6

Please select a version:

Infinispan 9.4.15.Final

    1. 9.4.16.Final
    2. 10.0.0.Alpha1 (Some modules are missing: infinispan-spring5-common, infinispan-spring5-embedded, infinispan-spring5-remote)
    3. 10.0.0.Alpha2 (Some modules are missing: infinispan-persistence-cli, infinispan-spring4-common, infinispan-spring4-embedded, infinispan-spring4-remote)
    4. 10.0.0.Alpha3 (Some modules are missing: infinispan-cachestore-leveldb, infinispan-persistence-cli, infinispan-spring4-common, infinispan-spring4-embedded, infinispan-spring4-remote)
    5. 10.0.0.Beta1 (Some modules are missing: infinispan-cachestore-leveldb, infinispan-persistence-cli, infinispan-spring4-common, infinispan-spring4-embedded, infinispan-spring4-remote)
    6. 10.0.0.Beta2 (Some modules are missing: infinispan-cachestore-leveldb, infinispan-persistence-cli, infinispan-spring4-common, infinispan-spring4-embedded, infinispan-spring4-remote)
    7. 10.0.0.Beta3 (Some modules are missing: infinispan-cachestore-leveldb, infinispan-persistence-cli, infinispan-spring4-common, infinispan-spring4-embedded, infinispan-spring4-remote, infinispan-tree)
    8. 10.0.0.Beta4 (Some modules are missing: infinispan-cachestore-leveldb, infinispan-persistence-cli, infinispan-spring4-common, infinispan-spring4-embedded, infinispan-spring4-remote, infinispan-tree, infinispan-protocol-parser-generator-maven-plugin)
    9. 10.0.0.Beta5 (Some modules are missing: infinispan-cachestore-leveldb, infinispan-persistence-cli, infinispan-spring4-common, infinispan-spring4-embedded, infinispan-spring4-remote, infinispan-tree, infinispan-protocol-parser-generator-maven-plugin)

Please select a version:

Jboss Logging 3.4.0.Final

    1. 3.4.1.Final

Please select a version:

Kotlin Coroutines 1.3.0-RC

    1. 1.3.0-RC2

Please select a version:

Mockito 2.28.2

    1. 3.0.0

Please select a version:

Mongodb 3.11.0-rc0

    1. 3.11.0

Please select a version:

Jetty El 8.5.40

    1. 9.0.14
    2. 9.0.14.1
    3. 9.0.19

Please select a version:

Postgresql 42.2.6

    1. 42.2.6.jre6
    2. 42.2.6.jre7

Please select a version:

Selenium 3.141.59

    1. 4.0.0-alpha-1
    2. 4.0.0-alpha-2

Please select a version:

Slf4j 1.7.26

    1. 1.7.27
    2. 1.7.28
    3. 1.8.0-alpha0 (Some modules are missing: slf4j-jcl)
    4. 1.8.0-alpha1 (Some modules are missing: slf4j-jcl)
    5. 1.8.0-alpha2 (Some modules are missing: slf4j-jcl)
    6. 1.8.0-beta0 (Some modules are missing: slf4j-jcl)
    7. 1.8.0-beta1 (Some modules are missing: slf4j-jcl)
    8. 1.8.0-beta2 (Some modules are missing: slf4j-jcl)
    9. 1.8.0-beta4 (Some modules are missing: slf4j-jcl)
    10. 2.0.0-alpha0 (Some modules are missing: slf4j-jcl)

Please select a version:

Maven Deploy Plugin 2.8.2

    1. 3.0.0-M1

Please select a version:

Maven Failsafe Plugin 2.22.2

    1. 3.0.0-M1
    2. 3.0.0-M2
    3. 3.0.0-M3

Please select a version:

Maven Install Plugin 2.5.2

    1. 3.0.0-M1

Please select a version:

Maven Site Plugin 3.7.1

    1. 3.8.2

Please select a version:

Maven Surefire Plugin 2.22.2

    1. 3.0.0-M1
    2. 3.0.0-M2
    3. 3.0.0-M3

Please select a version:

Git Commit Id Plugin 2.2.6

    1. 3.0.0
    2. 3.0.1

Please select a version:

I've noticed most of the noise is generated by versions that are in preview, alpha, beta, or milestone phase. If we had a way to exclude them from the list (with a hint we did so) it would make the output much more bearable IMO. Thoughts?