Keep the version rules in versions-maven-plugin

[khmarbaise]

If you need the rules.xml or the versions rules of versions-maven-plugin please vote into this ticket.
So I can see if really someone is using this. Otherwise this will be removed with version 3.0.0 of versions-maven-plugin.

[binkley]

I use rules.xml to selectively control uses of milestone (M) and release candidate (RC) versions. I have several projects which are for trying out combinations of "cutting edge" projects to find incompatibilities during their development. Examples include Spring projects and Kotlin.

[khmarbaise]

First thanks for your feedback. Can you give some example how to use the rules.xml file? Cause I never used it at all...

[Stephan202]

We use it i.c.w. with a script that we frequently run to check for version updates. We use the XML file to suppress suggested updates that we're not interested in. The file currently looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" comparisonMethod="maven" xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 https://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
    <ignoreVersions>
        <ignoreVersion type="regex">.*[aA]lpha.*</ignoreVersion>
    </ignoreVersions>
    <rules>
        <rule groupId="com.google.guava">
            <ignoreVersions>
                <ignoreVersion type="regex">.*-android</ignoreVersion>
            </ignoreVersions>
        </rule>
        <rule groupId="com.hazelcast">
            <ignoreVersions>
                <ignoreVersion type="regex">.*-EA</ignoreVersion>
            </ignoreVersions>
        </rule>
        <rule groupId="commons-collections">
            <ignoreVersions>
                <ignoreVersion type="regex">200[34].*</ignoreVersion>
            </ignoreVersions>
        </rule>
        <rule groupId="javax.servlet">
            <ignoreVersions>
                <ignoreVersion type="regex">.*-b\d+</ignoreVersion>
            </ignoreVersions>
        </rule>
        <rule groupId="org.jvnet.jaxb2_commons">
            <ignoreVersions>
                <ignoreVersion>1.11.1</ignoreVersion>
                <ignoreVersion>1.11.1-PUBLISHED-BY-MISTAKE</ignoreVersion>
            </ignoreVersions>
        </rule>
        <rule groupId="org.postgresql">
            <ignoreVersions>
                <ignoreVersion type="regex">.*\.jre[67]</ignoreVersion>
            </ignoreVersions>
        </rule>
    </rules>
</ruleset>

I would prefer to see this functionality be part of the plugin's "in-POM" configuration, though. Cause right now we do this:

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>versions-maven-plugin</artifactId>
    <version>2.4</version>
    <configuration>
        <rulesUri>file://${basedir}/version-number-rules.xml</rulesUri>
    </configuration>
</plugin>

But that means the versions:display-dependency-updates and versions:display-plugin-updates goals must be executed in the context of the project's root pom.xml.

[binkley]

@khmarbaise Here is the file I use to stay on "dev" builds of Kotlin, rather than revert to older milestones:

<ruleset comparisonMethod="maven"
             xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
    <rules>
        <rule groupId="org.jetbrains.kotlin">
            <ignoreVersions>
                <ignoreVersion type="regex">.*-M.*</ignoreVersion>
            </ignoreVersions>
        </rule>
    </rules>
</ruleset>

The default rules for the maven plugin don't understand JetBrains' idiosyncratic choices for versioning. :)

An example "dev" version: 1.1.4-dev-530.

An example milestone version: 1.1-M04.

More examples here: https://mvnrepository.com/artifact/org.jetbrains.kotlin/kotlin-stdlib

[binkley]

I tested something. Removing the rules file, I still get the desired behavior. Running versions:update-properties does not revert to an older kotlin dependency. I do not know if this is the result of an intentional change, or a happy accident that might work differently as more Kotlin versions come out.

[mattnelson]

Using the use-latest-versions and update-properties goals in combination with a custom script[1] to configure the entire dependency tree in the dependencyManagement section. This allows us to inherit updates to deep transitive dependencies which enables Gemfile.lock like functionality. I would still like the ability to configure the rules either via external file or inline in the pom.

[1] https://gist.github.com/mattnelson/3225aac8ec3be4db7194
[2] https://gist.github.com/mattnelson/5fe6c2bc84a0ffc48dcb17d3bc99f133
[3] https://stackoverflow.com/questions/27016865/gemfile-lock-equivalent-in-maven-and-gradle

[famod]

We do check for external dependency updates across our entire project via a maven profile. In this profile we reference a rules.xml to filter out inappropriate version:

<ruleset comparisonMethod="maven"
         xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
  <ignoreVersions>
    <ignoreVersion type="regex">(?i).*[-_\.]CR[0-9\.]*</ignoreVersion>
    <ignoreVersion type="regex">(?i).*[-_\.]rc[0-9\.]*</ignoreVersion>
    <ignoreVersion type="regex">(?i).*[-_\.]beta[0-9\.-]*</ignoreVersion>
    <ignoreVersion type="regex">(?i).*[-_\.]alpha[0-9\.-]*</ignoreVersion>
    <ignoreVersion type="regex">(?i).*[-_\.]nightly[0-9\.]*</ignoreVersion>
    <ignoreVersion type="regex">(?i).*[-_\.]jboss[0-9\.]*</ignoreVersion>
    <ignoreVersion type="regex">(?i).*-atlassian-[0-9\.]*</ignoreVersion>
    <ignoreVersion type="regex">(?i).*-jenkins-[0-9\.]*</ignoreVersion>
    <ignoreVersion type="regex">.*[-\.]redhat-[0-9]+</ignoreVersion>
    <ignoreVersion type="regex">\d{4,}.*</ignoreVersion>  <!-- z.B. commons-collections:commons-collections ... 3.2.1.redhat-7 -> 20040117.000000 -->
  </ignoreVersions>
  <rules>
    <rule groupId="org.slf4j" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-xwiki</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.apache.maven.plugins" artifactId="maven-surefire-plugin" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>9c6abc2</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.codehaus.mojo" artifactId="properties-maven-plugin" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-tc</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="javax.portlet" artifactId="portlet-api" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-r\d+</ignoreVersion>
        <ignoreVersion type="regex">.*-Draft\d+</ignoreVersion>
      </ignoreVersions>
    </rule>
  </rules>
</ruleset>

[rsiggi]

We use jdk7 and always more libraries need jdk8 to work.
this is our version.xml. First exclude many old apache stuff and then the jdk depends.

<ruleset comparisonMethod="maven"
         xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
  <rules>
    <rule groupId="ant-contrib" artifactId="ant-contrib" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20020829</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="commons-beanutils" artifactId="commons-beanutils" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20030211.134440</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="commons-cli" artifactId="commons-cli" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20040117.000000</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="commons-collections" artifactId="commons-collections" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20040616</ignoreVersion>
        <ignoreVersion>20040102.233541</ignoreVersion>
        <ignoreVersion>20031027.000000</ignoreVersion>
        <ignoreVersion>20030418.083655</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="commons-configuration" artifactId="commons-configuration" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20041012.002804</ignoreVersion>
        <ignoreVersion>20041012.002623</ignoreVersion>
        <ignoreVersion>20040121.140929</ignoreVersion>
        <ignoreVersion>20030706.202021</ignoreVersion>
        <ignoreVersion>20030620.073343</ignoreVersion>
        <ignoreVersion>20030311.152757</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="commons-dbcp" artifactId="commons-dbcp" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20030825.184428</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="commons-io" artifactId="commons-io" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20030203.000550</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="commons-lang" artifactId="commons-lang" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20030203.000129</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="dom4j" artifactId="dom4j" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>20040902.021138</ignoreVersion>
        <ignoreVersion type="regex">.*-.*</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.beanio" artifactId="beanio" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">.*\.M.*</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.codehaus.groovy" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-beta.*</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="junit" artifactId="junit" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-beta.*</ignoreVersion>
      </ignoreVersions>
    </rule>
<!--
	depends on JDK 8
-->
    <rule groupId="org.apache.ant" artifactId="ant" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">1\.1.*</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.aspectj" artifactId="aspect*" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion>1.8.10</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="com.beust" artifactId="jcommander" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">1\.[5-9][0-9]*</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.apache.derby" artifactId="derby*" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">10\.1[3-9][0-9]?.*</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.sonarsource.scanner.maven" artifactId="sonar-maven-plugin" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">3\.[1-9].*</ignoreVersion>
      </ignoreVersions>
    </rule>
    <rule groupId="org.hsqldb" artifactId="hsqldb" comparisonMethod="maven">
      <ignoreVersions>
        <ignoreVersion type="regex">2\.[4-9]\.*</ignoreVersion>
      </ignoreVersions>
    </rule>
  </rules>
</ruleset>```

[joergsesterhenn]

We also use rules for automatic updates to avoid some versions. Please don't drop this feature.

[sellersj]

Same with us. We use this extensively to exclude versions from jboss, redhat, atlassian, sonatype, milestones, alphas, betas, dev, RC's, jenkins, commons versions that start with the year (2004), as well as versions that depend on new java versions (8, we can only use 7).

I use this task on our various branches of bill of materials (BOM) pom's used across 100's of projects, 500+ modules.

Please, please do not remove this feature.

[JeneJasper]

Using this to remove clutter from the report:

With for example:

<?xml version="1.0" encoding="UTF-8"?>

<ruleset comparisonMethod="maven"
         xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://www.mojohaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
  <rules>
    <rule groupId="commons-logging" artifactId="commons-logging">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-does-not-exist</ignoreVersion>
      </ignoreVersions>
    </rule>

    <rule groupId="log4j" artifactId="log4j">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-atlassian.*</ignoreVersion>
      </ignoreVersions>
    </rule>

    <rule groupId="com.google.guava">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-rc.*</ignoreVersion>
      </ignoreVersions>
    </rule>

    <rule groupId="org.springframework">
      <ignoreVersions>
        <ignoreVersion type="regex">.*\.M.*</ignoreVersion>
        <ignoreVersion type="regex">.*\.RC.*</ignoreVersion>
      </ignoreVersions>
    </rule>

    <rule groupId="org.hibernate">
      <ignoreVersions>
        <ignoreVersion type="regex">.*\.Alpha.*</ignoreVersion>
        <ignoreVersion type="regex">.*\.Beta.*</ignoreVersion>
        <ignoreVersion type="regex">.*\.CR.*</ignoreVersion>
        <ignoreVersion type="regex">.*-atlassian-.*</ignoreVersion>
      </ignoreVersions>
    </rule>

    <rule groupId="junit">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-beta-.*</ignoreVersion>
        <ignoreVersion type="regex">.*-brew.*</ignoreVersion>
      </ignoreVersions>
    </rule>

    <rule groupId="org.mockito">
      <ignoreVersions>
        <ignoreVersion type="regex">.*-dev.*</ignoreVersion>
        <ignoreVersion type="regex">.*-beta.*</ignoreVersion>
        <ignoreVersion type="regex">.*-rc.*</ignoreVersion>
      </ignoreVersions>
    </rule>

    <rule groupId="org.slf4j">
      <ignoreVersions>
        <ignoreVersion type="regex">.*jbossorg.*</ignoreVersion>
      </ignoreVersions>
    </rule>
  </rules>
</ruleset>

Resulting in:

[khmarbaise]

So this feedback makes clear it is used in the wild so I don't see any reason to remove the support for that..

Thanks to all who have given feedback.

[lesv]

I use it so guide a bot to update and test new releases: https://github.com/GoogleCloudPlatform/java-repo-tools/blob/master/versions-rules.xml

Glad your keeping it.

[Jessevanbekkum]

Thanks for keeping it. We also use it, especially for filtering out milestones/beta's/release candidates, filtering out dependencies with mistakes or old versioning methods such as this, and suppressing messages about dependencies we cannot update yet.

[obfischer]

I was not aware of this feature, but this is exactly what I was looking fore. Please keep it.

[jpdigital]

Another one for keeping it. We have a project which uses commons-collections and commons-primitives. It looks like they changed their versioning system sometime. In Maven Central their are very old versions like 20040616... But these version are much are older then for example 3.2.2. But of course the versions plugins reports 20040616 as an update. The rules feature is the perfect solution for removing such clutter from the plugins reports.

Another possible use case: I you are building a Java EE application with Hibernate which is deployed on Wildfly it is maybe a good idea to use the same version of Hibernate than the one including in your Wildfly. But these bundled version is usually older than the most current version. Using a rule you also remove this from report of the versions plugin.

[efenderbosch]

Update the docs here: http://www.mojohaus.org/versions-maven-plugin/rule.html
to remove the link to this issue

[johndevs]

This was an awesome issue in getting examples of using the plugin, really helped me in filtering our dependencies. Thanks to everybody who provided examples of their setup 👍

[gquintana]

I am using it to skip betas and alphas.

<ruleset>
  <ignoreVersions>
    <ignoreVersion type="regex">.*[-_\.](alpha|Alpha|ALPHA|beta|Beta|BETA|rc|RC|M|EA)[-_\.]?[0-9]?.*</ignoreVersion>
  </ignoreVersions>
</ruleset>

This ruleset is so simple that I'd like to have it the pom.xml instead of having to reference a file URI.

[Andrei-Pozolotin]

+1

[sazzer]

I'm just starting to use it to filter out versions that we're not ready to upgrade to yet. For example, it keeps showing the 1.8 beta releases of SLF4J, which is a pain.

[caladyon]

Thanks for continuing to support this feature. I'm starting to use it now, to exclude dependencies in beta version.

[sabgit]

+1: we are using it for similar reasons already mentioned by other voters

[pgervais70]

+1: We are using it also to control dependency updates like other voters mentioned

[sellersj]

Since it looks like this feature won't be removed, can this ticket be closed with a "don't worry, the feature stays" message. It was in June when it was said that the feature is staying.

#157 (comment)

[tesaarni]

+1

[rroman81]

+1 This feature seems very helpful

[COvayurt]

+1

[khmarbaise]

Based on the good feedback this will not been removed.

[soruce]

+1

[romani]

It would be good to remove deprecation note from documentation

[famod]

It would be good to remove deprecation note from documentation

See PR #273. Unfortunately there hasn't been any progress lately.