Description:
Adds a Python script and Maven profile to check the status of all external dependencies across the multi-module project and print a grouped update report.
What it does
Running mvn -N -P dependency-updates validate scans all module POMs, resolves versions from the root dependencyManagement, queries repo1.maven.org for the latest release version of each dependency, and prints two tables:
Table 1 — Version status, grouped by:
- Major version updates available
- Minor / patch updates available
- Up to date
- Unknown (artifact not found on Central)
Table 2 — Artifacts available under different coordinates, covering known cases where a new generation of a library was published with a different Maven groupId or artifactId (e.g. Jackson 2.x → tools.jackson.* 3.x, Apache HttpComponents 4 →
httpcomponents.client5/core5, Elasticsearch REST high-level client → co.elastic.clients:elasticsearch-java).
Both tables include a Modules column listing which sub-modules declare each dependency.
Usage
mvn -N -P dependency-updates validate
The -N flag (non-recursive) is required to avoid repeating the report for every sub-module.
The script can also be run directly:
python3 scripts/dependency-updates.py [project-root]
Implementation notes
- Version lookup uses maven-metadata.xml from the Central repo directly, which is more reliable than the Solr search API (the latter returns stale timestamp-based version strings for some older artifacts like commons-cli).
- The coordinate-rename mapping is defined as two small tables at the top of the script — EXPLICIT_SUCCESSORS for individual artifact renames and GROUP_PREFIX_SUCCESSORS for whole artifact families — making it straightforward to extend.
- Artifacts merged into a successor artifact (e.g. jackson-annotations absorbed into jackson-core in 3.x) are flagged as (not found — possibly merged) rather than shown as broken.
Description:
Adds a Python script and Maven profile to check the status of all external dependencies across the multi-module project and print a grouped update report.
What it does
Running mvn -N -P dependency-updates validate scans all module POMs, resolves versions from the root dependencyManagement, queries repo1.maven.org for the latest release version of each dependency, and prints two tables:
Table 1 — Version status, grouped by:
Table 2 — Artifacts available under different coordinates, covering known cases where a new generation of a library was published with a different Maven groupId or artifactId (e.g. Jackson 2.x → tools.jackson.* 3.x, Apache HttpComponents 4 →
httpcomponents.client5/core5, Elasticsearch REST high-level client → co.elastic.clients:elasticsearch-java).
Both tables include a Modules column listing which sub-modules declare each dependency.
Usage
mvn -N -P dependency-updates validate
The -N flag (non-recursive) is required to avoid repeating the report for every sub-module.
The script can also be run directly:
python3 scripts/dependency-updates.py [project-root]
Implementation notes