Maven dependencies - version vs updates

About

Asked 12/2, 2016 at 3:29 Answered 12/2, 2016 at 20:3

mvnrepository usually lists "version" and "updates" for each dependency.

If I'm publishing my own package, how do I specify the "updates" version
Which dependancy does Maven used when resolving transitive dependencies? So if my package depends on package A, which depends of package B with - version = 1.0 and updates = 1.1. Which version of B would I get?

Wadesworth answered 12/2, 2016 at 3:29 Comment(5)

So you define to be depending on package A (version?) which depends on package B (version 1.0.) So you will get version 1.0 of package B if you don't overwrite it in your package...So you define the dependencies in your pom file which is checked into your version control which means this will not change until you change your pom file...May be i misunderstand the question? If you like to update you need to change the version of package A (different version)..? – Hoggish 12/2, 2016 at 7:19

What "updates" are you talking about? Take mvnrepository.com/artifact/com.github.valdr/… for example, where do you see "updates"? – Slit 12/2, 2016 at 8:0

@MarcelStör: jackson-databind is version 2.4.0, updates 2.7.1-1 – Wadesworth 12/2, 2016 at 15:4

@khmarbaise: That's true is A depends on version 1.0 on B. But say in Marcel's example - Valdr Bean depends on jackson-databind. If I include Valdr Bean, when will I get jackson-databind 2.4.0, and when will I get version 2.7.1-1? – Wadesworth 12/2, 2016 at 15:6

@Wadesworth Is there any more feedback you need? If not I suggest you consider to accept the answer so that SO can mark this question as closed, meta.stackexchange.com/questions/5234/…. – Slit 11/3, 2016 at 6:5

107

You're asking what the meaning of the information in the "Updates" column of MVNRepository's "Compile Dependencies" table is.

It tells you whether there's an updated version of a particular dependency available and if so what the latest version is. If there's a check mark it means the library in question already uses the latest version of dependency X. You will always get the declared version of a dependency no matter what the latest version is.

Hence, if you use valdr-bean-validation 1.1.2 (example above) you'll also get jackson-databind 2.4.0 as a transitive dependency (1st row above). 2.7.1-1 would be the latest available jackson-databind version.

Notes: I finally understand your question. It would have been helpful for you to give us a concrete example right from the start.

Pelletier answered 12/2, 2016 at 20:3 Comment(6)

I noticed that in some cases the "Updates" version is actually older than the "Version" version. e.g. "Version: 2.5.0-b42 ; Updates: 2.4.0" . Confusing. – Choragus 11/7, 2018 at 10:8

Yes, here's an example of the "updates" column having a older version than the "version" column. I guess "updates" column version is the version that the original library needs. Another question is about the check mark. The above explanation isn't clear. Is the check mark present in cases where the "version column" is the latest version and the original library requires that version? – Name 18/12, 2018 at 6:39

@andy-dufresne Re: "Version: 2.5.0-b42 ; Updates: 2.4.0": by Maven standards (i.e. the way it compares version numbers) 2.5.0-b42 is not a generally available release but one of the alpha, beta or RC types. That's why it considers 2.4.0 to be the latest generally available version. It may just not be smart enough in this respect; I guess that's subjective. The checkmark simply means that (again according to Maven's version algorithm) the latest generally available version is the one declared in the project POM -> project is using the latest. – Slit 18/12, 2018 at 9:18

If I want use update version of transitive dependency, How can I configure in POM.xml – Howlett 22/4, 2020 at 10:17

Are there any (weak) guarantees that the updates revision doesn't introduce breaking changes? A colleague once suggested that such info meant there were no breaking changes, but I'm not convinced. – Foreandaft 16/11, 2021 at 21:6

@SridharSarnobat not that I know of. If the whole world used SemVer it might in theory be possible to derive this information from the difference in version numbers. However, there are projects which claim/appear to use SemVer but still release breaking changes with minor releases. There's just a single guarantee: there are no guarantees :-/ – Slit 17/11, 2021 at 9:56

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags