It isn’t Sunday morning. Sipping espresso and going via my feed and got here throughout this gem that @Markus Eisele simply posted. Okay first I noticed the submit as “previous maven plugin”, and I am like what does that imply? Anyway going into the git repo I see this can be a new venture by Giovanni van der Schild.
Keep up-to-date and safe with previous Maven plugins! The Deprecated Maven plugin is a device designed to assist builders establish deprecated dependencies of their Maven initiatives. By scanning your venture’s dependencies, this plugin determines if they aren’t actively maintained primarily based on a user-defined inactivity threshold through the years. This ensures that your venture stays up-to-date with the most recent and most secure variations of its dependencies.
It actually solves an issue in a giant approach. There are various environments the place older binaries are getting used. On high of that it will be an enormous assist if customers might outline a test on the brink to maintain the binaries in control. A fast search on-line returns outcomes on find out how to discover libraries unprotected by the Maven dependency plugin. It’s simple to detect the dependencies used. That is additionally a giant assist.
Nevertheless it’s checking for plugin updates and giving builders and customers information that could be one thing necessary to think about, particularly if the libraries are outdated or comprise potential safety vulnerabilities.
To get began I merely drag the next plugin into my venture pom.xml. Nicely this is not actually my venture I simply went forward and cloned the Apache Struts examples repo from github and gave it a strive. Sorry Apache Struts however that is what involves thoughts after I consider programming net programs from a decade or so in the past.
com.giovds
outdated-maven-plugin
1.0.0
1
false
outdated-check
test
- Observe that within the above plugin
Then to run it on my venture I run the next command.
mvn com.giovds:outdated-maven-plugin:test
So right here is an attention-grabbing output. The module Relaxation Angular has an previous dependency as per the usual above. (1 12 months)
(INFO) --------------------------------------
(INFO) Constructing REST Plugin primarily based software with AngularJS 1.1.0 (33/47)
(INFO) from rest-angular/pom.xml
(INFO) --------------------------------( battle )---------------------------------
(INFO)
(INFO) --- outdated:1.0.0:test (default-cli) @ rest-angular ---
(WARNING) Dependency 'org.hamcrest:hamcrest-all:1.3' has not obtained an replace since model '1.3' was final uploaded '2012-07-09'.
(WARNING) Dependency 'org.hibernate.validator:hibernate-validator:6.2.3.Closing' has not obtained an replace since model '6.2.3.Closing' was final uploaded '2022-03-03'.
(WARNING) Dependency 'org.glassfish:javax.el:3.0.1-b12' has not obtained an replace since model '3.0.1-b12' was final uploaded '2020-10-12'.
(WARNING) Dependency 'com.fasterxml.jackson.core:jackson-core:2.14.1' has not obtained an replace since model '2.14.1' was final uploaded '2022-11-22'.
(WARNING) Dependency 'com.fasterxml.jackson.core:jackson-annotations:2.14.1' has not obtained an replace since model '2.14.1' was final uploaded '2022-11-22'.
(WARNING) Dependency 'com.fasterxml.jackson.core:jackson-databind:2.14.1' has not obtained an replace since model '2.14.1' was final uploaded '2022-11-22'.
(WARNING) Dependency 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.14.1' has not obtained an replace since model '2.14.1' was final uploaded '2022-11-22'.
(WARNING) Dependency 'junit:junit:4.13.2' has not obtained an replace since model '4.13.2' was final uploaded '2021-02-13'.
(WARNING) Dependency 'com.jayway.jsonpath:json-path:2.7.0' has not obtained an replace since model '2.7.0' was final uploaded '2022-01-30'.
(WARNING) Dependency 'javax.servlet:javax.servlet-api:4.0.1' has not obtained an replace since model '4.0.1' was final uploaded '2018-04-20'.
(WARNING) Dependency 'javax.servlet:jsp-api:2.0' has not obtained an replace since model '2.0' was final uploaded '2005-11-08'.
The output is sweet and clear.
Dependency Identify, and so forth modeland final uploaded to the Maven repo.
I bumped into an issue although. The place I’m working Java 17. However the plugin is suitable with the most recent Java LTS model 21.
Execution default-cli of aim com.giovds:outdated-maven-plugin:1.0.0:test failed:
Unable to load the mojo 'test' within the plugin 'com.giovds:outdated-maven-plugin:1.0.
0' attributable to an API incompatibility: org.codehaus.plexus.element.repository.exception.
ComponentLookupException: com/giovds/OutdatedMavenPluginMojo has been compiled by a
more moderen model of the Java Runtime (class file model 65.0), this model of
the Java Runtime solely acknowledges class file variations as much as 61.0
I feel there might be many initiatives with model 17 or earlier. NewRelic’s Java Ecosystem report additionally identifies a few of the variations in use. And I feel numerous older Java environments are the sort of environments the place a device like this may be very helpful in serving to customers additional.
Up to date as 18th July 2024
The venture writer has added help for LTS-1 launch i.e. Java 17.
