This article was also published on Medium.
In this blog post, we will look at some standard Maven commands that can help us manage our dependencies and keep them up to date. These are useful to see both direct and transitive dependencies used in the project, look for version updates of dependencies and plugins, and look for unused dependencies that may be removed. All of these can be useful to keep our dependencies up to date.
For the examples in this post, we are using the following tools and versions:
- IntelliJ IDEA Community Edition 2022.2.1 – which you can get here
- Example project from GitHub (Note: this is an outdated & unmaintained project, which makes it useful to show how to find outdated dependencies)
- Maven 3.8.6 (optional, see note below) – Install Maven
Note: Maven wrapper
The project we are using in this example includes a Maven wrapper. If the project you are working on does not have a Maven wrapper, you will need to have Maven installed on your local machine. To add Maven wrapper to your project, run the following command in your terminal:
mvn wrapper:wrapper and commit the result. Now anyone who uses the project can use the Maven wrapper without having to install Maven locally, and using the same Maven version.
Using Maven to display dependency updates
We can use Maven to check if there are updates available for the dependencies we are using in our project. Run the following command in your terminal:
This will display a list of dependencies for which newer versions have been found.
As you can see, there are quite a few dependencies that need to be updated in this project. The reason is that this is an old project that was created from a tutorial years ago and not maintained since. The upside is that it is a great project to use as an example for finding outdated dependencies.
Using Maven to display plugin updates
The same is possible for plugins. Check which plugins can be updated by running the following command in your terminal:
On the example project, this provides the following result:
This project doesn’t really use a lot of plugins. Your actual projects might, so I wanted to include this command here.
Overview of dependencies: dependency-tree
To see all the dependencies you are using in your project, run the following command in your terminal:
./mvnw dependency:tree. This will return a list of the dependencies declared in this project, and their transitive dependencies:
Of course, you can also find the declared dependencies in your pom.xml, but it’s good to have an idea of which transitive dependencies they bring in.
Filtering the dependency tree
The dependency tree for this example project is rather small, like the project itself. Your actual projects at work might be much bigger. If needed, you can filter the dependency tree.
To check where a specific dependency is coming from, use the following command:
./mvnw dependency:tree -Dincludes=<groupId>:<artifactId> containing the groupId and artifactId of the dependency you are looking for.
For example, if we would like to see where this project is getting the
slf4j dependency, we would run
./mvnw dependency:tree -Dincludes=org.slf4j:slf4j-api. We see that we get this transitive dependency through Hibernate:
For more information on filtering the dependency tree, see the Maven documentation.
The effective pom is the POM that results from the application of interpolation, inheritance and active profiles. To generate the effective POM, run the following command in your terminal:
When running this command on the the example project, the result will be fairly small, because it is a relatively small project. For a large project, the effective pom will be much bigger. If needed, you can write the effective POM into a log file using the following command:
./mvnw help:effective-pom --log-file log.txt.
Use Maven to find unused dependencies
We can also use Maven to find unused dependencies. Run
./mvnw dependency:analyze on the example project gives us the following results:
We see that we have “Used undeclared” dependencies, like
If we search for that dependency, by filtering the dependency tree for that particular dependency using
./mvnw dependency:tree -Dincludes=org.springframework:spring-beans we see that it is a transitive dependency from Spring-webmvc:
We also see some “Unused declared” dependencies. If these are dependencies you truly don’t need, it might be a good idea to remove them from your pom.xml. (Note: In this example, JUnit is unused because the tutorial this project is based on didn’t include any tests. If that is the case for your project, consider adding tests instead of removing this dependency!)
Maven offers several ways to help us keep our dependencies up to date. Using the commands above can help us to keep the dependencies we need up to date, and to remove the dependencies we no longer need.