How to check for dependency updates in Gradle?

Every time a new library is added to a project, the question arises as to whether it can be dispensed with. And no wonder, because we developers already have to maintain a zoo of libraries in our projects. Each new one adds the routine work of finding, updating and migrating libraries to new versions. And if no one performs the migration to new versions for us, then the search for updates can be automated. That’s what I’m going to talk about in this article.

Why update dependencies at all?

We live in the 21st century, the century of digitalization of everything and everyone. Every day, another group of hackers breaks into the information systems of another company. This is especially true now, when the geopolitical situation has changed.

Many attempts to hack an information system fail due to the fact that the creator of the information system itself did not bother to update the code base and the dependencies used in time. In any software, any libraries and frameworks, there are vulnerabilities used for hacking. Recall at least a loud find in Apache Log4jwhich forced literally all developers to urgently make corrections to their own systems.

To solve the problem of using obsolete libraries, services like Dependabot or Renovate. However, for Java developers, there are ways to get information about available updates much easier and faster – gradle-versions-plugin.

Gradle Versions Plugin

Information about the project and instructions can be found on the official page project on GitHub.

Installation

In order to start using the plugin in your gradle project, just add the plugin to your build.gradle project file. To section plugins include the following declaration:

id 'com.github.ben-manes.versions' version '0.47.0'

Where 0.47.0 – this is the most current version of the plugin at the time of writing.

And it’s all.

Usage

With the addition of the plugin, a new task has appeared in your gradle project – dependencyUpdates, which generates a report on the status of your project’s dependencies. To use the new task, just run the following command:

gradle dependencyUpdates

A full report on the dependencies used in the project will be displayed in the terminal.

Example

Now let’s look at a live example of how the plugin works. To do this, I created a generated new Java project using the command gradle init. After answering all the questions of the generator, I received a project with a small number of dependencies – just the right thing to demonstrate the plugin.

After adding the plugin to the project, my build.gradle the file looks like this:

 plugins {
     id 'application'
     id 'com.github.ben-manes.versions' version '0.47.0'
 }
 
 repositories {
     mavenCentral()
 }
 
dependencies {
    implementation 'com.google.guava:guava:31.1-jre'
}

testing {
    suites {
        test {
            useJUnitJupiter('5.8.0')
        }
    }
}

application {
    mainClass="ru.anverbogatov.App"
}

Let’s do it gradle dependencyUpdates to get a report on the availability of dependency updates for our project:

 $ gradle dependecyUpdates
 
 > Task :app:dependencyUpdates
 
 ------------------------------------------------------------
 :app Project Dependency Updates (report to plain text file)
 ------------------------------------------------------------
 
 The following dependencies are using the latest milestone version:
 - com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.47.0
 - com.google.guava:guava:31.1-jre

The following dependencies have later milestone versions:
 - org.junit.jupiter:junit-jupiter [5.8.0 -> 5.9.1]
     https://junit.org/junit5/

Gradle release-candidate updates:
 - Gradle: [7.6: UP-TO-DATE]

Generated report file build/dependencyUpdates/report.txt

The report immediately shows that the version of JUnit used in the project has been updated:

The following dependencies have later milestone versions:

org.junit.jupiter:junit-jupiter [5.8.0 -> 5.9.1]

Fix the JUnit version in the project to the latest by updating the version number in build.gradle file:

...
testing {
  suites {
    test {
      useJUnitJupiter('5.9.1')
    }
  }
}
...

And run the command gradle dependecyUpdates again, to make sure we’re now using the latest versions of the dependencies:

$ gradle dependencyUpdates
 
> Task :app:dependencyUpdates

------------------------------------------------------------
:app Project Dependency Updates (report to plain text file)
------------------------------------------------------------

The following dependencies are using the latest milestone version:
- com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin:0.47.0
- com.google.guava:guava:31.1-jre
- org.junit.jupiter:junit-jupiter:5.9.1

Gradle release-candidate updates:
 - Gradle: [7.6: UP-TO-DATE]

Generated report file build/dependencyUpdates/report.txt

Now, our project uses the latest versions of the libraries.

Conclusion

gradle-versions-plugin works great on both small projects and large multi-project gradle projects with lots of libraries. It is especially convenient to get information about the availability of new versions in Spring Boot projects, where the number of different dependencies is huge.

The console command and terminal output also make this plugin an excellent candidate for inclusion in your CI pipelines.

List of materials

Additional materials

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *