'automatic library update in the project
I am using Maven in the project and there was a need for one of the libraries to update automatically. I am using this plugin, unfortunately it has a vulnerability, so I am looking for an alternative.
For example, what I want to achieve:
<dependency>
<groupId> abcd </groupId>
<artifactId> xyz </artifactId>
<version> 1.0.1 </version>
</dependency>
I would like it to update automatically only when the last digit is raised. e.g. up to 1.0.2, 1.0.3 etc. If you upgrade to version 1.1.0, the automatic update will not be performed.
Solution 1:[1]
You can use maven version ranges to achieve this. For the equivalent of 1.0.*, use a version range of [1.0.1,1.1-SNAPSHOT). That being said, I'd use this somewhat sparingly with dependencies that you don't control, as they may change version scheme and/or functionality in ways you don't expect. Something like renovate or dependabot may do what you need in a safer way by automating upgrade PRs that you can test before blindly accepting upgrades.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Joe |