Not detecting numerous Plugins updates available

[davewichers]

I love this plugin, but recently noticed it is missing numerous updates that are available to plugins I'm using. If you use this pom.xml: https://github.com/nahsra/antisamy/blob/d0b3fcc99637eed5decd4a3bdc1e66adb9941fa6/pom.xml (and upgrading to versions-maven-plugin v2.7 didn't change anything), I noticed that these plugin updates that are available are not being identified:

org.apache.maven.plugins:maven-dependency-plugin:3.1.1 has a 3.1.2 available
org.apache.maven.plugins:maven-enforcer-plugin:3.0.0.M2 has a 3..0.0.M3 available
com.github.spotbugs:spotbugs-maven-plugin:3.1.12.2 has a 4.0.4 available
and I suspect there are more.

I'm generating the plugin-updates-report by simply using: mvn site with this pom.xml.

Can you confirm this is a bug? Or am I simply using the plugin wrong? I have no idea if this problem is still present in the master branch. I see there hasn't been a new release in almost 2 years, but there is lots of activity. When do you expect a new release to be released (i.e., if this issue was fixed)?

I'm about to update this pom manually to fix these issues, so if you want to test, make sure you use the version I reference above.

[io7m]

Did you execute Maven with -U? I've occasionally seen this plugin miss updates if I don't use that flag to force checking for updates on remote repositories.

[davewichers]

Thanks Mark! That definitely worked and fixed the issue. My question now is that if you are running this plugin, seems like you'd want that flag on (by default) so you don't miss updates that are available. Does it make sense that this plugin should force that on automatically by default? If so is there a way to do that? And if it can, then if there are projects that don't want that on by default they could turn it back off with a parameter setting for that plugin.

[io7m]

I think it does make sense that you'd always want to use that flag. Unfortunately, I don't personally know if there's an API in Maven for forcing remote repository checks... Anyone else know?

[davewichers]

I was thinking that if you could pass -U into the mvn command, there would a way for a plugin to do the same thing. Or if the plugin can't do that directly, is there a way to specify the -U command in the configuration of the versions-maven-plugin in the <reporting> block of my pom, so I manually force that flag on whenever the versions-maven-plugin is invoked when I run: mvn site?

[davewichers]

@io7m - Really? - this got marked 'stale' and then auto closed? Can this be reopened and someone figure out if there was an easy way, or not, to get the plugin to automatically invoke -U or its equivalent?

[io7m]

@io7m - Really? - this got marked 'stale' and then auto closed?

Nothing to do with me, to be clear. I'm not even a committer. 🙂

[davewichers]

@io7m - Thanks Mark - But it did have the desired affect. @slachiewicz - reopened the ticket :-). @slachiewicz - can someone on the plugin team research this issue to see how hard it would be to make this improvement?

[github-actions]

This issue is stale because it has been open 365 days with no activity. Remove stale label or comment or this will be closed in 30 days.