If you cannot use GitHub Dependabot for whatever reason, here is a Maven profile which works like a Dependabot clone to help you accomplish the same goal: keep your pom.xml dependencies always up-to-date
<profile>
<id>update-pom</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<id>update-pom</id>
<!-- bind to validate phase to update pom.xml asap -->
<phase>validate</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>mvn</executable>
<!-- IMPORTANT: plugins can only be updated if their versions are managed using properties -->
<commandlineArgs>versions:update-parent versions:update-properties versions:use-latest-releases</commandlineArgs>
</configuration>
</execution>
<execution>
<id>commit-pom</id>
<phase>validate</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>git</executable>
<!-- IMPORTANT: you can customize the commit message -->
<commandlineArgs>commit -am "bump pom.xml versions"</commandlineArgs>
<!-- avoids build break when there is no update -->
<successCodes>0,1</successCodes>
</configuration>
</execution>
<execution>
<id>push-pom</id>
<phase>validate</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>git</executable>
<commandlineArgs>push</commandlineArgs>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>mvn clean compile -Pupdate-pom
You could setup your CICD pipeline to build using this profile whenever e.g. a feature branch is created
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.
Just create a PR :-)
Useful resources: