Stats
Actions
Tags
Keep Maven POM files up to date by checking and upgrading all dependencies and plugins to their latest versions. Use this skill whenever the user mentions updating, bumping, upgrading, or checking Maven dependencies or plugins — even if they just say "update my POMs", "are my dependencies up to date?", "bump versions", or "check for newer versions". Trigger also when the user shares or references a pom.xml and asks about version currency. Handles multi-module Maven projects, asks before applying major version upgrades, and keeps a clear audit trail of every change made.
How this skill is triggered — by the user, by Claude, or both
Slash command
/maven-dependency-updater:maven-dependency-updaterThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit and update all `<dependency>` and `<plugin>` versions across one or more Maven POM
Audit and update all <dependency> and <plugin> versions across one or more Maven POM
files. Check Maven Central for the latest releases, flag major-version bumps for user
confirmation, and apply approved updates directly to the POM files.
find . -name "pom.xml" | sort
Start from the project root (or the path the user specified). In a multi-module project
the parent POM is typically ./pom.xml; child modules will have their own pom.xml files.
Collect every artifact that has an explicit version. Versions may appear:
| Pattern | Where |
|---|---|
Inline <version> in <dependency> | <dependencies> block |
Inline <version> in <plugin> | <build><plugins> and <pluginManagement> |
Property placeholder ${my.lib.version} | Resolve from <properties> in the same POM or an ancestor |
Build a flat list of records:
groupId | artifactId | currentVersion | resolvedVersion | type (dep/plugin) | sourceFile
Skip artifacts with versions like ${revision}, ${project.version}, or other
project-internal properties that should not be bumped.
Use the Maven Central REST search API — no authentication required:
https://search.maven.org/solrsearch/select?q=g:"<groupId>"+AND+a:"<artifactId>"&core=gav&rows=1&wt=json&sort=version+desc
Or the newer API endpoint:
https://search.maven.org/solrsearch/select?q=g:<groupId>+AND+a:<artifactId>&rows=20&wt=json
Parse response.docs[*].v to find the latest stable release (skip versions that
contain -SNAPSHOT, -alpha, -beta, -rc, -M\d, -milestone).
Batch efficiently: group lookups, respect a short delay between requests to avoid rate-limiting (100 ms is usually enough).
Fallback: If Maven Central returns no result, try the Maven Plugin repository for
plugins: https://repo1.maven.org/maven2/<group/path>/<artifactId>/maven-metadata.xml
and parse <release> or the last <version> entry.
For each artifact compare resolvedVersion with latestVersion:
MAJOR bump → first numeric segment increases e.g. 2.x → 3.y
MINOR bump → second segment increases e.g. 2.3 → 2.4
PATCH bump → third segment increases e.g. 2.3.1 → 2.3.2
UP TO DATE → versions are equal
UNKNOWN → could not determine latest version
Use semantic versioning comparison. If a version is non-semver (e.g. 20240101),
compare lexicographically and treat a leading-digit difference as "major".
Print a clear table before making any changes:
Dependency / Plugin Updates Found
══════════════════════════════════════════════════════════════════
Type │ Artifact │ Current │ Latest │ Change
────────┼───────────────────────────────────┼──────────┼─────────┼───────
dep │ org.springframework:spring-core │ 5.3.39 │ 6.2.1 │ MAJOR ⚠️
dep │ com.fasterxml.jackson.core:... │ 2.16.1 │ 2.18.2 │ minor
plugin │ org.apache.maven.plugins:... │ 3.2.5 │ 3.5.0 │ minor
dep │ org.slf4j:slf4j-api │ 2.0.12 │ 2.0.16 │ patch
══════════════════════════════════════════════════════════════════
Up to date: 8 artifacts Skipped (unknown): 1
For every major version bump, ask the user explicitly before updating:
⚠️
org.springframework:spring-corewould jump from 5.3.39 → 6.2.1 (MAJOR). Spring 6 requires Java 17+ and has breaking API changes. Apply this update? [yes / no / yes-to-all-majors / skip-all-majors]
Collect answers before touching any files. Support short-circuit answers:
yes-to-all-majors — approve all remaining major bumpsskip-all-majors — reject all remaining major bumpsFor each approved change, edit the POM file directly using precise string replacement:
Inline version:
<!-- before -->
<version>5.3.39</version>
<!-- after -->
<version>6.2.1</version>
Property-based version (preferred — update the property, not each usage):
<!-- before -->
<spring.version>5.3.39</spring.version>
<!-- after -->
<spring.version>6.2.1</spring.version>
Use targeted, minimal edits — do not reformat the file or alter surrounding whitespace.
✅ Changes applied
──────────────────────────────────────────────────────────
pom.xml spring.version 5.3.39 → 6.2.1
pom.xml jackson.version 2.16.1 → 2.18.2
modules/api/pom.xml maven-compiler-plugin 3.12.0 → 3.13.0
──────────────────────────────────────────────────────────
Skipped (major, user declined): logback-classic 1.4.14 → 2.0.0
Not updated (already current): 8 artifacts
${jackson.version} must be resolved to its value before comparison.UNKNOWN and
do not update.${jackson.version} used by
5 Jackson modules), updating the property once updates all of them — say so explicitly.<scope>import</scope> entries in <dependencyManagement> should be treated like
regular dependencies for version-checking purposes.SNAPSHOT or that references ${project.version} or
${revision}.<dependency> block has no <version> (inherited from <dependencyManagement>),
skip it — version is managed centrally.<version> tag use Maven's default binding — skip these too
unless the user explicitly asks to pin them.Read or cat to inspect POM content.Edit / str_replace for precise, minimal changes.curl or Bash (the API is public and
unauthenticated).mvn or ./mvnw is available, you may optionally run
mvn versions:display-dependency-updates as a cross-check, but do not rely on it as
the sole data source since it requires the full Maven build context.curl -s "https://search.maven.org/solrsearch/select?q=g:org.springframework+AND+a:spring-core&rows=1&wt=json" \
| jq -r '.response.docs[0].latestVersion'
For plugins, also try:
curl -s "https://repo1.maven.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/maven-metadata.xml" \
| grep -oP '(?<=<release>)[^<]+'
npx claudepluginhub litsec/claude-code-skills --plugin maven-dependency-updaterProvides JVM dependency intelligence via Maven Tools MCP: version lookup, upgrade safety, CVEs, license risks, and release history for Maven/Gradle projects.
Scans Maven/Gradle build files for outdated dependencies, reports available stable updates in a table, and optionally updates versions after build verification.
Provides Maven-specific conventions for running tests, building, managing dependencies, and project structure when pom.xml is present.