Why does a plugin dependency update beyond the version specified in the base plugin?

As described in the title, we recently encountered a situation whereby, after updating one of our plugins, one of the dependencies of that plugin was also updated, but the new version of the dependency was higher than that specified in the pom.xml of the base plugin.

The specific example we encountered was as follows:

  • Updating to version 10.5.1 of the warnings-ng-plugin
  • This plugin relies on version 11.6.0 of the analysis-model-api plugin (see specific line in pom.xml)
  • After restarting Jenkins, the version of analysis-model-api listed on the plugin management page was 11.14.0, which is 8 minor versions higher than the version requested by the base warnings-ng-plugin

Running the following script in the Jenkins script console:

for (plugin in Jenkins.instance.pluginManager.plugins) {
  println(plugin.toString() + " " + plugin.version)
  println("Dependencies: " + plugin.dependencies)

Shows that the only plugin we have with analysis-model-api as a dependency is the warnings-ng-plugin, so I can’t understand why it would have installed a different version to the one specified in our version of that plugin.

Any ideas?

Jenkins setup:

Jenkins: 2.440.1
OS: Linux - 5.4.0-1100-aws
Java: 17.0.6 - Private Build (OpenJDK 64-Bit Server VM)

Plugin dependencies only describe a minimum required version of the dependency. Having something newer is usually not a problem, especially for minor versions. Afaik when you update via the UI it will always install the latest available version.
With GitHub - jenkinsci/plugin-installation-manager-tool: Plugin Manager CLI tool for Jenkins you can influence the behaviour with the --latest parameter


Thanks Markus, that’s really helpful.

The reason that I ask is because this has caused us problems in the past when an incompatible version of a plugin dependency was installed - but I couldn’t remember the specifics of that example.

I will have a look into the plugin installation manager tool as that sounds as though it would certainly do the trick.