Open OrangeDog opened 3 years ago
Other existing examples:
This would also help when some components get patches but others don't.
e.g version 1.72.2
of the BOM would contain 1.72.2
of bcpg
but 1.72
of all the others.
I am also interested in BOM. Are you interested in patches?
This would be very helpful, as it is very easy to run into NoClassDefFoundError and similar as you upgrade the BouncyCastle components which you depend on, and other libraries in your graph depend typically on earlier versions which are not compatible.
You could use this plugin to generate them automatically: https://github.com/sundrio/sundrio/tree/main/maven-plugin
To aid large projects who have multiple transient dependencies on BC, you could publish a BOM to maven to cover all components at the same version. e.g.: