Closed digulla closed 1 year ago
Thanks for the suggestion. Unfortunately, I don't think it could be done automatically as it's impossible for the plugin to tell if a divergence from the versions in dependency management is intentional or accidental. Adding support to the plugin to allow the user to describe their intentions is out of its scope. I think sticking with your custom task which prohibits things in a way that meets your specific needs is the best approach here.
After Gradle has resolved all dependencies, verify them against the expectations defined in the dependencyManagement element.
Right now, dependencyManagement is very brittle and can break in these cases:
You can also fix this by using the Dependency Analyzer in IDEA unless you don't use IDEA like inside of your CI/CD pipeline.
In my builds, I've added a task which goes through all configurations. It them builds a map with group+name as key and the version as value. It fails, when someone tries to add a different version to this map.