Verify classpath after applying versions

[digulla]

After Gradle has resolved all dependencies, verify them against the expectations defined in the dependencyManagement element.

Right now, dependencyManagement is very brittle and can break in these cases:

• When someone tries to override a version in a build.gradle file in a subproject instead of adding an entry in dependencyManagement
• When there are several sources for versions (spring-boot-dependencies wants JUnit 5.8.2, junit-bom is version 5.9.2)
• When you get confused trying to fix this mess and litter versions everywhere

You can also fix this by using the Dependency Analyzer in IDEA unless you don't use IDEA like inside of your CI/CD pipeline.

In my builds, I've added a task which goes through all configurations. It them builds a map with group+name as key and the version as value. It fails, when someone tries to add a different version to this map.

[wilkinsona]

Thanks for the suggestion. Unfortunately, I don't think it could be done automatically as it's impossible for the plugin to tell if a divergence from the versions in dependency management is intentional or accidental. Adding support to the plugin to allow the user to describe their intentions is out of its scope. I think sticking with your custom task which prohibits things in a way that meets your specific needs is the best approach here.