vidakovic commented on a change in pull request #1402:
URL: https://github.com/apache/fineract/pull/1402#discussion_r504608735
##########
File path: build.gradle
##########
@@ -63,14 +74,136 @@ allprojects {
}
apply plugin: 'io.spring.dependency-management'
- apply plugin: "com.diffplug.spotless"
+ apply plugin: 'com.diffplug.spotless'
+ apply plugin: 'com.github.hierynomus.license'
+ apply plugin: 'org.nosphere.apache.rat'
+
+ // Configuration for the dependency management plugin
+ // https://github.com/spring-gradle-plugins/dependency-management-plugin
+ dependencyManagement {
+ imports {
+ mavenBom 'org.springframework:spring-framework-bom:5.2.9.RELEASE'
+ }
+
+ dependencies {
+ // We use fixed versions, instead of inheriting them from the
Spring BOM, to be able to be on more recent ones.
+ // We do not use :+ to get the latest available version available
on Maven Central, as that could suddenly break things.
+ // We use the Renovate Bot to automatically propose Pull Requests
(PRs) when upgrades for all of these versions are available.
+
+ dependency
'org.springframework.security.oauth:spring-security-oauth2:2.5.0.RELEASE'
+ dependency 'org.apache.openjpa:openjpa:3.1.2' // when upgrading,
also change OpenJPA version repeated above in buildscript!
+ dependency 'com.squareup.retrofit:retrofit:1.9.0'
+ dependency 'com.squareup.okhttp:okhttp:2.7.5'
+ dependency 'com.squareup.okhttp:okhttp-urlconnection:2.7.5'
+ dependency 'com.google.guava:guava:29.0-jre'
+ dependency 'com.google.code.gson:gson:2.8.6'
+ dependency 'org.apache.commons:commons-email:1.5'
+ dependency 'commons-io:commons-io:2.8.0'
+ dependency 'org.drizzle.jdbc:drizzle-jdbc:1.4'
+ dependency 'com.github.librepdf:openpdf:1.3.22'
+ dependency 'org.mnode.ical4j:ical4j:3.0.20'
+ dependency 'org.quartz-scheduler:quartz:2.3.2'
+ dependency 'com.amazonaws:aws-java-sdk-s3:1.11.874'
+ dependency 'org.ehcache:ehcache:3.9.0'
+ dependency 'com.github.spullara.mustache.java:compiler:0.9.6'
+ dependency 'com.jayway.jsonpath:json-path:2.4.0'
+ dependency 'org.apache.tika:tika-core:1.24.1'
+ dependency 'org.apache.httpcomponents:httpclient:4.5.13'
+ dependency 'io.swagger.core.v3:swagger-annotations:2.1.5'
+ dependency
'jakarta.management.j2ee:jakarta.management.j2ee-api:1.1.4'
+ dependency 'jakarta.jms:jakarta.jms-api:2.0.3'
+ dependency 'jakarta.xml.bind:jakarta.xml.bind-api:2.3.3'
+ dependency 'jakarta.validation:jakarta.validation-api:3.0.0'
+ dependency 'org.apache.activemq:activemq-broker:5.16.0'
+ dependency 'org.apache.bval:org.apache.bval.bundle:2.0.4'
+ dependency 'org.mockito:mockito-core:3.5.13'
+ dependency 'org.mockito:mockito-junit-jupiter:3.5.13'
+ dependency 'io.github.classgraph:classgraph:4.8.90'
+ dependency 'org.awaitility:awaitility:4.0.3'
+ dependency 'com.github.spotbugs:spotbugs-annotations:4.1.3'
+ dependency 'javax.cache:cache-api:1.1.1'
+ dependency 'org.mock-server:mockserver-junit-jupiter:5.11.1'
+ dependency 'org.webjars.npm:swagger-ui-dist:3.35.1'
+ dependency 'org.webjars:webjars-locator-core:0.46'
+
+ // fineract client dependencies
+ dependency "com.squareup.retrofit2:retrofit:$retrofitVersion"
Review comment:
Yes, use BOMs. I went through that phase with my old projects already.
Switching to BOMs makes life so much easier and ensures that mechanics (e. g.
Spring - Spring Boot - Spring Cloud) are working well together. Nowadays a
handful of BOMs cover 99.9% of all dependencies that you might ever use. And
they are really up to date, even for the transitive dependencies. I used to
have a weekly task that would list me everything that is new and then I would
update that manually. Not worth it, BOMs are your friends.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
