Description
This came up during (the review of) FINERACT-797:
The Spring Boot BOM provides "curated" version numbers for many more 3rd party dependencies that the initial PR #662 for FINERACT-797 uses.
The following 3rd-party libraries' fixed version numbers in build.gradle could probably also be dropped, and replaced with a version given by the Spring BOM, as these appear in the Spring Boot BOM (not everything does, but these do; bonus points for finding more):
- GSON
- Joda Time
- junit:junit (but not junit-dep; what is that, could it be dropped?)
- commons-lang3
- org.apache.httpcomponents:httpclient
- org.apache.activemq:activemq-broker
- javax.validation:validation-api
- Quartz Scheduler
- ehcache
- json-path (
FINERACT-964) - Flyway (
FINERACT-810) - OkHttp (major version change; we have dedicated
FINERACT-804re. this) - rest-assured (major version change from v2 to v3; possibly more invasive)
- org.apache.tomcat & org.apache.tomcat.embed (NB Spring BOM's 9.0.27 vs. our 7.0.94)
It's surely best to raise small PRs for each one of these, instead of one big one for everything together.
Attachments
Issue Links
- is blocked by
-
FINERACT-797 Use Spring Boot BOM to avoid maintaining version numbers in dependencies.gradle
-
- Resolved
-
- is related to
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
-
-
- Closed
-
- links to
