[JLBP-16]

Ensure upper version alignment of dependencies for consumers

The version of each dependency added to the classpath should the highest version in the dependency tree. Upper version alignment ensures that upgrading packages to compatible higher versions doesn’t introduce new linkage conflicts.

Achieving upper version alignment

Upper version alignment increases the likelihood that build systems select the right versions of direct and transitive dependencies, reducing the number of conflicts.

See the details specific to each build system in the following sections.

Maven

Use the requireUpperBoundDeps Maven enforcer rule to ensure that you are using the highest version of each dependency in your dependency tree.

For any transitive dependency that fails the requireUpperBoundDeps check, add the dependency as a direct dependency so that the path to the correct version is shorter, leading Maven to select it instead of the wrong version.

To ensure that dependencies between modules in the project are consistent, the project should publish a BOM and the parent POM should import this BOM in its <dependencyManagement> section. Each module’s POM should inherit from the parent POM of the library.

To ensure consistency of dependencies from outside the project:

Gradle

Declare variables defining dependency versions in a shared ext section in the root build.gradle file, and use those variables in any place declaring a dependency.