Why is this an issue?

In general hard-coded values is a well known bad practice that affects maintainability. In dependency management, this issue is even more critical because there is the risk of accidentally having different versions for the same dependency in your configuration.

Keeping hard-coded dependency versions increases the cost of maintainability and complicates the update process.

How to fix it

There are several ways to fix it:

• extract the versions in variables
• use Spring dependency management plugin: io.spring.dependency-management
• use centralized dependencies with Version Catalogs

Code examples

Noncompliant code example

dependencies {
    testImplementation("org.mockito:mockito-core:4.5.1")
    testImplementation("org.mockito:mockito-inline:4.5.1")
}

Compliant solution

ext {
    mockitoVersion = "4.5.1"
}

dependencies {
    testImplementation("org.mockito:mockito-core:$mockitoVersion")
    testImplementation("org.mockito:mockito-inline:$mockitoVersion")
}

Resources

Documentation

• Sharing dependency versions between projects

Conference presentations

• Dependency management? Model it!

Standards

• Version Catalogs