SpringBoot Add support to Bomr to align a library's version with the version of a dependency of another managed dependency

Chatting with @michael-simons, Neo4j's Java driver has a new maintenance policy in its 5.x line:

Neo4j’s Driver Team releases a new minor release every month now, with guarantees similar to a patch release. There are no patches planned from their sides on releases of the 5.x series.

It feels like we should make an exception for the Neo4j driver and track the 5.x releases in 3.0.x. To do that reliably, we should allow the upgrade policy to be overridden so that Bomr will report the new versions when we're performing automated dependency upgrades.

Comment From: michael-simons

FYI @injectives @AndyHeap-NeoTech please correct me in case I got this wrong. Apart from 5.3.1 with the reactive issue we didn't plan patches, right?

Comment From: AndyHeap-NeoTech

That is correct. We now have the monthly cadence for minor releases. Patch releases will be rare and only for urgent items such as security fixes and major bugs.

Thank you for your understanding and please reach out with any further questions.

Comment From: philwebb

We're going to align the neo4j driver with whatever dependency is declared in spring-data-neo4j. We'll add this one instance as a specific exception to our upgrade rules.