spring-boot-dependencies currently contains some dependency management from an imported bom that, ideally, wouldn't be there (https://github.com/spring-projects/spring-boot/issues/42522). I'd like to detect this sort of problem up front and fail the build when it occurs. We can then either decide to use the bom anyway or manage dependencies individually instead.
Comment From: cachescrubber
Hi @wilkinsona , I stumbled upon similar issues pretty much now and then. Often not directly related to spring boot, but very similar. For example,
- https://github.com/joinfaces/joinfaces/issues/1974
- https://github.com/camunda/camunda-bpm-platform/issues/3795
Usually maintainers are open to change their pom structure, but sometimes it is difficult and tedious to explain the issue. Do you know of any Documentation about naming-conventions and best practices related to publishing dependencies using the bom import mechanism? Ideally the maven project should offer a corresponding page. Also, It would be great to have a "official" Spring Boot documentation for maintainers who publish a bom to be consumed by spring boot.