vaadin-spring-boot-starter requires inconsistent dependency versions #1070
Description
I like to use the maven-enforcer-plugin to ensure reliable builds.
In particular, <requireUpperBoundDeps/> it good practice because it "requires that the version for each dependency resolved during a build, is equal to or higher than all transitive dependency declarations" (see description).
But this check fails due to several inconsistencies in Vaadin's dependencies.
For example:
vaadin-spring-boot-starter:24.1.10requiresspring-boot-starter-web:3.1.2vaadin-spring-boot-starter:24.1.10requiresvaadin-spring:24.1.12vaadin-spring:24.1.12requiresspring-boot-starter-web:3.1.3
Note that there is a conflict created for spring-boot-starter-web - which is it? 3.1.2 or 3.1.3?
So Vaadin is in effect creating a small mess of indeterminacy in everyone's Maven projects.
This failure is ironic because part of the promise of Spring Boot is that it provides a wholly consistent set of dependencies for commonly used dependencies.
This problem should be easy to fix: simply include the Maven enforcer with <requireUpperBoundDeps/> in all Vaadin projects.
Or even better, include <dependencyConvergence/> which simply "requires that dependency version numbers converge".
Then Vaadin projects won't build with inconsistent dependencies.