Why is this an issue?

In general hard-coded values is a well known bad practice that affects maintainability. In dependency management, this issue is even more critical because there is the risk of accidentally having different versions for the same dependency in your configuration.

Keeping hard-coded dependency versions increases the cost of maintainability and complicates the update process.

How to fix it

There are several ways to fix it:

• extract the versions in variables
• use Spring dependency management plugin: io.spring.dependency-management
• use centralized dependencies with Version Catalogs

Code examples

Noncompliant code example

dependencies {
    testImplementation("org.mockito:mockito-core:4.5.1")
    testImplementation("org.mockito:mockito-inline:4.5.1")
}

Compliant solution

const val mockitoVersion = "4.5.1"

dependencies {
    testImplementation("org.mockito:mockito-core:$mockitoVersion")
    testImplementation("org.mockito:mockito-inline:$mockitoVersion")
}

Alternatively, you can put const val mockitoVersion = "4.5.1" in any .kt file in buildSrc/src/main/kotlin or use a more robust dependency management mechanism like Spring dependency management plugin or Version Catalogs.

Resources

Documentation

• Sharing dependency versions between projects

Conference presentations

• Dependency management? Model it!

Standards

• Version Catalogs