Given a user has manually overriden Spring managed dependency versions, is there a plugin or other tool that can tell them "Don't do this".
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.5</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.7.3</version> <!-- this line shouldn't exist -->
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.10.0</version> <!-- this line shouldn't exist -->
</dependency>
</dependencies>
I'm asking because as teams are updating their app for currency, they are manually updating 20+ dependency versions, when it's possible they only need to update the Spring Boot version to receive updated to other dependencies.
spring-boot-dependency-checker will do this for you