From 948b0292b7ee44bf9c11f81046dd2848bf6931f8 Mon Sep 17 00:00:00 2001
From: ANDREI LISA <andrei.lisa@orange.com>
Date: Tue, 5 Dec 2023 23:36:49 +0200
Subject: [PATCH 1/3] adding dependency convergence detection

---
 settings.gradle | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/settings.gradle b/settings.gradle
index cb9c8bb8a0..96ff915de9 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -3,12 +3,31 @@ pluginManagement {
 		gradlePluginPortal()
 	}
 }
-
+buildscript {
+	repositories {
+		gradlePluginPortal()
+	}
+	dependencies {
+		classpath 'org.kordamp.gradle:enforcer-gradle-plugin:0.13.0'
+	}
+}
 plugins {
 	id "com.gradle.enterprise" version "3.12.6"
 	id "io.spring.ge.conventions" version "0.0.14"
 }
-
+apply plugin: 'org.kordamp.gradle.enforcer'
+enforce {
+	rule(enforcer.rules.DependencyConvergence)
+	rule(enforcer.rules.ExcludeDependencies) { r ->
+		r.exclude("org.slf4j:slf4j-api:1.7.26")
+		r.exclude("org.slf4j:slf4j-api:1.7.25")
+		r.exclude("com.puppycrawl.tools:checkstyle:9.3")
+		r.exclude("com.puppycrawl.tools:checkstyle:8.33")
+		r.exclude("net.bytebuddy:byte-buddy:1.12.21")
+		r.exclude("org.junit.jupiter:junit-jupiter-api:5.10.0")
+//		r.exclude("commons-collections:commons-collections:3.2.1")
+	}
+}
 dependencyResolutionManagement {
 	repositories {
 		mavenCentral()

From e88426707ba4d4a874f340eeb8efaa5e380a6304 Mon Sep 17 00:00:00 2001
From: ANDREI LISA <andrei.lisa@orange.com>
Date: Thu, 7 Dec 2023 15:13:23 +0200
Subject: [PATCH 2/3] adding dependency convergence detection || remove
 VerifyDependenciesVersionsPlugin

---
 build.gradle                                  |  1 -
 buildSrc/build.gradle                         |  4 --
 buildSrc/settings.gradle                      | 32 +++++++++
 .../VerifyDependenciesVersionsPlugin.java     | 70 -------------------
 settings.gradle                               | 21 ------
 5 files changed, 32 insertions(+), 96 deletions(-)
 delete mode 100644 buildSrc/src/main/java/org/springframework/security/convention/versions/VerifyDependenciesVersionsPlugin.java

diff --git a/build.gradle b/build.gradle
index 5bd2a713d7..2e70c3c86a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -28,7 +28,6 @@ apply plugin: 'org.springframework.security.sagan'
 apply plugin: 'org.springframework.github.milestone'
 apply plugin: 'org.springframework.github.changelog'
 apply plugin: 'org.springframework.github.release'
-apply plugin: 'org.springframework.security.versions.verify-dependencies-versions'
 
 group = 'org.springframework.security'
 description = 'Spring Security'
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index 3b1dc490a7..8b043b18ab 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -67,10 +67,6 @@ gradlePlugin {
 			id = "s101"
 			implementationClass = "s101.S101Plugin"
 		}
-		verifyDependenciesVersions {
-			id = "org.springframework.security.versions.verify-dependencies-versions"
-			implementationClass = "org.springframework.security.convention.versions.VerifyDependenciesVersionsPlugin"
-		}
 	}
 }
 
diff --git a/buildSrc/settings.gradle b/buildSrc/settings.gradle
index 0aba7326a4..70df4fb08e 100644
--- a/buildSrc/settings.gradle
+++ b/buildSrc/settings.gradle
@@ -1,3 +1,35 @@
+buildscript {
+	repositories {
+		gradlePluginPortal()
+	}
+	dependencies {
+		classpath 'org.kordamp.gradle:enforcer-gradle-plugin:0.13.0'
+	}
+}
+apply plugin: 'org.kordamp.gradle.enforcer'
+
+enforce {
+	rule(enforcer.rules.DependencyConvergence)
+	rule(enforcer.rules.ForceDependencies) { r ->
+		r.dependencies.add("org.eclipse.jetty:jetty-util:11.0.11")
+		r.dependencies.add("org.apache.commons:commons-lang3:3.12.0")
+		r.dependencies.add("commons-logging:commons-logging:1.2")
+		r.dependencies.add("commons-io:commons-io:2.11.0")
+		r.dependencies.add("org.slf4j:slf4j-api:2.0.9")
+		r.dependencies.add("com.jcraft:jsch:0.1.55")
+		r.dependencies.add("com.google.code.findbugs:jsr305:3.0.2")
+		r.dependencies.add("commons-codec:commons-codec:1.15")
+		r.dependencies.add("com.fasterxml.jackson.core:jackson-databind:2.13.4.2")
+		r.dependencies.add("com.fasterxml.jackson.core:jackson-core:2.13.4")
+		r.dependencies.add("com.google.guava:guava:30.0-jre")
+		r.dependencies.add("org.apache.httpcomponents:httpclient:4.5.14")
+		r.dependencies.add("com.thoughtworks.xstream:xstream:1.4.19")
+		r.dependencies.add("org.apache.httpcomponents:httpcore:4.4.16")
+		r.dependencies.add("net.bytebuddy:byte-buddy:1.14.6")
+		r.dependencies.add("org.junit.jupiter:junit-jupiter-api:5.10.1")
+	}
+}
+
 dependencyResolutionManagement {
 	versionCatalogs {
 		libs {
diff --git a/buildSrc/src/main/java/org/springframework/security/convention/versions/VerifyDependenciesVersionsPlugin.java b/buildSrc/src/main/java/org/springframework/security/convention/versions/VerifyDependenciesVersionsPlugin.java
deleted file mode 100644
index 1fa6143dd9..0000000000
--- a/buildSrc/src/main/java/org/springframework/security/convention/versions/VerifyDependenciesVersionsPlugin.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2002-2023 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.convention.versions;
-
-import org.gradle.api.DefaultTask;
-import org.gradle.api.Plugin;
-import org.gradle.api.Project;
-import org.gradle.api.artifacts.MinimalExternalModuleDependency;
-import org.gradle.api.artifacts.VersionCatalog;
-import org.gradle.api.artifacts.VersionCatalogsExtension;
-import org.gradle.api.plugins.JavaBasePlugin;
-import org.gradle.api.tasks.TaskAction;
-import org.gradle.api.tasks.TaskProvider;
-
-public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
-
-	@Override
-	public void apply(Project project) {
-		TaskProvider<VerifyDependenciesVersionsTask> verifyDependenciesVersionsTaskProvider = project.getTasks().register("verifyDependenciesVersions", VerifyDependenciesVersionsTask.class, (task) -> {
-			task.setGroup("Verification");
-			task.setDescription("Verify that specific dependencies are using the same version");
-			VersionCatalog versionCatalog = project.getExtensions().getByType(VersionCatalogsExtension.class).named("libs");
-			MinimalExternalModuleDependency oauth2OidcSdk = versionCatalog.findLibrary("com-nimbusds-oauth2-oidc-sdk").get().get();
-			MinimalExternalModuleDependency nimbusJoseJwt = versionCatalog.findLibrary("com-nimbusds-nimbus-jose-jwt").get().get();
-			task.setOauth2OidcSdkVersion(oauth2OidcSdk.getVersion());
-			task.setExpectedNimbusJoseJwtVersion(nimbusJoseJwt.getVersion());
-		});
-		project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(verifyDependenciesVersionsTaskProvider));
-	}
-
-	public static class VerifyDependenciesVersionsTask extends DefaultTask {
-
-		private String oauth2OidcSdkVersion;
-
-		private String expectedNimbusJoseJwtVersion;
-
-		public void setOauth2OidcSdkVersion(String oauth2OidcSdkVersion) {
-			this.oauth2OidcSdkVersion = oauth2OidcSdkVersion;
-		}
-
-		public void setExpectedNimbusJoseJwtVersion(String expectedNimbusJoseJwtVersion) {
-			this.expectedNimbusJoseJwtVersion = expectedNimbusJoseJwtVersion;
-		}
-
-		@TaskAction
-		public void verify() {
-			String transitiveNimbusJoseJwtVersion = TransitiveDependencyLookupUtils.lookupJwtVersion(this.oauth2OidcSdkVersion);
-			if (!transitiveNimbusJoseJwtVersion.equals(this.expectedNimbusJoseJwtVersion)) {
-				String message = String.format("Found transitive nimbus-jose-jwt:%s in oauth2-oidc-sdk:%s, but the project contains a different version of nimbus-jose-jwt [%s]. Please align the versions.", transitiveNimbusJoseJwtVersion, this.oauth2OidcSdkVersion, this.expectedNimbusJoseJwtVersion);
-				throw new IllegalStateException(message);
-			}
-		}
-
-	}
-
-}
diff --git a/settings.gradle b/settings.gradle
index 96ff915de9..a122516f45 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -3,31 +3,10 @@ pluginManagement {
 		gradlePluginPortal()
 	}
 }
-buildscript {
-	repositories {
-		gradlePluginPortal()
-	}
-	dependencies {
-		classpath 'org.kordamp.gradle:enforcer-gradle-plugin:0.13.0'
-	}
-}
 plugins {
 	id "com.gradle.enterprise" version "3.12.6"
 	id "io.spring.ge.conventions" version "0.0.14"
 }
-apply plugin: 'org.kordamp.gradle.enforcer'
-enforce {
-	rule(enforcer.rules.DependencyConvergence)
-	rule(enforcer.rules.ExcludeDependencies) { r ->
-		r.exclude("org.slf4j:slf4j-api:1.7.26")
-		r.exclude("org.slf4j:slf4j-api:1.7.25")
-		r.exclude("com.puppycrawl.tools:checkstyle:9.3")
-		r.exclude("com.puppycrawl.tools:checkstyle:8.33")
-		r.exclude("net.bytebuddy:byte-buddy:1.12.21")
-		r.exclude("org.junit.jupiter:junit-jupiter-api:5.10.0")
-//		r.exclude("commons-collections:commons-collections:3.2.1")
-	}
-}
 dependencyResolutionManagement {
 	repositories {
 		mavenCentral()

From 959632fc10324441c60e485ef2e4cdcbd3a47884 Mon Sep 17 00:00:00 2001
From: ANDREI LISA <andrei.lisa@orange.com>
Date: Thu, 7 Dec 2023 15:15:17 +0200
Subject: [PATCH 3/3] restore line separator

---
 settings.gradle | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/settings.gradle b/settings.gradle
index a122516f45..cb9c8bb8a0 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -3,10 +3,12 @@ pluginManagement {
 		gradlePluginPortal()
 	}
 }
+
 plugins {
 	id "com.gradle.enterprise" version "3.12.6"
 	id "io.spring.ge.conventions" version "0.0.14"
 }
+
 dependencyResolutionManagement {
 	repositories {
 		mavenCentral()