rspec/rules/S6624/kotlin/rule.adoc

== Why is this an issue?

In general hard-coded values is a well known bad practice that affects maintainability. 
In dependency management, this issue is even more critical because there is the risk of accidentally having different versions for the same dependency in your configuration. 

Keeping hard-coded dependency versions increases the cost of maintainability and complicates the update process.

== How to fix it

There are several ways to fix it:

* extract the versions in variables
* use Spring dependency management plugin: `io.spring.dependency-management`
* use centralized dependencies with https://www.youtube.com/watch?v=WvtcCCCLfOc&list=PL0UJI1nZ56yAHv9H9kZA6vat4N1kSRGis&index=21[Version Catalogs]

=== Code examples

==== Noncompliant code example

[source,kotlin,diff-id=1,diff-type=noncompliant]
----
dependencies {
    testImplementation("org.mockito:mockito-core:4.5.1")
    testImplementation("org.mockito:mockito-inline:4.5.1")
}
----

==== Compliant solution

[source,kotlin,diff-id=1,diff-type=compliant]
----
const val mockitoVersion = "4.5.1"

dependencies {
    testImplementation("org.mockito:mockito-core:$mockitoVersion")
    testImplementation("org.mockito:mockito-inline:$mockitoVersion")
}
----

Alternatively, you can put `const val mockitoVersion = "4.5.1"` in any `.kt` file in `buildSrc/src/main/kotlin` or use a more robust dependency management mechanism like https://plugins.gradle.org/plugin/io.spring.dependency-management[Spring dependency management plugin] or https://www.youtube.com/watch?v=WvtcCCCLfOc&list=PL0UJI1nZ56yAHv9H9kZA6vat4N1kSRGis&index=21[Version Catalogs].

== Resources

=== Documentation

* https://docs.gradle.org/current/userguide/platforms.html[Sharing dependency versions between projects]

=== Conference presentations

* https://www.youtube.com/watch?v=MU0Gs7i0D6w[Dependency management? Model it!]

=== Standards

* https://www.youtube.com/watch?v=WvtcCCCLfOc&list=PL0UJI1nZ56yAHv9H9kZA6vat4N1kSRGis&index=21[Version Catalogs]