Hello to all!
We’d like to share dependency versions between projects while achieving reproducible builds (at least reusing the same internal dependencies in the builds pointing to the same git commit).
Which way would you recommend on your side? Among others, is there a method
that will be more supported / have more features in the coming months/years?
We’d like to unrisk the possibility that tools like dependabot)
won’t do work to support both versions in the future.
Both your links are identical, so unsure what you are referring to when you say “sharing static versions”.
Dependency locking is not really to share dependency versions.
It is to lock dependency versions when using dynamic version declarations to gain reproducible builds.
If you want to share dependency versions between different projects, you probably want to look into having a published platform and / or version catalog that you can use in all your projects: Sharing dependency versions between projects