Currently there is no way to exclude certain code blocks from the malicious code formatter. Therefore, my tests that require a specific hardcoded version of Spring to be used, will always either fail the validation or tests will fail due to spotless changing my testing scenario by affecting the version of the library that we have to use.
Udo, I have worked with you to accomplish your goal of not automatically “fixing” the inclusion of dependency versions in the build files, as your work case wants to do something special there. The formatter now throws when there is a naked version-string on the dependency line, as we discussed. If you want to continue to work around this, there are many cases of prior art in Geode, such as extensions/geode-modules-tomcat9/build.gradle, where specific versions are allowed. Good luck. -Robert Houghton