FINERACT-2625: Dependency cleanup — remove hardcoded versions and unu…

[SamaSVM]

Description

Removed duplicate and unused dependencies across multiple modules and replaced hardcoded library versions with centralized dependency management via BOMs

Checklist

Please make sure these boxes are checked before submitting your pull request - thanks!

• Write the commit message as per our guidelines
• Acknowledge that we will not review PRs that are not passing the build ("green") - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
• Create/update unit or integration tests for verifying the changes made.
• Follow our coding conventions.
• Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes
• This PR must not be a "code dump". Large changes can be made in a branch, with assistance. Ask for help on the developer mailing list.

Your assigned reviewer(s) will follow our guidelines for code reviews.

[adamsaghy]

The idea is we should have dependencies + version only in dependencies.gradle and org.apache.fineract.dependencies.gradle.

In build.gradle files we should only list the dependencies, but NO versions (those are coming from the above files).

[IOhacker]

Sometimes the versions prevents to use a non Apache License compliance library. How this change prevents it?

[Aman-Mittal]

Sometimes the versions prevents to use a non Apache License compliance library. How this change prevents it?

@IOhacker It does not address that, however for your question prevention for non compliant library we need to create a new check

Create SBOM via cycloneDX (Dependency is already here in project) and the write a custom script which will then flag category X dependency) hope this helps. As RAT check do not seem to scan external dependencies.