diff --git a/common-tools/clas-tracking/pom.xml b/common-tools/clas-tracking/pom.xml
index cc484ce227..588252fc83 100644
--- a/common-tools/clas-tracking/pom.xml
+++ b/common-tools/clas-tracking/pom.xml
@@ -24,7 +24,7 @@
org.ejml
- ejml-simple
+ ejml-simple
gov.nist.math
diff --git a/common-tools/coat-libs/pom.xml b/common-tools/coat-libs/pom.xml
index 19331fa5dc..39abb1d0b3 100644
--- a/common-tools/coat-libs/pom.xml
+++ b/common-tools/coat-libs/pom.xml
@@ -38,13 +38,11 @@
j4ml
j4ml-neuroph
- 0.9-SNAPSHOT
j4ml
j4ml-clas12
- 0.9-SNAPSHOT
diff --git a/docs/dependency_conflicts.md b/docs/dependency_conflicts.md
new file mode 100644
index 0000000000..7b0e44974f
--- /dev/null
+++ b/docs/dependency_conflicts.md
@@ -0,0 +1,28 @@
+# Handling Dependency Conflicts
+
+We have a `dependencyManagement` section in [the top-level `pom.xml`](/pom.xml); some of the dependencies within are used to set versions of certain transitive dependencies. For example, let's say we have dependencies `dep:A`, `dep:B`, and `dep:C`.
+
+- `dep:A` depends on version 1.1 of `dep:C`
+- `dep:B` depends on version 1.5 of `dep:C`
+
+Coatjava depends on `dep:A` and `dep:B`, and so the `maven-enforcer-plugin` will complain about a "dependency convergence error" of `dep:C`, since the version numbers are different (1.1 vs. 1.5).
+
+To resolve this conflict, a typical strategy is to choose the _later_ version of the two, in this case, `dep:C` version 1.5. We can do this by explicitly defining dependency `dep:C` in a `dependencyManagement` section as such:
+
+```xml
+
+ dep
+ C
+ 1.5
+
+```
+
+Coatjava will then use 1.5 as needed.
+
+Dependabot, however, will routinely try to update the `dep:C` version, to the _latest_ available version of `dep:C`. When this happens, please do the following:
+
+1. Comment out the `dependency` specification
+2. Rebuild coatjava, which will cause `maven-enforcer-plugin` to complain; that will tell you the versions
+ - alternatively, run `mvn enforcer:enforce -Drules=dependencyConvergence`, but that may not exclude dependencies that we _don't_ want to enforce convergence on (_e.g._, `com.google.protobuf:protobuf-java`)
+3. Update the version number, if needed, by choosing the _later_ of the two conflicting versions
+4. Unless `dep:A` or `dep:B` are keeping _their_ version of `dep:C` dependency up-to-date, you will likely find that Dependabot is suggesting a version that is _too_ new; in that case, just close Dependabot's PR and await updates of `dep:A` or `dep:B`
diff --git a/pom.xml b/pom.xml
index ba3bf86102..dfd02b761f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -113,7 +113,7 @@
org.jlab.coda
jclara
- 4.3-SNAPSHOT
+ 4.3-SNAPSHOT
@@ -144,13 +144,31 @@
org.jlab.jnp
jnp-hipo
- 2.0-SNAPSHOT
+ 2.0-SNAPSHOT
org.jlab.jnp
jnp-hipo4
- 4.3-SNAPSHOT
+ 4.3-SNAPSHOT
+
+
+
+ j4ml
+ j4ml-neuroph
+ 0.9-SNAPSHOT
+
+
+
+ j4ml
+ j4ml-data
+ 0.9-SNAPSHOT
+
+
+
+ j4ml
+ j4ml-clas12
+ 0.9-SNAPSHOT
@@ -165,33 +183,43 @@
1.0.3
-
+
ai.djl
bom
- 0.34.0
+ 0.34.0
pom
import
-
-
-
+
+
+
+
net.objecthunter
exp4j
- 0.4.8
+ 0.4.8
-
+
+
com.google.code.gson
gson
- 2.13.1
+ 2.13.1
-
+
+
org.ejml
ejml-simple
- 0.40
+ 0.40
diff --git a/reconstruction/mltn/pom.xml b/reconstruction/mltn/pom.xml
index f2937c7138..e5eb86dcf5 100644
--- a/reconstruction/mltn/pom.xml
+++ b/reconstruction/mltn/pom.xml
@@ -23,19 +23,16 @@
j4ml
j4ml-neuroph
- 0.9-SNAPSHOT
j4ml
j4ml-data
- 0.9-SNAPSHOT
j4ml
j4ml-clas12
- 0.9-SNAPSHOT