microsoftgraph
Please do dependency management
Expected behavior
I want to use graph sdk in a project with other dependencies (ERP, 3rd party integration, ...). This is nearly impossible due to the amount of dependencies pulled.
I would expect that only the necessary libs are pulled with a minimal footprint.
For additional tasks separate repositories or optional dependencies could be used
Actual behavior
Too many libraries are pulled, sometimes different ones for the same task: E.g. together with azure identity: GSON and Jackson, okhttp and jetty, kotlin-stdlib jdk7 and jdk8....
This will cause unpredictable behavior since many classes with the same name are there that will cause the class loader to decide, which version is used... Additionally running the maven enforcer plugin you will get tons of unhandled version issues... And looking at some versions, OWASP vulnerability check will probably give warnings too...
Steps to reproduce the behavior
Just look at the maven dependency tree
