Dependency Insight Reports One Version, Fat JAR Contains Another

I’m facing a dependency management issue that’s driving me crazy.

I’m using Gradle to build my project, and I’ve configured it to use specific versions of the Netty dependencies using resolution strategy rules.

However, there seems to be a discrepancy between what the Gradle dependency insight tool reports and what actually ends up in my fat JAR.

I set overrides using the following configuration rules:

configurations.all {
  resolutionStrategy {
    eachDependency {
      if ("${}" == "io.netty") {
        if ("netty-tcnative")) {
        } else {

Running ./gradlew app:dependencyInsight --dependency io.netty:netty-resolver-dns gives me 4.1.109.Final as expected

io.netty:netty-resolver-dns:4.1.106.Final -> 4.1.109.Final
\--- com.linecorp.armeria:armeria:1.27.3
     +--- com.linecorp.armeria:armeria-bom:1.27.3
     |    \--- compileClasspath

But when I open up the fat JAR and read the for the dependency; I see the following:
From extracted/META-INF/maven/io.netty/netty-resolver-dns/


How do I still have a 4.1.89 in there despite dependencyInsight indicating that I should have a 4.1.109.Final?

This is my script for dumping the JAR deps btw – Dump JAR Dependencies · GitHub

Can you share a build --scan URL, or maybe even an MCVE?

Some scans -

I can work on setting up a minimal example as well

1 Like

I think the MCVE would be helpful, yes.
Especially as 4.1.89.Final does not appear at all in the scan.