You can use the dependency insight report to see why Gradle is choosing a particular version. My guess is you have another dependency that transitively depends on 3.2.8, in which case Gradle by default chooses the newer version.
In the report you’ll see every dependency that brings in the given dependency, including transitive dependencies. Like I mentioned Gradle will chose (by default) the newest version, so any dependencies that require a newer version will force the new version to be the final resolved one. Bear in mind, there might be more than one transitive dependency that requires the newer version, so the dependency insight report will list multiple items.