Here is my parent POM for maven https://github.com/yhjhoo/princeSSH/tree/master/me.princeSSH.
In maven, I can see my spring lib is 3.1.3. In gradle dependencies my spring lib become 3.2.8. Why my lib was being upgraded?
I have specified to be 3.1.3
You can compare the detailed dependency trees by doing both “mvn dependency:tree” and “gradle dependencies”. That should give you a clue.
You can use the dependency insight report to see why Gradle is choosing a particular version. My guess is you have another dependency that transitively depends on 3.2.8, in which case Gradle by default chooses the newer version.
$ ./gradlew dependencyInsight --dependency spring-core --configuration compile
If you want to use 3.1.3 anyway, you can force it.
force = true
From the results, how shall I read it? Which configuration caused the upgrade.
In the report you’ll see every dependency that brings in the given dependency, including transitive dependencies. Like I mentioned Gradle will chose (by default) the newest version, so any dependencies that require a newer version will force the new version to be the final resolved one. Bear in mind, there might be more than one transitive dependency that requires the newer version, so the dependency insight report will list multiple items.