Gradle does not recognize pom version range (e.g., [1.52,])

Bugs
,
1

When a pom declares a transitive dependency with a version range, Gradle cannot resolve it.

Tested with Gradle 2.10 and Gradle wrappers for 2.0, 2.6, and 2.8. Seems that this is not a regression.

For a real-world example, try to declare the following dependency:
compile ‘org.mitre:openid-connect-server-webapp:1.2.4’

It will fail as follows:

Could not resolve all dependencies for configuration ‘:compile’.

Could not find org.bouncycastle:bcprov-jdk15on:[1.52,].
Searched in the following locations:
https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/[1.52,]/bcprov-jdk15on-[1.52,].pom
https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/[1.52,]/bcprov-jdk15on-[1.52,].jar
file:/home/john/.m2/repository/org/bouncycastle/bcprov-jdk15on/[1.52,]/bcprov-jdk15on-[1.52,].pom
file:/home/john/.m2/repository/org/bouncycastle/bcprov-jdk15on/[1.52,]/bcprov-jdk15on-[1.52,].jar
Required by:
:mitreid-overlay-delegate:unspecified > org.mitre:openid-connect-server-webapp:1.2.4 > org.mitre:openid-connect-server:1.2.4 > org.mitre:openid-connect-common:1.2.4

The excerpt from openid-connect-parent-1.2.4.pom:

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>[1.52,]</version>
        </dependency>
2

We shouldn’t be failing with that, but it’s not clear that [1.5,] (closed range) is supposed to be a valid range: https://maven.apache.org/enforcer/enforcer-rules/versionRanges.html

Looking at the tests for Maven, they don’t test this particular range spec. It looks like they treat it the same as [1.5,) (open range).

You can workaround it with either a force rule (this selects a particular version):

configurations.all {
   resolutionStrategy {
      force 'org.bouncycastle:bcprov-jdk15on:1.54'
   }
}

Or by adding a first level dependency yourself (this preserves the range behavior):

dependencies { 
   someConf 'org.bouncycastle:bcprov-jdk15on:[1.5,)'
}

I raised GRADLE-3392