Unwanted upgrade of dependency version

I have a problem with deployment of OSGI modules built with Gradle - they fail to start in target environment because compiled JAR references ‘future’ version’.

What seems to be happening …

  1. In my sources I define dependency on module “app-ui” with version defined as range [4.17.0,4.17.1)
  2. Resulting JAR contains dependency on version 4.19.xxx - target run-time environment does not have that version deployed yet and therefore deployment fails.
  3. During build time version 4.19.xxx is indeed available in MAVEN repo, but it is beyond upper bound of the defined version range - [4.17.0,4.17.1)

Can someone till why this is happening? Below is excerpt from output of gradle dependencies, I see not-very-clear-to-me marks [4.17.0,4.17.1) -> and (*).

It looks like Gradle somehow upgrades dependency version beyond limits - why? Is this a bug?
What does (*) mean?

    +--- org.app:app-ui:[4.17.0,4.17.1) ->
    |    |    +--- org.app:app-search:
    |    |    |    +--- org.app:app-ui: (*)