Hi all,
I have this report from my dependency insights. In this configuration, 4.0.0 is excluded but Gradle still picks that version. Shouldn’t it fail or am I missing some thing:
com.example:some-dependency:{strictly [3.114.7,4.0.0[; prefer 3.114.7} -> 4.0.0
Thanks
Don’t use the obsolete Spring Dependency Management plugin, but use the built-in BOM support using platform(...) instead. 
We are not using Spring plugin
Ok, sorry then, that was an 80 % chance. 
Do you have any manual resolution strategies configured where you might force versions?
Can you share a build --scan?
If not, you can use a combination of the dependencies and dependencyInsight tasks to maybe find out where this version is coming from.
I see. No res strategy defined. I can’t share build --scan. Another internal library pulls in that version (4.0.0). If we have strictly < 4.0.0 it shouldn’t matter where 4.0.0 coming right? It should show an error.
No, just during normal conflict resolution.
If you for example somewhere use a resolution strategy that forces a certain version, which the Spring Dependencymanagement plugin for example does for you, that version is used, no matter what strict versions are defined somewhere else.