I have this report from my dependency insights. In this configuration, 4.0.0 is excluded but Gradle still picks that version. Shouldn’t it fail or am I missing some thing:
Ok, sorry then, that was an 80 % chance.
Do you have any manual resolution strategies configured where you might force versions?
Can you share a build --scan?
If not, you can use a combination of the dependencies and dependencyInsight tasks to maybe find out where this version is coming from.
I see. No res strategy defined. I can’t share build --scan. Another internal library pulls in that version (4.0.0). If we have strictly < 4.0.0 it shouldn’t matter where 4.0.0 coming right? It should show an error.
No, just during normal conflict resolution.
If you for example somewhere use a resolution strategy that forces a certain version, which the Spring Dependencymanagement plugin for example does for you, that version is used, no matter what strict versions are defined somewhere else.