Gradle transitive dependency doesn't respect version

Question

I have a Gradle 3.5 project, and in that project I depend on an artifact:

compile "a.b.c:depProject:1.1.0"

"depProject" is a Maven project, where in that project's pom file, it depends on another artifact:

   <dependency>
        <groupId>org.apache.solr</groupId>
        <artifactId>solr-solrj</artifactId>
        <version>4.4.0</version>
   </dependency>

Now, when I perform "gradle dependencies" on my project, it correctly shows that I should get the solrj dependency via transitive dependency resolution, but it doesn't respect the 4.4.0 version declaration, instead my project gains a dependency on version 5.5.4.

+--- a.b.c:depProject:1.1.0
|    \--- org.apache.solr:solr-solrj:4.4.0 -> 5.5.4

These lines appear several times in the dependency report, always the same.

Why is Gradle "upgrading" my dependency automatically? Is there a way to get this to stop, other than to directly depend on the transitive dependency, specifying the version I want?

Note, if I exclude the solrj dependency in my project via:

compile ("a.b.c:depProject:1.1.0") {
    exclude group:"org.apache.solr" module:"solr-solrj"
}

Then there is NO solrj dependency in the resulting "gradle dependencies" call, so there is no other place that solrj is being depended on at that higher version.

I can't post the entire build.gradle, but I can show what plugins are applied:

apply plugin:"idea"
apply plugin:"org.grails.grails-web"
apply plugin:"com.moowork.node"
apply plugin:"org.grails.plugins.views-json"
apply plugin: "org.grails.grails-gsp"
apply plugin: "maven"
apply plugin: "codenarc"
apply plugin: "jacoco"
apply plugin: "org.sonarqube"
apply plugin: "asset-pipeline"

Answer 1

Gradle only picks a newer version of a dependency if there is a conflict between two transitive dependencies. So either you found a bug in gradle, or something else in your project depends on

org.apache.solr:solr-solrj:5.5.4

Just run

gradle dependencies | grep -B5 solrj:5

And see if there really is no dependency to that version.

You can also force a certain resolution, searching for gradle force version will give you answers quickly, but since this would downgrade solrj, you should first find out what's wrong before deciding.