My pom.xml looks (in parts) like this:

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.6.8</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
        <version>2.7.8</version>
    </dependency>
</dependencies>

Running mvn dependency:tree outputs the following (excerpt):

[INFO]    org.springframework.boot:spring-boot-starter:jar:2.7.8:compile
[INFO]     - org.springframework.boot:spring-boot:jar:2.6.8:compile

Why is spring-boot:jar not upgrading to 2.7.8 as well? That is the version explicitly declared in the starter jar...

CodePudding user response：

spring-boot-starter-parent includes dependency management for all of Spring Boot's modules as well as numerous third-party dependencies. For reference, they are listed in Spring Boot's documentation.

When you declare a dependency with a version, it overrides this dependency management but only for this one dependency, not for any of its transitive dependencies. This is Maven's standard behavior.

Generally speaking, you should avoid declaring a version for a dependency that's covered by dependency management. Doing so creates a risk that you will end up with a mixture of versions. In this case, I would recommend upgrading spring-boot-starter-parent to 2.7.8 and leaving all of your org.springframework.boot dependencies without a version.