My pom.xml looks (in parts) like this:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.8</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<version>2.7.8</version>
</dependency>
</dependencies>
Running mvn dependency:tree
outputs the following (excerpt):
[INFO] org.springframework.boot:spring-boot-starter:jar:2.7.8:compile
[INFO] +- org.springframework.boot:spring-boot:jar:2.6.8:compile
Why is spring-boot:jar
not upgrading to 2.7.8 as well? That is the version explicitly declared in the starter jar...
spring-boot-starter-parent
includes dependency management for all of Spring Boot's modules as well as numerous third-party dependencies. For reference, they are listed in Spring Boot's documentation.
When you declare a dependency with a version, it overrides this dependency management but only for this one dependency, not for any of its transitive dependencies. This is Maven's standard behavior.
Generally speaking, you should avoid declaring a version for a dependency that's covered by dependency management. Doing so creates a risk that you will end up with a mixture of versions. In this case, I would recommend upgrading spring-boot-starter-parent
to 2.7.8
and leaving all of your org.springframework.boot
dependencies without a version.