How to find where a transitive dependency comes from in gradle?

Question

Normally I would expect the dependencies task in Gradle to help me out, which it normally does. Now I have this issue when I print the dependency tree:

xml-apis:xml-apis:1.4.01 -> 2.0.2
xml-apis:xml-apis:1.3.04 -> 2.0.2

I have many of these lines where 1.3.04 and 1.4.01 get overriden, however, I have no line that explicitly shows a direct or transitive dependency to 2.0.2 version.

Where can 2.0.2 come from if there is no line with xml-apis:xml-apis:2.0.2 in the dependency tree?

How is that possible?

Answer 1

It's in there somewhere, try running gradle dependencyInsight --dependency xml-apis to find out.

Answer 2

This could be Gradle custom ResolutionStrategy working: https://docs.gradle.org/2.4/userguide/dependency_management.html#N15583, https://docs.gradle.org/2.4/dsl/org.gradle.api.artifacts.ResolutionStrategy.html. It can be instructed to use arbitrary version of any library, even if that version wouldn't otherwise be present anywhere in the dependency tree. It can also replace one library with another (log4j with log4j-over-slf4j, for example).