Maven doesn't resolve transitive dependency correctly

Question

Problem

Dependency Tree of a library (generated by mvn dependency:tree -Dverbose -Dincludes=io.netty:netty-codec-http2)

[INFO] -----------------< com.my-org:my-library >------------------
[INFO] Building my-library 0.0.15-SNAPSHOT
[INFO]   from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- dependency:3.6.0:tree (default-cli) @ my-library ---
[INFO] com.my-org:my-library:jar:0.0.15-SNAPSHOT
[INFO] \- com.azure:azure-security-keyvault-secrets:jar:4.7.3:compile
[INFO]    \- com.azure:azure-core-http-netty:jar:1.13.11:compile (version managed from 1.13.11)
[INFO]       +- io.netty:netty-codec-http2:jar:4.1.97.Final:compile (version managed from 4.1.101.Final)
[INFO]       \- io.projectreactor.netty:reactor-netty-http:jar:1.1.10:compile (version managed from 1.0.39)
[INFO]          \- (io.netty:netty-codec-http2:jar:4.1.97.Final:compile - version managed from 4.1.96.Final; omitted for duplicate)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  2.172 s
[INFO] Finished at: 2024-02-15T17:45:33-08:00
[INFO] ------------------------------------------------------------------------

netty-codec-http2 should've been resolved to 4.1.101. There are only 2 instances of that in the tree and the one closest to the root should've been 4.1.101, but instead downgraded to 4.1.97 (version managed from 4.1.101.Final) with no reason I can explain.

Setup

Using maven 3.9.4.

A parent POM:

 <artifactId>parent-pom</artifactId>
 <version>0.0.19-SNAPSHOT</version>
 <packaging>pom</packaging>
 ...
 <dependencyManagement>
   <dependencies>
      <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-core-http-netty</artifactId>
       <version>1.13.11</version>
      </dependency>
      <dependency>
       <groupId>com.azure</groupId>
       <artifactId>azure-security-keyvault-secrets</artifactId>
       <version>4.7.3</version>
      </dependency>
   </dependencies>
 </dependencyManagement>

The library's POM (where the tree is generated):

    <parent>
      <groupId>com.my-org</groupId>
      <artifactId>parent-pom</artifactId>
      <version>0.0.19-SNAPSHOT</version>
      <relativePath />
    </parent>
    <groupId>com.my-org</groupId>
    <artifactId>my-library</artifactId>
    <version>0.0.15-SNAPSHOT</version>
    <dependencies>
      ...
      <dependency>
        <groupId>com.azure</groupId>
        <artifactId>azure-security-keyvault-secrets</artifactId>
      </dependency>
      ...
    </dependencies>

Of course, I could manage the version of the transitive dependency I want in the parent POM. But I'm just curious as to why the right version isn't being resolved.