Fail to detect dependencies from artifactory proxy repositories

[imanushin]

Looks like plugin gets dependencies from Artifactory with ~1 week delay. It means, that even if you use newer version (so Artifactory's maven-metadata.xml has new versions info), the plugin shows, that there aren't any newer versions. By my observation, plugin is able to find new version after about one week from publishing.

Just from my observation, the current behavior is the following:

• Day 1 from dependency publishing. You can use this version in the your project (gradle can download it), however the plugin doesn't see new version.
• Day 2-6: the result is the same, only old version is visible for plugin
• Day 7 (approximately): plugin is able to see the new version.

I found the same behavior for the most of dependencies, including spring-boot, kotlin, etc.

Part of plugin output for not (18.05.2020, version 2.3.0-RELEASE was published at 15.05.2020):

The following dependencies exceed the version found at the release revision level:
 - org.springframework.boot:spring-boot [2.3.0.RELEASE <- 2.2.7.RELEASE]
     https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot
 - org.springframework.boot:spring-boot-configuration-processor [2.3.0.RELEASE <- 2.2.7.RELEASE]
     https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-tools/spring-boot-configuration-processor
 - org.springframework.boot:spring-boot-starter-jdbc [2.3.0.RELEASE <- 2.2.7.RELEASE]
     https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-jdbc
 - org.springframework.boot:spring-boot-starter-log4j2 [2.3.0.RELEASE <- 2.2.7.RELEASE]
     https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-log4j2
 - org.springframework.boot:spring-boot-starter-test [2.3.0.RELEASE <- 2.2.7.RELEASE]
     https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-test
 - org.springframework.boot:spring-boot-starter-webflux [2.3.0.RELEASE <- 2.2.7.RELEASE]
     https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-starters/spring-boot-starter-webflux

What info can I provide you for detailed diagnostic?

[ben-manes]

JCenter proxies point lookups but will cache a stale version of the metadata for use by dynamic versions. The only workaround is to include the underlying repositories, like Central, to avoid this bad behavior. As jcenter is built by the Artifactory team, your proxy might suffer the same problems.

We defer to Gradle for dependency resolution and it has a cache. You might have overridden the default TTL of 1 day. The —refresh-dependenies flag will cause a new lookup to be performed.

This was plugin is just comparing against + version so a bug here would likely be handled by the Gradle or Artifactory team.