The version updates plugin lets you restrict what an acceptable candidate is for a dependency. This only affects the report and does not enforce a project to not use the "forbidden" version of a dependency. If a project does use a dependency that the version updates plugin would reject, then it reports this as exceeded with both the preferred version and the actual version.
A common case for this to happen is when a dependency is upgraded as a transitive dependency.
The version catalog update plugin will update the libs.versions.toml file with the wrong version in this case; it will update the toml file with the version actually used in the project and not the acceptable or preferred version. It should keep the toml file at the preferred version; this toml version could then in turn be used to force Gradle to stick at that version through a resolutionStrategy, if required.
The version updates plugin lets you restrict what an acceptable candidate is for a dependency. This only affects the report and does not enforce a project to not use the "forbidden" version of a dependency. If a project does use a dependency that the version updates plugin would reject, then it reports this as
exceededwith both the preferred version and the actual version.A common case for this to happen is when a dependency is upgraded as a transitive dependency.
The version catalog update plugin will update the
libs.versions.tomlfile with the wrong version in this case; it will update the toml file with the version actually used in the project and not the acceptable or preferred version. It should keep the toml file at the preferred version; this toml version could then in turn be used to force Gradle to stick at that version through aresolutionStrategy, if required.