The ssh-credentials plugin 1.18.1 was released Jan 2020, 14 months ago. It requires Jenkins 2.190.1 or later per its pom at https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/ssh-credentials/1.18.1/ssh-credentials-1.18.1.pom.

The ssh-credentials plugin 1.18.2 requires Jenkins 2.282, but unless you're explicitly stating that you require 1.18.2, the plugin installation manager will not download 1.18.2 if it detects that you're running 2.277.1.

The git client plugin pom file at https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/git-client/3.6.0/git-client-3.6.0.pom lists the version number of the dependencies required. It uses the plugin bill of materials (bom) to simplify dependency management and allow others to do the hard work of assuring that compatible versions are selected.

The git client plugin dependency on ssh-credentials 1.18.1 is correct and is in use in thousands of installations.

It did pull 1.18.2 and I manually reverted to 1.17.4 which I now see is a mistake. I'll try 1.18.1

Any known reasons why it would pull a dependency that is not compatible with core version?

Thanks for the quick response

If you're using plugin installation manager tool to retrieve the versions, it has an unexpected default behavior for dependency version retrieval. At least, it was unexpected to me.

Without the --latest false argument to plugin installation manager tool, it retrieves the most recent version of a dependency, even if the dependency is already mentioned in the plugins.txt file at an earlier version. See my comment and the reply from Tim Jacomb that points to a good discussion and proposed solution.

If you're using install-plugins.sh, then the best answer is to switch to use plugin installation manager.

I used the UI, which for most cases has been able to handle transient dependencies properly. I will look into plugin installation manager tool.