You don't need to specify the exclustion if the only difference is the version.
And yes using depManagement in this case is the better solution. You can declare the newer version directly as a dependency but it will break stuff like dependency:tree.