This is fairly specific question.
A the start of a pipeline (we're using Go) we ground a build, i.e. fixate the versions to make it repeatable. There's one library that we depend on that defines in its POM a version range. In our dependency tree it appears like so:
[INFO] | +- com.theoryinpractise:halbuilder-json:jar:3.1.1:compile
[INFO] | | +- com.theoryinpractise:halbuilder-api:jar:2.2.1:compile (version selected from constraint [2.1.0,3.0.0))
[INFO] | | \- com.theoryinpractise:halbuilder-core:jar:3.1.3:compile (version selected from constraint [3.0.0,4.0.0))
The resolve-ranges goal of the versions-maven-plugin does allow you to fixate these versions if they're your direct dependencies, but if they're transitive it does not add to your POM an "override" to fixate those.
Has anyone come up with solution for this other than manually pulling that particular range definition to our POM?