FIX dependency versions in your pom.xml

[MarcusBiel]

Because of this definition in the pom.xml:

com.sendgrid
java-http-client
[4.2,5.0)

Every time, when I build my project (mvn package) - I get this extra request:
Downloading from sonatype-nexus-snapshots: https://oss.sonatype.org/content/repositories/snapshots/com/sendgrid/java-http-client/maven-metadata.xml

IMHO this is clutter, and I don't think it is a good practice not to fix the version of your dependencies. How do you know that your jar will work with a future java-http-client dependency?
(And while you are updating this dependency, you might update to a http client that is compatible to GraalVM native mode :)

[childish-sambino]

Did some research on this and understand the problem now.

Using a version range like this results in maven attempting to get SNAPSHOT information for the dependency since it's possible a SNAPSHOT release would match the version range. It's not a big deal, but there are better approaches. The idea was we want to pick up the latest 4.X version of java-http-client, but even a version range does not guarantee this. It only guarantees that a 4.X version will be used (not necessarily the latest release). What we really want is the latest non-snapshot, minor version release for all dependencies, not just java-http-client. Also note that Maven version ranges perform basic string comparison (reference) so even it they were capable of getting the latest release for a dependency, it might not actually be the latest release if proper semver is used.

Here's what I'll do: I'll update the dependency version for java-http-client to be 4.3.3 (latest 4.X release) and modify our release process to run mvn versions:use-latest-releases to keep this up-to-date on each release.