Maven Central and Gradle Plugin Portal should have never allowed to publish dependencies with not-fixed versions.
If you don't check your transitives carefully, something might sneak in. And you have non-reproducible builds. Which you only notice once something breaks.