FWIW, I made a short script that look at bounds in the registry (discussing with real data at hand is usually more productive than with hypothetical data). The results can be seen here: https://gist.github.com/KristofferC/7c8048e2ee9aaa465966caeb98c1446a
The first list is all packages that are bounded to not be at their last version from any source at the source’s last version (basically, at least one package in the registry has for its latest version an upper bound that is not the latest version of that package) and the number of packages that are upper bounding them.
The second list is all packages upper bounding any other package not to the latest version and a list of these pacakges.
ACME => ["StaticArrays"]
for example means that ACME upper bounds StaticArrays to not its latest version (which it does https://github.com/JuliaRegistries/General/blob/master/A/ACME/Compat.toml#L20, and latest StaticArrays is 0.12).
The last file is the script to produce the output.
So if you wonder why you don’t get the latest version of a package, you can just Ctrl-F it there and it will find the packages upper bounding it.