Should major SemVer updates cascade?

Question

So \"myLibrary\" references \"anotherLibrary\". Both libraries follow http://semver.org/

If I release a new version of myLibrary that forces consumers to update to a new

Answer 1

Unless the library is completely embedded within yours, yes.

Let's say both libraries are on 1.0. A user could declare their dependencies like:

other ~> 1.0
yours ~> 1.0

Where ~> means a dependency on any version compatible with 1.0, i.e. 1.x.y.

Your library declares:

other ~> 1.0

So everything works, and dependencies can resolve. If other moves to 1.1.0, everything still works.

Now, your library switches to:

other ~> 2.0

...and releases this as version 1.1.0. This is incompatible with the user's declared dependencies. They want a 1.x version of other and a 1.x version of yours, which previously worked, but now doesn't. Therefore, you must release this as version 2.0. Even if your library doesn't expose any symbols with types from the dependency library, you've broken the user's dependency management.