Should major SemVer updates cascade?

后端 未结 3 2266
野性不改
野性不改 2021-02-14 16:55

So \"myLibrary\" references \"anotherLibrary\". Both libraries follow http://semver.org/

If I release a new version of myLibrary that forces consumers to update to a new

3条回答
  •  独厮守ぢ
    2021-02-14 17:48

    Unless the library is completely embedded within yours, yes.

    Let's say both libraries are on 1.0. A user could declare their dependencies like:

    other ~> 1.0
    yours ~> 1.0
    

    Where ~> means a dependency on any version compatible with 1.0, i.e. 1.x.y.

    Your library declares:

    other ~> 1.0
    

    So everything works, and dependencies can resolve. If other moves to 1.1.0, everything still works.

    Now, your library switches to:

    other ~> 2.0
    

    ...and releases this as version 1.1.0. This is incompatible with the user's declared dependencies. They want a 1.x version of other and a 1.x version of yours, which previously worked, but now doesn't. Therefore, you must release this as version 2.0. Even if your library doesn't expose any symbols with types from the dependency library, you've broken the user's dependency management.

提交回复
热议问题