Semantic Versioning and Dependency Changes
Question
Some context: I'm working on a team which produces 6 different NuGet packages, which depend directly, and sometimes indirectly, on each other. Simply, we could have a situation like p0 < p1 < p2 , where package p0 depends on p1 , which in turn depends on p2 . We're trying to follow Semantic Versioning for these packages, but aren't quite sure what to do with p0 's version when p1 or p2 changes.
Here are some concrete examples:
-
p1makes a breaking change (say0.0.0→1.0.0). We want to publish a version ofp0which depends on1.0.0. Should this be a major or minor version bump forp0? -
p1makes a minor changes (0.0.0→0.1.0). Should this make a minor / patch version bump forp0?
More importantly,
Is there any standard / consensus on how dependency version changes should affect package version changes?
2 answers
solution1
5 ACCPTED 2018-11-27 18:32:49
Semantic versioning is all about what the change means to the users of that library . So if the change in p1 doesn't cause a breaking change in p0 then I don't see why it would require a major version bump in p0 .
Basically, use whatever versions of dependent libraries work (remember that your users could be overriding them with different versions too, based on your dependency rules!), your versioning should only reflect what will affect your users.
Warning, opinion based content ahead
In my opinion, there's a fair bit of "caveat emptor" if you are directly using a transitive dependency (ie, using p1 but only listing p0 as a dependency) as a client of a library. This goes double when you have a lot of dependencies (as in most NPM packages) that go many, many layers down. I don't expect the authors of those libraries to keep track of all version changes of all transitive dependencies so I know to check.
solution2
1 2018-12-01 05:56:33
In no way suggesting that @BradleyDotNET's excellent answer is insufficient. I just want to add my take on this.
p1 makes a breaking change (say 0.0.0 → 1.0.0). We want to publish a version of p0 which depends on 1.0.0. Should this be a major or minor version bump for p0?
Yes, you are introducing a breaking change to users of p0.
p1 makes a minor changes (0.0.0 → 0.1.0). Should this make a minor / patch version bump for p0?
If the additional interface from p1 is exposed in the p0 interface, then minor. If the dependency is at the implementation layer, then patch. The real question here is why are you taking this dependency change? If it's to add an interface to the p0 public surface, then it's a minor bump for p0, otherwise it's a patch level bump.
One more thing to consider here is what exactly you are applying version numbers to. Packages, libraries and interfaces are all different things and they can all be version independently. As BradleyDotNET points out, some packages contain collections of independently versioned artifacts. You may want to consider modifying your strategy such that your interfaces can have stable versions, despite frequent repackaging.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.