[GH-ISSUE #479] Non-prerelease Versions Should Not Be Allowed to Use Prerelease Versions of Dependencies #1219

Closed
opened 2026-04-16 10:32:27 -05:00 by GiteaMirror · 6 comments
Owner

Originally created by @Swivelgames on GitHub (Dec 5, 2018).
Original GitHub issue: https://github.com/semver/semver/issues/479

There's a growing trend of projects being published under semver that depend on pre-release dependency versions, that cause compatibility issues as time goes on and those projects move out of pre-release. This is causing projects to "unknowningly" release versions that become incompatible and breaking later on due to their dependency on these pre-release versions.

No stable version should have a pre-release dependency, as that tarnishes the definition of "stable".

In my opinion, this should be dictated by semver. It's becoming a major problem for developers trying to work within a stable environment. Semver has already helped tremendously in alleviating these types of problems by properly defining versioning to prevent issues like this from occurring. This would be a huge leap in the right direction as we all continue to work towards ensuring stability in our projects.

Originally created by @Swivelgames on GitHub (Dec 5, 2018). Original GitHub issue: https://github.com/semver/semver/issues/479 There's a growing trend of projects being published under semver that depend on pre-release dependency versions, that cause compatibility issues as time goes on and those projects move out of pre-release. This is causing projects to "unknowningly" release versions that become incompatible and breaking later on due to their dependency on these pre-release versions. No stable version should have a pre-release dependency, as that tarnishes the definition of "stable". In my opinion, this should be dictated by semver. It's becoming a major problem for developers trying to work within a stable environment. Semver has already helped tremendously in alleviating these types of problems by properly defining versioning to prevent issues like this from occurring. This would be a huge leap in the right direction as we all continue to work towards ensuring stability in our projects.
GiteaMirror added the question label 2026-04-16 10:32:27 -05:00
Author
Owner

@jwdonahue commented on GitHub (Dec 22, 2018):

Semver is all about the semantics and syntax of the version string, not how you manage dependency trees. That said, this might be good for inclusion in the FAQ.

<!-- gh-comment-id:449601188 --> @jwdonahue commented on GitHub (Dec 22, 2018): Semver is all about the semantics and syntax of the version string, not how you manage dependency trees. That said, this might be good for inclusion in the FAQ.
Author
Owner

@grv87 commented on GitHub (Aug 24, 2019):

I don't see the harm if the project's release used exact version of pre-release dependency.
The real problem is that the project should have been re-released when dependency reached stable stage.

<!-- gh-comment-id:524577421 --> @grv87 commented on GitHub (Aug 24, 2019): I don't see the harm if the project's release used exact version of pre-release dependency. The real problem is that the project should have been re-released when dependency reached stable stage.
Author
Owner

@ghost commented on GitHub (Oct 13, 2019):

If a version of a dependency is pre-release, wouldn't the inclusion in a release build also constitute that the dep is release worthy? Therefore, everything including deps should be moved to at least 1.0.0?

<!-- gh-comment-id:541462654 --> @ghost commented on GitHub (Oct 13, 2019): If a version of a dependency is pre-release, wouldn't the inclusion in a release build also constitute that the dep is release worthy? Therefore, everything including deps should be moved to at least 1.0.0?
Author
Owner

@runeimp commented on GitHub (Oct 14, 2019):

Nothing about the state of your API, app, etc. should indicate anything about the state of its dependencies. The state of your product is the only thing that matters. If you feel your product is release worthy (pre-release or otherwise) that's your call. If a dependency is implemented in a way that it's version could change at a later date and then make your product fail should be avoided by locking the version of the dependency if your worried about such things. It may also be completely reasonable to assume that allowing the dependency to be upgraded at a later date is desirable. These are simply judgement calls based on many factors of the development process and the understanding of how your audience may use your product. And sometimes you can do everything as safe as possible and things still break down the line for reasons far beyond your control. There is no perfect system. SemVer is just a great start in trying to create a better system that most developers should be able to follow.

<!-- gh-comment-id:541581464 --> @runeimp commented on GitHub (Oct 14, 2019): Nothing about the state of your API, app, etc. should indicate anything about the state of its dependencies. The state of your product is the only thing that matters. If you feel your product is release worthy (pre-release or otherwise) that's your call. If a dependency is implemented in a way that it's version could change at a later date and then make your product fail should be avoided by locking the version of the dependency if your worried about such things. It may also be completely reasonable to assume that allowing the dependency to be upgraded at a later date is desirable. These are simply judgement calls based on many factors of the development process and the understanding of how your audience may use your product. And sometimes you can do everything as safe as possible and things still break down the line for reasons far beyond your control. There is no perfect system. SemVer is just a great start in trying to create a better system that most developers should be able to follow.
Author
Owner

@alexandrtovmach commented on GitHub (Jun 10, 2020):

Thanks everyone for contributions, you're amazing 🎆 Did you find any consensus?

<!-- gh-comment-id:642149526 --> @alexandrtovmach commented on GitHub (Jun 10, 2020): Thanks everyone for contributions, you're amazing :fireworks: Did you find any consensus?
Author
Owner

@alexandrtovmach commented on GitHub (Jun 14, 2021):

Closing as staled, feel free to re-open or create a new issue 👻

<!-- gh-comment-id:860357369 --> @alexandrtovmach commented on GitHub (Jun 14, 2021): Closing as staled, feel free to re-open or create a new issue :ghost:
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/semver#1219