mirror of
https://github.com/semver/semver.git
synced 2026-07-10 19:50:47 -05:00
[GH-ISSUE #1179] on "update my own dependencies without changing the public API" #2432
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Wouter1 on GitHub (Nov 24, 2025).
Original GitHub issue: https://github.com/semver/semver/issues/1179
This section on the semver.org is unclear in some cases
It is not clear how the version number needs to change if you ONLY change a dependency of the project, WITHOUT changing any other code. So there is no bug and no new functionality. If I follow the reasoning, the version should not even change. But then you can not make a new release.
The need to update dependencies happens for example in the following case.
Suppose the package P that you published depends on Q1.
At some time, there is a new version Q2. P does not need it, it works fine with Q1. But it would work with Q2 just as well, without any change in P.
However someone else who is using P wants also to use Q2. However his build system detects the version conflict between Q2 that he needs and the Q1 that P needs. So he asks you to update P to use Q2
Updating P to use Q2 is trivial. However you can't just re-release P using Q2 with the same version.
But nothing changed, there was not even a bug fix.
So what should be the new version for P?
@zafarkhaja commented on GitHub (Nov 24, 2025):
There are only 3 numbers in a version, with the first 2 reserved for public API and functionality changes. So I'd say it leaves you with just one option, regardless of how confusing in this case the name "patch" is.
@Wouter1 commented on GitHub (Nov 24, 2025):
@zafarkhaja yes this seems a reasonable guess and the one I'm using as a workaround while this issue is pending. But there are other options.
My point is that it's not documented properly how this should be handled.
@zafarkhaja commented on GitHub (Nov 24, 2025):
Like what? At the end of the day, it depends on the value a new version of dependency brings and, more importantly, on your intentions. Because, remember, SemVer is also about communicating your intentions. If the library code doesn't change, why update? Maybe because they fixed a critical bug that affected your library (increment patch), or because they fixed a performance issue and you want to present this new performance boost as a desirable feature of your library (increment minor). It could also be the case that the new version of the dependency has both of the improvements but you don't care, you just prefer your dependencies up to date... or, like in your case somebody asks you to update (increment patch). Can't think of any other options.
I agree, you could try adding another example to the FAQ section or rephrase the existing one, but in my opinion the real source of confusion which is the naming won't go away. I believe we should start from the naming and then provide generic rules which developers could extrapolate to infer a version in any situation.
@ljharb commented on GitHub (Nov 24, 2025):
A patch is for any change that's not major or minor, even if you just edit the readme.
@steveklabnik commented on GitHub (Nov 25, 2025):
Yes, this would be a patch-level change. No API surface has changed.