Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUESTION] Major version 0 and the spec #344

Open
gempain opened this issue Oct 7, 2020 · 2 comments
Open

[QUESTION] Major version 0 and the spec #344

gempain opened this issue Oct 7, 2020 · 2 comments
Labels
Needs Documentation pull request requires docs before merging spec related to the semver spec

Comments

@gempain
Copy link

gempain commented Oct 7, 2020

What / Why

The official semver spec mentions that major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable. (source).

In semver's README, I read Many authors treat a 0.x version as if the x were the major "breaking-change" indicator. (source).

Do you agree that this assumption - which I fully agree with - is not valid per-spec ? In that case, I think it would be worth mentioning it in the README to avoid confusion.

In any case, I think https://semver.npmjs.com should mention this, because their (your ?) website explains what the ^ is but the exception could get people confused. If you are not maintainers of that website, do you have an idea of who I should ping ?

Where

A good place to try this out is the Npm semver calculator. Search for axios and type version ^0.19.0. Versions 0.20.x are not highlighted.

Who

  • n/a

References

  • n/a

Keep up the great work !
@gempain gempain changed the title [BUG] Major version 0 and the spec [QUESTION] Major version 0 and the spec Oct 8, 2020
@starsparrow
Copy link

starsparrow commented Jan 5, 2021
edited
Loading

I'm in support of a change to the behavior, or additional clarification in the readme/npm semver docs.

To reiterate what @gempain said, the statement in the current documentation, "allows changes that do not modify the left-most non-zero", is not always true. It's accurate under the assumption that people only use single-digit numbers in the minor/patch version elements, but it breaks down as soon as you hit 0.10.x.

Under the "left-most non-zero" rule, a dependency with version ^0.19.0 should allow npm update to take a package from 0.19.2 to 0.22.1, but it doesn't (because the actual implementation doesn't want to upgrade the minor version at all if the major version is 0, which the author justified by talking about the 0.x version being treated as if x were the major "breaking-change" indicator).

FWIW, like @gempain I also discovered this issue when trying to figure out why axios wasn't updating after npm audit complained about a recent security issue. I wonder now if the maintainers of the parent package, @azure/ms-rest-js, didn't/don't know about the confusing semver behavior with prerelease versions. Perhaps they did, because more recent versions of ms-rest-js use node-fetch instead of axios!

@privatenumber
Copy link

privatenumber commented Sep 1, 2021
edited
Loading

I asked in semver/semver#752 and @ljharb confirmed this behavior is not apart of the semver spec.

I agree with the request that this npm-specific behavior should be explicitly documented.

(Guessing this is the right repo to make this request as npm docs: semver simply shows the readme for the semver package.)

This was referenced Sep 1, 2021
Closed
Open
@lukekarrys lukekarrys added the Needs Documentation pull request requires docs before merging label Apr 10, 2022
@lukekarrys lukekarrys added the spec related to the semver spec label Oct 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs Documentation pull request requires docs before merging spec related to the semver spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lukekarrys @privatenumber @starsparrow @gempain