On Monday, 2 February 2015 at 09:25:31 UTC, Mathias LANG wrote:
On Monday, 2 February 2015 at 09:03:56 UTC, Vladimir Panteleev
wrote:
Is that so? Won't a security fix entail a version bump,
requiring a change in the requirements file of the parent
project? Also, does Dub really check for updated versions of
libraries online, every time a project is built?
It does.
You have a broad range of options for specifying which version
to use.
http://code.dlang.org/package-format#version-specs
If you use Semver correctly, it's a great benefit.
Pretty much. If you don't use version ranges, you fall into the
diamond dependency problem.
A => B => C v1.2.3
A => D => C v1.3.6
Even if C v1.2.3 and v1.3.6 are API-compatible, you can't build A
if you don't control both B and C.
So, version ranges are necessary for an ecosystem of libraries.
