This, I think, is the crux of the matter. As an example, I always knew urllib3 as one of the found...

CaliforniaKarl • last Wednesday at 6:16 PM • 1 reply • view on HN

This, I think, is the crux of the matter.

As an example, I always knew urllib3 as one of the foundational packages that Requests uses. And I was curious, what versions of urllib3 does Requests pull in?

Well, according to https://github.com/psf/requests/blob/main/setup.cfg, it's this:

    urllib3>=1.21.1,<3

That is exactly the kind of dependency specification I would expect to see for a package that is using semver: The current version of urllib3 is 2.x, so with semver, you set up your dependencies to avoid the next major-version number (in this case, 3).

So, it seems to me that even the Requests folks assumed urllib3 was using semver.

Replies

somat • last Wednesday at 9:10 PM

I would almost expect the 3 in urllib3 to be the major version and if something needed to break it would become urllib4. Which, I know, is terribly naive of me. But that is how psycopg does it.

➕ show 1 reply

alt Hacker News

Replies