I’ve been bitten many times by dynamic versioning! It causes unpredictable builds and breaks past builds.
As a result, I’ve been wondering recently: is there EVER a reason to use it? If the only use case is “I don’t want to update my dependencies by hand” that doesn’t seem good enough, given all the risks it entails.
I’m honestly curious if there’s some particular situation where dynamic versioning makes more sense than being explicit.
Dynamic versioning does not have to break past builds.
For instance, using semantic versioning, a minor or a patch upgrade should not break your builds.
A major upgrade might break your build, though.
So you could use dynamic versioning in its ‘range’ form, and keep consistency in your build, at least until the next major version of your dependency.
That being said, you should never use dynamic versions of your dependencies when you perform a release.
So it’s also a lot easier not to use dynamic versioning between releases as well, only fixed versions.
“Does not have to” doesn’t seem good enough. Yes, theoretically, all of your dependencies will be good citizens and never introduce new bugs on minor updates. But I’ve seen this theory run afoul of reality many times.
Yes, I totally agree with you. I was just trying to be the devil’s advocate.
You might want to check out Netflix’s dependency lock plugin which allows you to leverage dynamic dependencies while also maintaining repeatable builds.