This is somewhat of an oversight of practical PVP maybe… should you raise the minimum required major version of your dependencies without doing a major version bump? (this can also make you silently lock into a vulnerable version of a library, because the solver can’t pick the newer minor version)
We might be drifting into offtopic here. As far as I know the purpose of PVP is to prevent incorrect/failing builds. I don`t see how what you are describing is an oversight because I don’t see how the rule you are proposing would prevent incorrect builds. It would however disrupt the ecosystem a lot.
1 Like