Any other way risks runtime errors. And to people about to mention types in python: those are also checked at runtime.
People keep using these hyper dynamic languages and then running into these robustness issues and scaling limitations brought on by their very dynamism. It makes me mad and sad.
- Pin all application versions - Don't pin or set upper bounds in libraries. Lower bounds may work. - Use automation to continuously upgrade and test new versions of everything
If you just pin, you fall behind and eventually it becomes expensive to catch up. If you don't pin, you lose repeatability. If you don't automate, the upgrade work doesn't happen reliably.
And by another user 54 days ago: https://news.ycombinator.com/item?id=39486552
I use Poetry for all my projects, but I agree that it exacerbates the issue somewhat with its default npm-style version syntax.
Major versions going EOL'd and unmaintained is unfortunate, but that's not a purely technical problem. Releasing a new major version and breaking compatibility with existing users is as much a social decision as a technical one.
I'm not sold on the "semver doesn't work anyway" angle here either, although I admit that it's not perfect.