Please avoid making pointless dependency updates

[hannob]

Is your feature request related to a problem? Please describe.

I'm maintaining ejabberd for a linux distribution (Gentoo). A lot of work is caused by the fact that ejabberd has a large number of dependencies that need regular updates.

However many of these dependencies seem to get new versions that don't change anything, and then dependencies get raised without any need.

To give an example: ejabberd 20.07 requires cache_tabl 1.0.25, while ejabberd 20.12 raised that to cache_tab 1.0.26. Looking at the git commit log https://github.com/processone/cache_tab/commits/master it seems nothing changed in the code between 1.0.25 and 1.0.26. The only changes are an updated changelog and changes to the travis ci config file. The update from 1.0.24 to 1.0.25 didn't change anything at all.

This seems to be a very regular pattern in your dependencies. There are updates without any actual changes, often just creating changelog entries or updating CI configs. None of that should justify raising a dependency.

Describe the solution you'd like
Please only make new releases of packages if there's actually some fixes or new features. And only raise dependencies if the new version is actually required.

[prefiks]

Hello,

Yes it's a pain on our side too, but it's done for a reason, rebar that is used for builds doesn't have fuzzy/semver matching of version numbers, and there can be a problem with transient dependences, when different versions of same package is used, it doesn't always choose newest version in that case (it pick whichever did happen as first in dependency graph).

[mremond]

We have two options here:

1. Moving the build chain to rebar3.
2. Moving the build chain to mix.

I would rather use mix to also promote deeper integration with Elixir.