semantic-versioning
Safeguard articles tagged "semantic-versioning" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Why semantic versioning and release channels matter for security tools
A backdoor sat in xz-utils 5.6.0 and 5.6.1 for weeks before Andres Freund caught it — stable distro channels, not luck, kept it out of most production systems.
Dependency Management: Frequently Asked Questions
A practical FAQ on managing software dependencies in 2026 — direct vs transitive, lockfiles, semantic versioning, safe updates, dependency confusion, and keeping trees clean.
What Is Semantic Versioning?
Semantic versioning encodes the meaning of a release into its version number. Here is how MAJOR.MINOR.PATCH works and why it drives both dependency resolution and security triage.
The Security Implications of Semantic Versioning
Semver promises predictability in dependency management. In practice, it creates a trust model with serious security implications that most developers do not consider.