[gmueckl]

It's easy to accidentally ship a minimum version requirement that is out of date when you also consistently use lock files pinned to newer versions. The code may silently depend on something introduced in a newer version pulled in by the lock file.

[sanxiyn]

You can have a CI builder using direct-minimal-versions to check this.

[ComputerGuru]

Point releases are often bugfix releases, i.e. not api changes but runtime changes. CI won’t help without very specific accompanying tests.

[stouset]

I have literally never run into this being a problem in practice. If someone downstream ever did notice, they can just specify a higher minimum version constraint.

[stouset]

Just have CI build with the minimum and the maximum.