'ver' doesn't include sub-dependencies in the decision of whether to bump the minor or major versions, so if a package you are analysing exports a struct from a different non-vendored package and that package has changed, then you could have broken API compatibility via the dependent package without knowing about it, so maybe that's it?
I was thinking of this as a tool to help people notice when they've changed their API and also handle the common case of go repos which haven't got any versioning on them. The bumped version numbers would let you know how the code you've used its changing, e.g. by building a sparkline of how the package's public API is changing over time.
Cheers for the pointer to masterminds/vcs repo, unless I'm missing something, it lacks a 'git log' type behaviour to list all of the commits in the repo, but it looks like it would be easy enough to submit a pull request to add it.
I've used SemVer before for parsing tags really successfully, but I tried to minimise relying on external packages to keep the code as simple as possible for now. I figured that if people thought 'ver' was a useful thing, I'd add support for parsing existing tags on repos and add SemVer in at that point.
Nice idea on starting from a commit hash - it would totally make sense to only start suggesting a version after the latest semver tag has been added to the repo, e.g. if the latest tag was 1.2.3, then 'ver' should suggest 1.2.4 rather than ignoring tags and doing its own thing.