Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Consider adding -dependencyVersion support for project.json/package reference install and update #3159

Open
joelverhagen opened this Issue Jul 18, 2016 · 2 comments

Comments

Projects
None yet
3 participants
@joelverhagen
Copy link
Member

joelverhagen commented Jul 18, 2016

Today we have the -dependencyVersion option on PMC install and update as well as the dependencyVersion option in the config. It only applies to packages.config.

We could introduce support to project.json world by lifting transitive dependencies to the parent project.

Example

Consider you have a project.json and you want to install WindowsAzure.Storage 6.2.0. This package depends on Newtonsoft.Json 6.0.8. Today if you install WindowsAzure.Storage, you will get a project.json like this:

{
  "dependencies": {
    "WindowsAzure.Storage": "6.2.0"
  }
}

In the lock file, NuGet would have resolved the lowest version that meets the dependency's spec, which means that Newtonsoft.Json 6.0.8 would be restored.

With DependencyBehavior.Highest, the highest version of Newtonsoft.Json should be picked (which is 9.0.1 today). Since project.json default behavior is taking the lowest, we could observe this DependencyBehavior.Highest option by lifting Newtonsoft.Json 9.0.1 to the project.json automatically, resulting in a project.json that looks like this:

{
  "dependencies": {
    "WindowsAzure.Storage": "6.2.0",
    "Newtonsoft.Json": "9.0.1"
  }
}

-dependencyVersion in restore?

Lifting dependencies to the parent is one possibility, but this causes the user's project to become crowded with a potentially huge number of transitive dependencies (just look at the full graph of NETStandard.Library metapackage).

Another approach would be to support -dependencyVersion in restore itself so that, as NuGet walks transitive dependencies, it picks Highest instead of Lowest as it goes. This is a significant behavior change in project.json and, as @emgarten notes, this can lead to wacky results especially with CoreFX packages that change a lot from one minor release to the next.

More thought and design needed.

@joelverhagen joelverhagen changed the title Consider adding -dependencyVersion support for project.json install and update Feature: Consider adding -dependencyVersion support for project.json install and update Jul 18, 2016

@rrelyea rrelyea added the XPLAT label Jul 19, 2016

@rrelyea rrelyea added this to the Future milestone Jul 19, 2016

@nkolev92 nkolev92 changed the title Feature: Consider adding -dependencyVersion support for project.json install and update Feature: Consider adding -dependencyVersion support for project.json/package reference install and update Mar 15, 2017

@nkolev92 nkolev92 modified the milestones: Future-2, Backlog Feb 2, 2018

@nkolev92 nkolev92 added the Priority:1 label Feb 2, 2018

@nkolev92

This comment has been minimized.

Copy link
Member

nkolev92 commented Feb 2, 2018

We probably don't want to verbatim implement this, but as joel mentioned, certainly something we need to give some thought.

@nkolev92

This comment has been minimized.

Copy link
Member

nkolev92 commented Jan 16, 2019

Related to #5553

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.