Skip to content

DependencyWithNoVersion

Rob Reynolds edited this page Dec 21, 2015 · 6 revisions

Dependency with No Version

WARNING!

There is a bug with this check - https://github.com/chocolatey/package-validator/issues/84

If you have implemented the recommended fixes, you should see this go away on checks after this has been corrected.

Issue

In the nuspec, you have a dependency on another package without at the very least a minimum version.

Recommended Solution

Version-less dependencies are not recommended now that choco will resolve the latest version of a package. Please add at the very least the minimum version (also known as the lower bound) of the package you depend on. Note how version ranges work, see http://docs.nuget.org/Create/versioning#Specifying-Version-Ranges-in-.nuspec-Files

Reasoning

At a point in history, NuGet would always get the oldest version of a package that would meet the version range that was specified. When you didn't specify a version, it would get the latest possible version. Once choco 0.9.9+ came out, it flipped NuGet to always getting the most recent version of a package that satisfied a dependency. It's considered incorrect to not at the very least specify a minimum version that would meet a dependency. This way it is more explicit.

Remember!!

Always push the exact same version of the package during review! Package versions are not immutable until approved.

Requirements

Guidelines

Suggestions

Notes

Clone this wiki locally
You can’t perform that action at this time.