Unlisted packages are still installed via dotnet tool install
without --version
despite correctly not showing up in dotnet tool search
#24037
Labels
Area-Tools
good first issue
Issues that would be a good fit for someone new to the repository. Narrow in scope, well-defined.
Milestone
Describe the bug
A tool that was incorrectly versioned was pushed to NuGet.org and had to be unlisted.
The version is correctly hidden from searches both via nuget.org and via
dotnet tool search
butdotnet tool install
seems to ignore this and just locate the version via the provided v3-flatcontainer listI can vaguely get on board with argument that if there are dependencies on that version then it shouldn't break them by being completely inacessable, but shouldn't that really only apply in that case if that specific version is requested via
--version
rather than by default?What's the point of hiding it in the search if its still the one that is installed by default, that feels a little unexpected for the end user and potentially less safe.
It's worth noting this also existed and since been fixed in
NuGet.exe
To Reproduce
dotnet tool search <TOOLNAME>
and validate that the unlisted version does not show updotnet tool install --global <TOOLNAME>
Result
The later but, unlisted version is installed
Expected
The latest listed result is installed
Further technical details
This can be reproduced through the dotnet sdk container
using dotnet version
6.0.200
Update: 25 Feb I have since had to contact the NuGet team directly to get the package properly "deleted" so the specific package in this example is no longer a problem but the fundamental issue still remains.
The text was updated successfully, but these errors were encountered: