Conversation
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
devin-ai-integration
bot
force-pushed
the
devin/FER-9451-1775256426-csharp-extra-deps-override
branch
from
78962f1 to
fdb3981
Compare
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
…bundled deps Co-Authored-By: judah <jsklan.development@gmail.com>
Co-Authored-By: judah <jsklan.development@gmail.com>
…rridden via extra-dependencies Co-Authored-By: judah <jsklan.development@gmail.com>
Co-Authored-By: judah <jsklan.development@gmail.com>
…rride fixture Co-Authored-By: judah <jsklan.development@gmail.com>
…ransitive dep conflict Co-Authored-By: judah <jsklan.development@gmail.com>
Co-Authored-By: bot_apk <apk@cognition.ai>
Co-Authored-By: bot_apk <apk@cognition.ai>
devin-ai-integration
bot
force-pushed
the
devin/FER-9451-1775256426-csharp-extra-deps-override
branch
from
1c92fd7 to
22c8754
Compare
fern-support
approved these changes
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Linear ticket: Refs FER-9451
The C# generator's
extra-dependenciesconfig option could only add new dependencies — it could not override the versions of bundled dependencies (OneOf, System.Net.Http, etc.). Extra deps were appended alongside bundled ones, producing duplicate<PackageReference>entries in the.csproj. This prevented customers from pinning a specific version (e.g., for CVE remediation).Mirrors the Java fix in PR #14527.
Changes Made
generators/csharp/base/src/project/CsharpProject.ts— IngetDependencies(), collect extra dep names into a case-insensitive set, then skip any bundled dep whose package name matches before appending user-specified versions. Same treatment applied togetLegacyFrameworkDependencies()for TFM-conditional deps (System.Text.Json, System.Net.Http).<IncludeAssets>and<PrivateAssets>metadata. Instead of using the genericpushIfNotOverridden+ extra-deps loop (which would emit a simple single-line reference), PolySharp is always emitted with full metadata using the user's version if overridden, and skipped in the extra-deps loop to avoid duplication.seed/csharp-sdk/seed.yml— Addedextra-dependencies-overridefixture variant that specifiesPolySharp: "1.14.0"to override the bundledPolySharp: "1.15.0".seed/csharp-sdk/imdb/extra-dependencies-override/— Generated seed output proving the override works: PolySharp at1.14.0with<IncludeAssets>and<PrivateAssets>metadata preserved.generators/csharp/sdk/versions.yml— Added v2.56.6 changelog entry.Key Review Points
<IncludeAssets>,<PrivateAssets>child elements). When overridden viaextra-dependencies, the version is swapped but metadata is preserved. The extra-deps loop skips PolySharp (case-insensitive) to avoid double-emission. Verify this logic ingetDependencies()around lines 930–974.getLegacyFrameworkDependencies()suppresses bundled entries but does not re-inject the user's version into the conditional ItemGroup — the user's version is already in the unconditional group fromgetDependencies(). Confirm MSBuild resolves this correctly across TFMs.irVersion: 65, matching the rest of the 2.56.x line. The jump toirVersion: 66occurred in v2.57.0-rc.0.OneOfto a lower version, butOneOf.Extended 3.0.271has a transitive dependency onOneOf >= 3.0.271, causing NuGet error NU1605. Switched to overriding PolySharp which has no transitive dependency conflicts.extra-dependenciesfixture (non-conflicting deps) was regenerated with zero diff, confirming no regression.Human Review Checklist
seed/csharp-sdk/imdb/extra-dependencies-override/src/SeedApi/SeedApi.csprojis at version1.14.0with<IncludeAssets>and<PrivateAssets>metadata preserved (not a simple self-closing tag)irVersion: 65is correct for a 2.56.x patch releaseOneOf) would also work — thepushIfNotOverriddenhelper skips correctly but there is no seed fixture exercising that pathTesting
extra-dependencies-overridefixture validates override behavior (PolySharp 1.14.0 with metadata)extra-dependenciesfixture regenerated with no diff (regression check)Link to Devin session: https://app.devin.ai/sessions/8163fd2454fe4ba3b294a07131c23d55