Paket do not keeps versions locked for dependencies #1457

Closed
tsibelman opened this Issue Feb 4, 2016 · 24 comments

Comments

Projects
None yet
2 participants
@tsibelman
Contributor

tsibelman commented Feb 4, 2016

Hi have following paket.dependencies file I set all 3 dependencies to be locked to specific version

source https://www.nuget.org/api/v2/

framework: net451
redirects: on

nuget Microsoft.Orleans.Core 1.1.1
nuget Microsoft.Orleans.CounterControl 1.1.1
nuget Microsoft.Orleans.OrleansRuntime 1.1.1

When paket.lock is created it looks like this:

Microsoft.Orleans.Core (1.1.1)
Newtonsoft.Json (>= 6.0.8)
Microsoft.Orleans.CounterControl (1.1.1)
Microsoft.Orleans.Core** (>= 1.1.1)**
Microsoft.Orleans.OrleansRuntime** (>= 1.1.1)**
Microsoft.Orleans.OrleansRuntime (1.1.1)
Microsoft.Orleans.Core** (>= 1.1.1)**

All dependencies are more permissive that is specified. I understand that these dependencies ranges are coming from nugets but I think they should be overridden in lock file. This will allow us to force users to use specific version of transitive dependencies

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

The indented lines are only showing the restrictions from the package nuspec. They are combined with the stuff that you specify in the dependencies file. As a result you see that we select the correct versions.

Member

forki commented Feb 4, 2016

The indented lines are only showing the restrictions from the package nuspec. They are combined with the stuff that you specify in the dependencies file. As a result you see that we select the correct versions.

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

In other words: indented lines are only for information. They don't represent what we select

Member

forki commented Feb 4, 2016

In other words: indented lines are only for information. They don't represent what we select

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

Ok I see that when I create nuget packages the dependencies from paket.dependencies are not used in nuspec

Contributor

tsibelman commented Feb 4, 2016

Ok I see that when I create nuget packages the dependencies from paket.dependencies are not used in nuspec

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

Or maybe I don't understand what you are describing.

Member

forki commented Feb 4, 2016

Or maybe I don't understand what you are describing.

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

I will try again :)

I created some nuget let's call it Common.dll, that has dependency on 3 Microsoft.Orleans nugets of specific version, I checked the nuspec file and it looks like all dependencies there are correct, here a sample:

  <dependency id="Microsoft.Orleans.OrleansRuntime" version="1.1.1" />
  <dependency id="Microsoft.Orleans.CounterControl" version="1.1.1" />
  <dependency id="Microsoft.Orleans.Core" version="1.1.1" />

But when I use the Common.dll nuget in my other project I don't get 1.1.1 versions but get 1.1.2 version of Orleans dependencies.

Contributor

tsibelman commented Feb 4, 2016

I will try again :)

I created some nuget let's call it Common.dll, that has dependency on 3 Microsoft.Orleans nugets of specific version, I checked the nuspec file and it looks like all dependencies there are correct, here a sample:

  <dependency id="Microsoft.Orleans.OrleansRuntime" version="1.1.1" />
  <dependency id="Microsoft.Orleans.CounterControl" version="1.1.1" />
  <dependency id="Microsoft.Orleans.Core" version="1.1.1" />

But when I use the Common.dll nuget in my other project I don't get 1.1.1 versions but get 1.1.2 version of Orleans dependencies.

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

Ok I see the issue is the forma of the version it writen as version="1.1.1" but it should be specified as version="[1.1.1]"
https://docs.nuget.org/create/versioning

1.0 = 1.0 ≤ x
[1.0] = x == 1.0

Contributor

tsibelman commented Feb 4, 2016

Ok I see the issue is the forma of the version it writen as version="1.1.1" but it should be specified as version="[1.1.1]"
https://docs.nuget.org/create/versioning

1.0 = 1.0 ≤ x
[1.0] = x == 1.0

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

dependency id="Microsoft.Orleans.OrleansRuntime" version="1.1.1"

means >= 1.1.1

Member

forki commented Feb 4, 2016

dependency id="Microsoft.Orleans.OrleansRuntime" version="1.1.1"

means >= 1.1.1

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

Now i don't understand

Contributor

tsibelman commented Feb 4, 2016

Now i don't understand

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

sorr reformatted

Member

forki commented Feb 4, 2016

sorr reformatted

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

Yes but in paket i wrote it as specific version

Contributor

tsibelman commented Feb 4, 2016

Yes but in paket i wrote it as specific version

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

are you sure? Can I see a repro?

Member

forki commented Feb 4, 2016

are you sure? Can I see a repro?

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

wait a minute. I think I can reproduce

Member

forki commented Feb 4, 2016

wait a minute. I think I can reproduce

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

You can use the samples I used in first post.

Contributor

tsibelman commented Feb 4, 2016

You can use the samples I used in first post.

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

mhm. sorry I can't reproduce. 050bafb shows correct behaviour.

Member

forki commented Feb 4, 2016

mhm. sorry I can't reproduce. 050bafb shows correct behaviour.

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

Hi I am attached scenario that can reproduce it, just rename file to zip

ConsoleApplication1.txt

Contributor

tsibelman commented Feb 4, 2016

Hi I am attached scenario that can reproduce it, just rename file to zip

ConsoleApplication1.txt

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

If I do pack I get:

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<package xmlns="http://schemas.microsoft.com/packaging/2011/10/nuspec.xsd">
  <metadata>
    <id>ConsoleApplication1</id>
    <version>1.0.0.0</version>
    <title>ConsoleApplication1</title>
    <authors></authors>
    <description></description>
    <dependencies>
      <dependency id="Microsoft.Orleans.OrleansRuntime" version="[1.1.1]" />
      <dependency id="Microsoft.Orleans.CounterControl" version="[1.1.1]" />
      <dependency id="Microsoft.Orleans.Core" version="[1.1.1]" />
    </dependencies>
  </metadata>
</package>
Member

forki commented Feb 4, 2016

If I do pack I get:

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<package xmlns="http://schemas.microsoft.com/packaging/2011/10/nuspec.xsd">
  <metadata>
    <id>ConsoleApplication1</id>
    <version>1.0.0.0</version>
    <title>ConsoleApplication1</title>
    <authors></authors>
    <description></description>
    <dependencies>
      <dependency id="Microsoft.Orleans.OrleansRuntime" version="[1.1.1]" />
      <dependency id="Microsoft.Orleans.CounterControl" version="[1.1.1]" />
      <dependency id="Microsoft.Orleans.Core" version="[1.1.1]" />
    </dependencies>
  </metadata>
</package>
@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

I use following command to pack: paket pack output nugets minimum-from-lock-file buildplatform x64

Contributor

tsibelman commented Feb 4, 2016

I use following command to pack: paket pack output nugets minimum-from-lock-file buildplatform x64

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

minimum-from-lock-file

Why didn't you say that before? ;-)

Member

forki commented Feb 4, 2016

minimum-from-lock-file

Why didn't you say that before? ;-)

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

From my point of view every one should use minimum-from-lock-file exclusively :)

Contributor

tsibelman commented Feb 4, 2016

From my point of view every one should use minimum-from-lock-file exclusively :)

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

nope, that's only one of possible workflows.

Member

forki commented Feb 4, 2016

nope, that's only one of possible workflows.

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

anyways will add a test and a fix for that

Member

forki commented Feb 4, 2016

anyways will add a test and a fix for that

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

Thank you

Contributor

tsibelman commented Feb 4, 2016

Thank you

@forki forki closed this in d17214d Feb 4, 2016

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Feb 4, 2016

Member

please try latest

Member

forki commented Feb 4, 2016

please try latest

@tsibelman

This comment has been minimized.

Show comment
Hide comment
@tsibelman

tsibelman Feb 4, 2016

Contributor

Works perfect thank you

Contributor

tsibelman commented Feb 4, 2016

Works perfect thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment