-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Metadata like PrivateAssets does not flow from parent to transitively pinned dependency in CPM #10311
Comments
Just a note on this: this issue is blocking our adoption of CPVM. |
This repro'd with .NET SDK 5.0.100, but it no longer repros in 6.0.103. I'm not sure what the first version that fixed this was. |
@AArnott I think that this issue was closed prematurely. The change that re-adds the "transitive dependency pinning" functionality (NuGet/NuGet.Client#4025) was merged at the beginning of March and I believe it wasn't released yet. So what you actually observe is just a consequence of missing the "transitive dependency pinning" feature. |
Quite right, @marcin-krystianc : it does still repro. |
@AArnott unfortunately this bug fix won't be available in 17.3 since its taking longer than expected to get it right. My PR is going to be merged for 17.4 which means the functionality will only be available in .NET 7. Is that going to be a problem for your build environment? You'll need to use .NET 7 to restore/build but of course can target any framework still. |
Thanks for trying. I suppose we'll get by till our build environment can target .NET 7 (sometime after GA, presumably). We just won't be able to set CentralPackageTransitivePinningEnabled=true till then. |
Tested and verified to repro on .NET Core SDK versions: 3.1.401, 5.0.100
This is an adoption blocker for our teams.
When CPVM is active, package dependencies are retained to transitive references with pinned versions even if their direct reference had
PrivateAssets="all"
set on them.Given this simple csproj:
and a
Directory.Packages.props
file with this content:and a
Directory.Build.props
file with this content:EXPECTED
The packed project contains no dependency because its only
PackageReference
hasPrivateAssets="all"
metadata.ACTUAL
The resulting package has a nuspec that expresses a dependency on a transitively referenced package:
Sample Project
Minimal repro: issue10311.zip
The text was updated successfully, but these errors were encountered: