[Epic]: Central Package Management improvements for 17.4 #11952
Comments
jeffkl
added
Epic
Area:RestoreCPM
|
Please seriously consider #9464 as part of this. It's a very important scenario for us. |
@AArnott I thought when we discussed #9464 that we came to the conclusion that some tooling was needed there? NuGet restores each project in a silo due to the nature of how .NET builds work. NuGet doesn't know that another project is transitively referencing a different version of a dependency unless those two projects depend on each other. To truly achieve what #9464 asks for, we'd need tooling like Dependabot to analyze a whole repository to unify the dependency tree. Central package management allows us to define package versions in one location but won't be directly addressing updates across entire repositories transitively when projects don't reference each other. That said, I still think it would be awesome for a tool like that to exist. |
|
Oh yes, I remember now. Sad. Maybe we should close #9464 with the explanation then. I can't because someone on the NuGet team created that issue on my behalf. |
|
I'll update the issue and leave it open for now. I still like the idea of it all, I just don't think central package management can solve it at this time. |
|
Closing now that all work is complete for this epic. This item tracks additional work related to tooling: #9015 |
|
This Epic is closed, but issue #11822 is still open. Is the |
I'm fairly confident that the next release will address #11822 but I'm waiting for the person who opened the issue to get a preview version and see if they agree. I've left it open until then but will probably close it soon. |
|
@jeffkl, is "No one location to specify metadata like NoWarn" part of this release? Asking as I don't see it "ticked" above nor is it mentioned in the 6.4 release announcement. |
@DevBaburaj unfortunately I couldn't come up with a good design for PackageReference NoWarn in one place. Flowing The best solution if you want a particular package reference to always have a NoWarn for every project in your repository is to add this to your <Project>
<ItemGroup>
<PackageReference Update="SomePackage" NoWarn="%(NoWarn);NU1000" />
</ItemGroup>
</Project>Otherwise you'll just need to specify the |
|
Looks like .NET SDK 6.0.403 was released. I was hoping it'd include these improvements but appears not. |
|
@zarenner Visual Studio 17.4 released with .NET SDK 7.0.100 and NuGet along with other components of the .NET developer ecosystem stopped inserting into .NET SDK 6.x. Are you able to use .NET SDK 7? |
|
@jeffkl thanks, wasn't aware. We were considering skipping .NET 7 (incl. sdk) at least for now as its a STS release, but this might change the equation since |
Transitive pinning shipped in Visual Studio 2022 17.2 (NuGet/NuGet.Client#4025) and .NET SDK 6.0.3xx. But the features you'll miss in .NET SDK 6 are:
.NET 7.0 is definitely worth checking out though... |
Issues
ProjectDependenciesin solution file #12021------------------------------------------ Cut line --------------------------------------------Features
NoWarnSince Microsoft.Build.CentralPackageVersions uses the
Updateguesture, it lets users specify a version for a package as well as other metadata likeNoWarn. However, in NuGet's CPM we only have a<PackageVersion />item and it wouldn't make sense to specifyNoWarnon a package version. Users will need to add a<PackageReference Update="" NoWarn="1234" />to theirDirectory.Packages.props.Pull Requests
Documentation
The text was updated successfully, but these errors were encountered: