Add option to override transitive dependency versions when managing packages centrally #4025
Conversation
|
ping |
|
@aortiz-msft any chance you'll be able to look at this one? I noticed @zivkan assigned this to you to look at some time back. Seems like the feature would be to the community's benefit. |
|
Recent comments on the NuGet/Home#6764 show, that there is a demand for this feature to be brought back. |
|
Yeah, maybe 20+ comments in the past week and lots more thumbs up to many of those comments. Seems like there's plenty of community interest in getting this feature back in. @aortiz-msft, @zivkan, anything more we can do to help push this one along? |
|
@marcin-krystianc @nkolev92 Is this PR still under review? We would very much like to pin transitive dependencies |
|
@aortiz-msft , you were on the original #3719 issue -- do you have any thoughts here? @zivkan, you've offered some good feedback for some of our other PR's in NuGet.Client -- is there anyone else we should direct this PR to? @rconard, @cristinamanum, any thoughts here? Any and all comments would be appreciated -- we'd just like to keep the conversation on this one moving! |
|
There is quite some activity on the NuGet/Home#10389. This feature is definitely needed, and is quite critical for us. |
|
Hi @nkolev92 is there still a chance for this PR to get accepted? Is there something anybody else could/should do? My company (and others too apparently) are pretty much stuck with nuget 5.8 (and respective dotnet version 5.0.1XX) until this gets re-enabled/fixed. |
|
Hello @nkolev92, could you please review this merge request? Or assign it to somebody who can? Thanks. |
|
As an external observer, with them already having shipped RC1 and the bar for inclusion being higher and higher for RC2 and GA, realistically I think the ship has already sailed on this being part of .NET 6. |
Yup, but I must keep the sliver of hope alive! More importantly, I'd just like to get some eyes on this so that it lands at some point. It looks like there are plenty of people who want this feature back. |
|
@martincostello Transitive version pinning was removed in a minor patch version in .NET 5, so i don't think there is even a bar. The group which was invited and supposed to test and give feedback on CPVM wasn't even asked before it was suddenly removed.
FYI: That's a quote from https://aka.ms/CentralNuGetLearningDocs And https://github.com/NuGet/Home/wiki/Centrally-managing-NuGet-package-versions also says:
So currently CPVM does not behave as described in all docs available. @rconard Why do we still have to wait for this PR to be merged? Not being able to define versions for transitive dependencies in CPVM causes issues all the time and we have to add direct dependencies to projects that don't require direct dependencies. |
|
@aortiz-msft Russel said you might be able to help here as he moved to Azure IoT. |
Hello @aortiz-msft, @nkolev92, |
|
Just wanted to note that @JonDouglas did comment on the associated issue last week: Hopefully, this is a good sign! |
|
Given that vast majority of votes is in favour of transitive dependency pinning being enabled by default, I'm going to update my branch to reflect that: Are there any other concerns or requests for this features which are not reflected in my PR yet? |
|
Hey @marcin-krystianc, We're finalizing a longer-term plan for this feature going into the new year(I owe the other thread an update). If you would like to take the time to reflect the recent consensus, please feel free but keep in mind that we're still planning to have a team member review the PR in-depth when they finish up with existing commitments. Thank you! |
|
Hi all, We recently published a small document/proposal that includes a few thoughts around this behavior & some questions that would further help us move this feature forward. If would mean a lot if you can provide your feedback in the PR itself: Thanks! |
marcin-krystianc
force-pushed
the
dev-marcink-20210428-transitivepinning
branch
from
6a88650
to
8d4cf6d
Compare
…ransitivepinning # Conflicts: # src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Projects/LegacyPackageReferenceProject.cs # src/NuGet.Clients/NuGet.SolutionRestoreManager/VSNominationUtilities.cs # src/NuGet.Clients/NuGet.SolutionRestoreManager/VsSolutionRestoreService.cs # src/NuGet.Core/NuGet.Build.Tasks.Console/MSBuildStaticGraphRestore.cs # src/NuGet.Core/NuGet.Build.Tasks/NuGet.targets # src/NuGet.Core/NuGet.Commands/RestoreCommand/Utility/MSBuildRestoreUtility.cs # src/NuGet.Core/NuGet.Common/PublicAPI/net45/PublicAPI.Unshipped.txt # src/NuGet.Core/NuGet.Common/PublicAPI/net472/PublicAPI.Unshipped.txt # src/NuGet.Core/NuGet.Common/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt # src/NuGet.Core/NuGet.ProjectModel/JsonPackageSpecReader.cs # src/NuGet.Core/NuGet.ProjectModel/PackageSpecWriter.cs # src/NuGet.Core/NuGet.ProjectModel/ProjectRestoreMetadata.cs # src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Unshipped.txt # test/NuGet.Core.Tests/NuGet.Commands.Test/MSBuildRestoreUtilityTests.cs
marcin-krystianc
force-pushed
the
dev-marcink-20210428-transitivepinning
branch
from
05001df
to
0d98d88
Compare
jeffkl
changed the title
| if (packageSpec.RestoreMetadata?.CentralPackageVersionsEnabled == true && | ||
| packageSpec.RestoreMetadata?.TransitiveDependencyPinningEnabled == true) |
There was a problem hiding this comment.
Let's get rid of these old comparisons to true
| if (packageSpec.RestoreMetadata?.CentralPackageVersionsEnabled == true && | |
| packageSpec.RestoreMetadata?.TransitiveDependencyPinningEnabled == true) | |
| if (packageSpec.RestoreMetadata?.CentralPackageVersionsEnabled && | |
| packageSpec.RestoreMetadata?.TransitiveDependencyPinningEnabled) |
There was a problem hiding this comment.
Both terms are nullable so the comparison to true is rather necessary.
test/NuGet.Clients.Tests/NuGet.CommandLine.Test/RestoreNETCoreTest.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Core.FuncTests/Dotnet.Integration.Test/PackCommandTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Core.Tests/NuGet.Commands.Test/MSBuildRestoreUtilityTests.cs
Outdated
Show resolved
Hide resolved
test/NuGet.Core.Tests/NuGet.Build.Tasks.Console.Test/MSBuildStaticGraphRestoreTests.cs
Show resolved
Hide resolved
|
@NuGet/nuget-client this PR is now ready for review. Please leave your feedback on the property name we'll use to enable the feature. |
There was a problem hiding this comment.
@jeffkl Thanks for your review, I've responded to all suggested changes. so It is ready for another review.
| if (packageSpec.RestoreMetadata?.CentralPackageVersionsEnabled == true && | ||
| packageSpec.RestoreMetadata?.TransitiveDependencyPinningEnabled == true) |
There was a problem hiding this comment.
Both terms are nullable so the comparison to true is rather necessary.
test/NuGet.Core.Tests/NuGet.Commands.Test/MSBuildRestoreUtilityTests.cs
Outdated
Show resolved
Hide resolved
Bug
Fixes: NuGet/Home#10389
Fixes: NuGet/Home#10327
Regression? Last working version: 5.8 (feature removed in v5.9)
Description
This PR reverts the change that disabled the transitive dependency pinning feature. Additionally it is being now made optionable, so it will be possible to use CPVM (Central Package Version Management) with transitive dependency pinning or without it.
Project can opt-in for transitive dependency pinning by defining property:
PR Checklist
PR has a meaningful title
PR has a linked issue.
Described changes
Tests
Documentation