SemVer 2.0.0 warnings #5493
Assignees
Milestone
Comments
|
@anangaur we should use |
|
Is this complete? |
|
Still need to verify the pack due to "GeneratePackageOnBuild" property in csproj file scenario. Other scenarios are complete, except for case 3 which is a non-goal of semver2 and out-of-scope. |
|
The following still needs fixing:
|
|
dotnet\project-system |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
SemVer 2.0.0 packages will not be visible from legacy clients (i.e clients before NuGet 4.3 release). In order to make sure that publishers are aware that they are about to publish a SemVer 2 package, they should be warned appropriately so that this is a conscious decision and not an inadvertent one.
Read more on Identifying SemVer v2.0.0 Packages
One of the concerns is that a build metadata (e.g. 2.1.0**+buildmetadata**) also constitutes a Semver 2 version though this build metadata does not form the identity of the package.
Solution
The idea here is to warn enough at the client (this issue) and on the NuGet.org server (NuGet/NuGetGallery#4215) when there is an intent or when the package is published.
Following is the list of cases and NuGet should identify to determine a SemVer 2 package and corresponding warning messages NuGet should output:
Case 1: Package has prerelease SemVer 2.0.0 versioning
Warning1:
Title: This package has a SemVer 2.0.0 package version
Message: This package will only be available to download with SemVer2 compatible NuGet clients, such as Visual Studio 2017 (version 15.3) and above or NuGet client 4.3 and above. Read more
Case 2: Package has a non-semver2 version, but is considered semver2 due to a dependency declaration
Warning2
Title: This package is considered a SemVer 2.0.0 package as it has dependency on SemVer2 package(s)
Message: This package will only be available to download with SemVer2 compatible NuGet clients, such as Visual Studio 2017 (version 15.3) and above or NuGet client 4.3 and above. Read more
Case 3: Package has dependecy declared as SemVer 1 but the available dependency matching default dependency resolution Lowest itself is SemVer 2.0.0 (due to build metadata)
Warning2 as described above.
NuGet client should warn for the above scenarios during:
For #2, these should be numbered warnings so that these can honor build property for elevating as error or suppressing the warnings
For #3, these warnings should be emitted by the server in the response that should be shown to the user.
The text was updated successfully, but these errors were encountered: