Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation update: empty dependency version strings will no longer be accepted when pushing packages to nuget.org #3750

Closed
xavierdecoster opened this issue Apr 5, 2017 · 2 comments
Closed

Documentation update: empty dependency version strings will no longer be accepted when pushing packages to nuget.org #3750

xavierdecoster opened this issue Apr 5, 2017 · 2 comments
Assignees
@xavierdecoster @anangaur @skofman1 @karann-msft
Labels
Area: Data Integrity Area: Gallery UI
Milestone
S116 - 2017.3.27

Comments

@xavierdecoster
Copy link
Member

The task is to document the behavioral change in how we validate package dependency version ranges.

Page affected:
https://docs.microsoft.com/en-us/nuget/create-packages/dependency-versions#version-ranges

Moving forward, nuget.org will be strict and no longer accept packages defining dependencies with an empty version range.

The change to reject empty dependency version ranges is in line with the recommendation as per the docs, which now will be enforced.

For consistent behavior, it's recommended to always specify a version or version range for package dependencies.

Current docs state:

If no version is specified for a dependency, NuGet behaves as follows:

NuGet v2.7.2 and earlier: The latest package version will be used
NuGet v2.8 and later: The lowest package version will be used

I think we should modify this and add:

NuGet v2.8 to v4.1.0: The lowest package version will be used
NuGet v4.3.0 and above: no longer supported and considered an invalid dependency version range

The above of course assumes that NuGet v4.3.0 aligns behavior for pack :) (tracked by NuGet/Home#4985)
@skofman1 skofman1 added this to the S116 - 2017.3.27 milestone Apr 5, 2017
@xavierdecoster
Copy link
Member Author

In addition to the above future client-behavior change, we should also point out that nuget.org behavior changes as part of deployment #3718.

From then on, the gallery will be more strict and reject packages with invalid dependency version range declarations.

@xavierdecoster
Copy link
Member Author

Client pack behavior change is likely only to be part of v4.3.0, so that docs change can wait a little.

Server side change will go live this sprint.
Suggested addition (feel free to reword):

The nuget.org web site no longer accepts packages that declare dependency versions with an empty version range.
By enforcing our earlier recommendation, the nuget.org package validation became a bit more strict, and both service and client became a bit less subject to potential errors caused by illegal dependency version ranges.

skofman1 added a commit to skofman1/docs.microsoft.com-nuget that referenced this issue Apr 12, 2017
@skofman1
Documentation update: empty dependency version strings will no longer…
f5de812 
… be accepted when pushing packages to nuget.org

Issue: NuGet/NuGetGallery#3750
@skofman1 skofman1 mentioned this issue Apr 12, 2017
Merged
@skofman1 skofman1 self-assigned this Apr 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xavierdecoster xavierdecoster

@anangaur anangaur

@skofman1 skofman1

@karann-msft karann-msft

Labels
Area: Data Integrity Area: Gallery UI
Projects
None yet
Milestone
S116 - 2017.3.27
Development

No branches or pull requests
4 participants
@xavierdecoster @anangaur @skofman1 @karann-msft