Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revise dependencies #71

Merged
merged 1 commit into from
Jun 5, 2023
Merged

Revise dependencies #71

merged 1 commit into from
Jun 5, 2023

Conversation

adams85
Copy link
Contributor

@adams85 adams85 commented May 31, 2023
edited
Loading

Describe the purpose of your pull request

This PR is kind of a follow-up to #68

I revised the package references of other targets than .NET framework targets as well and it seems to me that we have some unnecessary or questionable references:

  • System.Net.Http (v4.3.4): this is an OOB (out-of-band) package which is for backporting newer improvements/fixes for older runtimes. However, MS don't advise using the separate System.Net.Http NuGet package anymore because it may lead to complications (as we also experienced that ourselves). In the case of .NET 5+, referencing the package is pointless anyway because those runtimes include a newer version. In the case of older targets, I think we shouldn't require this package either but we'd better leave the decision to the end user to reference it in their application if they want to. So I propose removing this dependency completely.
  • System.Text.RegularExpressions (v4.3.1): this is very similar to System.Net.Http but, based on the comment, it contains some security fix(es). So in targets older than .NET 5, it may make sense to require this dependency. However, I think it would be better to leave the decision to the end user in this case as well: let them reference it in their applications if they see fit but I'm not sure that we should make the decision for them by requiring this dependency via our library.
  • System.Text.Json (v6.0.5): our library uses features which was introduced in System.Text.Json v6.0, so we need this one (except for .NET 6 which already includes it). However, I recommend referencing the oldest version that works for us instead of some arbitrary patch version. This version would be v6.0.0.

Requirement checklist (only if applicable)

  • I have covered the applied changes with automated tests.
  • I have executed the full automated test set against my changes.
  • I have validated my changes against all supported platform versions.
  • I have read and accepted the contribution agreement.

@adams85 adams85 requested a review from a team as a code owner May 31, 2023 17:00
@adams85 adams85 force-pushed the revise-dependencies branch 6 times, most recently from 3631d26 to 5d54aa5 Compare June 1, 2023 08:33
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 1, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@adams85 adams85 merged commit fe45139 into master Jun 5, 2023
@adams85 adams85 deleted the revise-dependencies branch June 5, 2023 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laliconfigcat laliconfigcat laliconfigcat approved these changes

@endret endret endret approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adams85 @endret @laliconfigcat