My packages.config has this entry:
<package id="xxxxxx" version="3.0.0" allowedVersions="[3.0,3.3)" targetFramework="net452">
Now there is no package xxxxxxx at version 3.0.0 (there might have been, once upon a time), but I am allowing anything between 3.0 and 3.3. I do have a package at 3.1.0, and I expected that nuget would find that one and pick it up, but I get the error
Unable to find version '3.0.0' of package xxxxxxxx
Questions:
Why does nuget not say, "oh I can't find 3.0.0 but I'm allowed to use anything from 3.0 to 3.3 and I have 3.1.0. I'll use that!"
What is the correct config to use to make it pick up the highest available version in the allowed range?
In packages.config, every dependency is listed with an exact
version attribute that's used when restoring packages. The
allowedVersions attribute is used only during update operations to
constrain the versions to which the package might be updated.
Source: https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#references-in-project-files-packagereference
If you want to use ranges in your project, you will have to switch to References in project files (PackageReference), but keep in mind:
NuGet 2.8.x and earlier chooses the latest available package version
when resolving a dependency, whereas NuGet 3.x and later chooses the
lowest package version.
Option to always resolve to highest version was proposed and rejected: https://github.com/NuGet/Home/issues/1192
Related
My project uses .NET Standard Library version 2.1.0. One of the packages that it references is System.Net.WebSockets.Client version 4.0.2.0. This package in its turn has a dependency on System.Security.Cryptography.X509Certificates version 4.1.0. As a result, when I restore before build, this particular version gets downloaded. The issue is version 4.1.0 of System.Security.Cryptography.X509Certificates has a known vulnerability and should get updated to 4.1.2 which has the vulnerability fixed.
I am not sure how to update the version of a package that is being internally referenced from another package which itself is part of the .NET Standard Library.
I am getting flagged in my build for using the non-compliant version of the X509Cerificates package. Any pointers in this regard would be much appreciated.
Thanks.
What is the difference between the "Upgradable" and "Resolvable" columns in the output of "dart pub outdated"?
Here is an example of a package that can be upgraded to the latest. The Upgradable, Resolvable, and Latest all match:
url_launcher *6.0.11 6.0.12 6.0.12 6.0.12
Here is an example of a package that is already at the highest resolvable version, but can't be upgraded to the absolute latest version. Presumably another dependency is restricting the resolvability to the latest.
rxdart *0.26.0 *0.26.0 *0.26.0 0.27.2
Here is an example of a package that can't be upgraded any higher but has a Resolvable version that is higher. What does this mean? How is this different from the middle case above?
provider *5.0.0 *5.0.0 6.0.1 6.0.1
In addition to the other very useful posted thoughts, I have learned the following helpful details:
Upgradable refers to the highest version that your direct pubspec will permit, which considers the sdk version and the individual package version (whether to upgrade to just minor or also major). When Upgradable is limited, it can likely be your sdk version holding things back. In my case I was using sdk 2.12, but some packages require 2.14 now (Sep 2021).
From the docs:
The latest version allowed by your pubspec.yaml file. This is the version that dart pub upgrade resolves to. The value is - if the value in the Current column is -.
Resolvable refers to the highest version that all of the other packages' dependencies will allow, in addition to your direct pubspec constraints. When the Resolvable is limited, there is usually one package holding everything back, or a major version holding everything back.
From the docs:
The latest version that can be resolved, when combined with all other dependencies. This version corresponds to what dart pub upgrade gives you if all version constraints in pubspec.yaml are unbounded. A value of - means that the package won’t be needed.
Upgradable means an upgradeable version. Generally, minor version updates can be upgraded directly without modification.
Resolvable can use the version, generally a major version update (the 0.x version may have destructive changes, same as major version), may have incompatible interfaces to the previous version, if you update this version, you may need to change some code
Latest The latest version. If it is inconsistent with the Resolvable version, means the SDK version required by the latest version is inconsistent with the current project
The main difference is that Resolvable mains the version you need to reach to resolve outdated issues in your project and Upgradable mains the version you can update of that package.
To resolve it you must find packages you can update and continue updating until you can update the main package.
You can see it in this link about those concepts: Dart pub outdated
In my build pipeline, I have the following step:
I am getting the following error:
##[error]The nuget command failed with exit code(1) and error(NU1102: Unable to find package Microsoft.Windows.SDK.BuildTools with version (>= 10.0.19041.8)
When I go to the NuGet page for this package: Microsoft.Windows.SDK.BuildTools, I see that it only has one version: 10.0.18362.3-preview. I am not sure why the NuGet restore step is trying to get a higher version that does not exist. Why is this happening and how can I fix it? Note: this is my first Pipeline.
Agent Specification: Windows-2019.
From this page, you can see only two versions of the package Microsoft.Windows.SDK.BuildTools are listed:
10.0.19041.1
10.0.18362.3-preview
When open the page of version 10.0.19041.1, you can see the warning message to notify that this package version has been deprecated. But it seems that you can still download and install it.
I think the other package versions may have been permanently deleted by the owner due to some security vulnerabilities. So you no longer find them.
You can try to open your project using Visual Studio on your local machine, and change to use version 10.0.18362.3-preview in your program.
We have a project that is utilizing a set of Nuget-based Azure libraries. One of them was published with a specific MIN and MAX dependency on Newtonsoft.Json (max version being 7)
This was a headache, because other libraries depend on 8+ version of Netwon and this specific Azure library is just fine working with any modern Json package.
In VS2013, we forced to install this Azure library with newer version of Json package thru nuget installer and subsequently, Nuget never gave us any issues installing/updating other libraries.
However, after upgrading to VS2017, we cannot update any package (or at least the ones that depend on Json) and we get the error below.
Unable to resolve dependencies. 'Newtonsoft.Json 8.0.3' is not compatible with 'Microsoft.Azure.Insights 0.15.0-preview constraint: Newtonsoft.Json (>= 6.0.8 && < 7.0.0)'
How do we have Nuget ignore that specific Azure library's unimportant MAX version dependence?
How do we have Nuget ignore that specific Azure library's unimportant MAX version dependence?
If you confirm that Azure library is just fine working with any modern Json package and you want use the Microsoft.Azure.Insights 0.15.0-preview and 8+ version of Newtonsoft.Json at the same time. I would like provide a workaround to you, hope this can help you.
Detailed Steps:
Install the package Microsoft.Azure.Insights 0.15.0-preview with its dependencies first.
Only uninstall the package Microsoft.Azure.Insights 0.15.0-preview, Keep dependencies installed.
Update the Newtonsoft.Json to the version 8+.
Install the package Microsoft.Azure.Insights 0.15.0-preview in the Package Manager Console with following NuGet command:
Install-package Microsoft.Azure.Insights -IncludePrerelease -IgnoreDependencies
With the option -IgnoreDependencies, NuGet will ignore that specific Azure library's unimportant MAX version dependence:
Note: Need to mention is that if you update the Newtonsoft.Json package next time, you still need to follow the steps above to upgrade your Newtonsoft.Json package.
I want to install an older version of a package (Newtonsoft.Json). But NuGet rolls back:
PM> Install-Package Newtonsoft.Json -Version 4.0.5
Successfully installed 'Newtonsoft.Json 4.0.5'.
Install failed. Rolling back...
Install-Package : Already referencing a newer version of 'Newtonsoft.Json'.
How can I do it?
Try the following:
Uninstall-Package Newtonsoft.Json -Force
Followed by:
Install-Package Newtonsoft.Json -Version <press tab key for autocomplete>
As of NuGet 2.8, there is a feature to downgrade a package.
NuGet 2.8 Release Notes
Example:
The following command entered into the Package Manager Console will downgrade the Couchbase client to version 1.3.1.0.
Update-Package CouchbaseNetClient -Version 1.3.1.0
Result:
Updating 'CouchbaseNetClient' from version '1.3.3' to '1.3.1.0' in project [project name].
Removing 'CouchbaseNetClient 1.3.3' from [project name].
Successfully removed 'CouchbaseNetClient 1.3.3' from [project name].
Something to note as per crimbo below:
This approach doesn't work for downgrading from one prerelease version to other prerelease version - it only works for downgrading to a release version
I've used Xavier's answer quite a bit. I want to add that restricting the package version to a specified range is easy and useful in the latest versions of NuGet.
For example, if you never want Newtonsoft.Json to be updated past version 3.x.x in your project, change the corresponding package element in your packages.config file to look like this:
<package id="Newtonsoft.Json" version="3.5.8" allowedVersions="[3.0, 4.0)" targetFramework="net40" />
Notice the allowedVersions attribute. This will limit the version of that package to versions between 3.0 (inclusive) and 4.0 (exclusive). Then, when you do an Update-Package on the whole solution, you don't need to worry about that particular package being updated past version 3.x.x.
The documentation for this functionality is here.
Now, it's very much simplified in Visual Studio 2015 and later. You can do downgrade / upgrade within the User interface itself, without executing commands in the Package Manager Console.
Right click on your project and *go to Manage NuGet Packages.
Look at the below image.
Select your Package and Choose the Version, which you wanted to install.
Very very simple, isn't it? :)
Another more manual option to get it:
.nuget\nuget.exe install Newtonsoft.Json -Version 4.0.5