Orchard icon indicating copy to clipboard operation
Orchard copied to clipboard

Published 20 hours ago verified publisher icon OrchardCMS

Update NuGet packages to latest versions

Open dukeofdarkness23 opened this issue 6 years ago • 2 comments

Orchard 1.10.2 contains references to at least 50 third-party NuGet packages, and as of writing this, at least 35 are out of date.

Whilst updating things for the sake of it isn't always the best policy, it would be remiss not to update where new versions: improve security, improve performance, offer increased functionality, fix old bugs etc. Bear in mind that new versions of packages could introduce breaking changes in custom modules.

NuGet Packages in the OrchardCMS solution can be managed using the UI:

  • In Solution Explorer, right-click the Solution and select "Manage NuGet Packages..." or Tools > NuGet Package Manager > Manage NuGet Packages for Solution
  • This shows you Installed / Updatable packages, along with details of the projects that reference the package,information about current/available versions and also .net requirements and dependencies.

You can also use the Package Console (Tools > NuGet Package Manager > Package Manager Console):

  • List packages in current solution to an output file: Get-Package > c:\NuGet.txt
  • List packages with updates to an output file: Get-Package -Updates > c:\NuGetUpdates.txt

I did some basic analysis of the projects and packages in Orchard and include it in the attached spreadsheet NuGet.xlsx. I must stress that this is taken from an instance where some projects had been unloaded in VS (mainly test/deprecated modules), so there might be some missing/inaccurate info. The spreadsheet shows 3 tabs:

  • The first tab lists the projects and packages currently referenced. (With some pivot tables by Project/Package)
  • The second tab lists projects that have available package updates. (With some pivot tables by Project/Package)
  • The third tab shows the packages and some brief notes on issues encountered whilst trying to update them. These packages are grouped loosely around vendor and/or functionality and I mostly updated groups at a time rather than individually. (I did the packages in the General grouping individually)

The main issues I encountered during installation and/or compilation were:

  • NHibernate 5.1.0: This requires solution/project to target .net 4.6+
  • These introduced compilation errors and may be worth focussing on first: NUnit 3.10.1 Azure group - one or more of these packages generated errors. Not sure which. Castle.Core 4.2.1 AutoFac v4 introduced breaking changes in xml config files as described here and here

Other than that the others compiled successfully, however it would require a large number of app/web.config file changes to update assembly references/redirects etc in order to overcome runtime errors.

There are also some code-generator text files which contain hard-coded references to specific assemblies.

I also found that some packages referenced different versions of existing packages (one had a dependency on NewtonSoft v9, another on v10 and then I had to overwrite with v11 etc ) so some detailed planning based on dependencies is required to do them in the right order.

dukeofdarkness23 avatar Mar 22 '18 12:03 dukeofdarkness23

Where it makes sense

sebastienros avatar May 16 '19 19:05 sebastienros

With #8445 and #8446 we did some libraries update. This is only a part of the work, do we want to go further? @sebastienros @BenedekFarkas From what we saw during past updates, to upgrade remaining libraries is harder because it would introduce a lot of breaking changes.

HermesSbicego-Laser avatar Jun 03 '21 07:06 HermesSbicego-Laser