dependabot-core
dependabot-core copied to clipboard
Dependabot should not add build info to the manifest with NuGet
This is a follow-on to #4845.
It is an ecosystem best practice to drop the build identifier from the version when adding dependencies to a .NET project.
Here's an example from nuget.org
Although there is a build identifier, the site tells users to drop it when installing.
Also doing some searches on github.com, the only time I've seen version numbers in a .csproj
is when Dependabot bumped the dependency.
Thanks for reporting this @pinkfloydx33!
A recent example of this I encountered from a dependabot update, if it's useful: https://github.com/martincostello/costellobot/pull/51
Adding the build number also seems to break the ability for dependabot to include the release notes in the Pull Request description.
Agreed - not a fan of the build information being added via Dependabot and manually do the package update to avoid that being added to the git history. My recent example: https://github.com/TurnerSoftware/InfinityCrawler/pull/145
Unfortunately we're unlikely to get to this anytime soon, but happy to review a PR if anyone wants to take a crack at this.
duplicate of #2310