dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

Dependabot should not add build info to the manifest with NuGet

Open jakecoffman opened this issue 2 years ago • 2 comments

This is a follow-on to #4845.

It is an ecosystem best practice to drop the build identifier from the version when adding dependencies to a .NET project.

Here's an example from nuget.org Screen Shot 2022-03-17 at 11 54 19 AM

Although there is a build identifier, the site tells users to drop it when installing.

Also doing some searches on github.com, the only time I've seen version numbers in a .csproj is when Dependabot bumped the dependency.

Thanks for reporting this @pinkfloydx33!

jakecoffman avatar Mar 17 '22 16:03 jakecoffman

A recent example of this I encountered from a dependabot update, if it's useful: https://github.com/martincostello/costellobot/pull/51

Adding the build number also seems to break the ability for dependabot to include the release notes in the Pull Request description.

martincostello avatar Apr 14 '22 14:04 martincostello

Agreed - not a fan of the build information being added via Dependabot and manually do the package update to avoid that being added to the git history. My recent example: https://github.com/TurnerSoftware/InfinityCrawler/pull/145

Turnerj avatar Aug 10 '22 12:08 Turnerj

Unfortunately we're unlikely to get to this anytime soon, but happy to review a PR if anyone wants to take a crack at this.

jeffwidman avatar Sep 14 '22 20:09 jeffwidman

duplicate of #2310

jakecoffman avatar Nov 03 '22 14:11 jakecoffman