Paket icon indicating copy to clipboard operation
Paket copied to clipboard

Published 20 hours ago verified publisher icon fsprojects

Adding project with different framework forces full update on paket install

Open MiloszKrajewski opened this issue 5 years ago • 1 comments

Description

We use framework: auto-detect for convenience in our paket.dependencies and that might be the source of the problem.

We added new project to the mix with framework which was not used in whole solution (nothing fancy, just netcoreapp2.1 while we use netcoreapp2.2 everywhere else). Unfortunately, paket install took it as an excuse to run full upgrade on all packages and, in few cases, upgrading to new packages which do no support .NET Core 2.2 anymore (for example: IdentityServer4.AccessTokenValidation 3.0 is .NET Core 3.0 only). We could pin every single assembly to specific version in paket.dependencies but it will become extremely painful when ASP .NET Core 3.0 is released as it means dozens of assemblies.

We actually didn't know what is happening as documentation says: "Unlike paket update, paket install will only look for new versions of dependencies that have been modified in paket.dependencies and use the version from paket.lock for all other dependencies."

Repro steps

  1. Unzip attached solution. There are 4 projects:
  • app - netcoreapp2.2
  • lib1 - netstandard2.0
  • lib2 - netcoreapp2.2
  • lib3 - netcoreapp2.1

Note: lib3 is not managed by paket as is does not have paket.references.

  1. Install / Build
paket install
dotnet build

So far, so good.

  1. Add lib3 to the mix
copy lib2\paket.references lib3\
  1. Install / Build (again)
paket install
dotnet build

Boom! IdentityServer4.AccessTokenValidation has been upgraded to 3.0.0 which is not compatible with neither 2.1 not 2.2.

Expected behavior

  1. paket install should retain currently used versions (from paket.lock)
  2. Is it possible to detect on upgrade that actually this new version of IdentityServer4.AccessTokenValidation is not even supporting frameworks we have in solution?

Actual behavior

Packages were upgraded to versions not supporting frameworks we use.

Known workarounds

Manually fiddle with paket.lock (add frameworks to RESTRICTION line, but revert other changes)?

Environment

  • Paket: 5.219.0 (as dotnet tool)
  • .NET core SDK: 2.2.106
  • System: Windows 10

pivu.test.zip

MiloszKrajewski avatar Sep 11 '19 09:09 MiloszKrajewski

I would like to confirm the issue is still there and in an even broader sense.

Having explicit frameworks in the .dependencies file and then, adding a new framework to the list manually results in an update run the same way as described above.

The same reasoning is that paket does not seem to compare packages on a framework-by-framework manner. It appears, the whole "package+framework restrictions" is handled as one item from paket.lock so whenever a new framework comes in, the package+frameworks built from the two files do not match and that triggers the update.

legrab avatar May 20 '22 14:05 legrab