0

When I create some nuget (N1) that uses other nugets (N2), I reference it with floating version (e.g. 3.). I do this so that whoever uses my nuget (N1) will get the latest minor of the dependencies (N2). Since the latest contains bug fixes but won't break API (semantic versioning). P1 references my N1 with floating version too (e.g. 2.).

My problem is that there might be a project (P1) that uses my nuget (N1) and also references a lower version of N2. In this case when building that project (P1) we might get a dependency downgrade warning. And if treat warnings as errors is marked, it will break the build (of P1).

To avoid breaking the builds I am increasing major of nuget N1. Not ideal since it's not really a breaking change. And it forces me to upgrade all the using projects.

I would like to mark the minimum version of N2 that N1 requires (e.g. 3.0.0), and let P1 (or any other project) choose the latest of N1. But I didn't find a way to do it with package reference.

Is it possible to do it? Is there a better way to design the projects/nugets?

YanivR
  • 61
  • 5
  • Does this answer your question? [NuGet transitive dependencies and floating notation](https://stackoverflow.com/questions/73613114/nuget-transitive-dependencies-and-floating-notation) – Andrew McClement Aug 13 '23 at 01:19
  • Thanks for the answer. Its similar, solving this problem will also solve my problem. But my main problem is breaking builds or increasing major. – YanivR Aug 13 '23 at 06:05
  • 1
    By default nuget is designed that everybody specifies the _lowest_ acceptable version of each dependency. So by default as a library author (i.e. creating a nuget package) you would be recommended to avoid using floating versions for your dependencies. – Andrew McClement Aug 14 '23 at 13:26
  • So nuget packages specified the minimum, that make sense generally, and will be good for not breaking the consumers. But then the consumers (P1, ..., PN) will get transitive nugets with no bug fixes, and no security fixes. Is the only way to handle it is to add all transitive nugets to the consumers with the versions I need (with bug fixes / security fixes)? – YanivR Aug 16 '23 at 09:24
  • 1
    Yes. For every nuget package where you care about the version (i.e. don't just want the minimum required by your specified dependencies), you should specify the version you do want explicitly. So in your case where the consuming app wants the latest version of all dependencies, the consuming app needs to specify that (which is a bit painful, yes). – Andrew McClement Aug 16 '23 at 16:53
  • Thanks. I guess that make sense, though I don't think I can use this strategy in my company. Add it as an answer if you like. I will mark it as the correct answer. – YanivR Aug 16 '23 at 19:43

0 Answers0