[英]How does transitive dependencies for Microsoft.NETCore.App and Microsoft.NETCore.Platforms work
I have a really hard time figuring out how version resolving of transitive dependencies works for the framework "metapackages".我很难弄清楚传递依赖项的版本解析如何适用于框架“元包”。
The reason I am asking is that it seems to be each time we pull in an "old" dependency, for instance something that points to netstandard2.0
or 2.1 we end up with a long list of outdated packages (which again is reported by our build pipeline).我问的原因是,似乎每次我们引入“旧”依赖项时,例如指向netstandard2.0
或 2.1 的东西,我们最终都会得到一长串过时的软件包(我们的报告再次报告了这一点)建立管道)。
As an example:举个例子:
Given a .net6 class library, created like this:给定一个 .net6 类库,创建如下:
dotnet new classlib
dotnet add pakage System.Data.SqlClient
The resulting csproj looks like:生成的 csproj 如下所示:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
</ItemGroup>
</Project>
That seems like its fine.这似乎很好。 I have the latest SqlClient and im on .net6 \o/我有最新的 SqlClient 和我在 .net6 \o/
Now when i execute dotnet list package --outdated --include-transitive
现在当我执行dotnet list package --outdated --include-transitive
I get the following output:我得到以下输出:
Project `Outdated` has the following updates to its packages
[net6.0]:
Transitive Package Resolved Latest
> Microsoft.NETCore.Platforms 3.1.0 6.0.3
> Microsoft.Win32.Registry 4.7.0 5.0.0
> System.Security.AccessControl 4.7.0 6.0.0
> System.Security.Principal.Windows 4.7.0 5.0.0
As far as I can tell Microsoft.Win32.Registry
is part of the "shared framework" and would have expected it to use the latest version.据我所知, Microsoft.Win32.Registry
是“共享框架”的一部分,并希望它使用最新版本。
Can anyone explain why it does not use the latest version?谁能解释为什么它不使用最新版本? Alternatively how I can force dotnet to use the latest version without a direct dependency (if its possible - again i am trying to avoid a LONG list of outdated transient dependencies that exists in the shared framework...).或者,我如何强制 dotnet 在没有直接依赖关系的情况下使用最新版本(如果可能的话 - 我再次试图避免共享框架中存在的过时临时依赖关系的长列表......)。
Going through various NuGet/dotnet Github issues and discussions.浏览各种 NuGet/dotnet Github 问题和讨论。 It seems like the way NuGet restores dependencies is to blame. NuGet 恢复依赖项的方式似乎是罪魁祸首。 It defaults to the lowest version satisfying all requirements.它默认为满足所有要求的最低版本。
The "meta" packages are in fact not tied to the SDK version but have direct dependencies on other packages, such as the Microsoft.NETCore.App
which targets Microsoft.NETCore.Platforms
as version 2.2.4
or higher. “元”包实际上与 SDK 版本无关,而是直接依赖于其他包,例如Microsoft.NETCore.App
,它以Microsoft.NETCore.Platforms
为2.2.4
或更高版本。
Since System.Data.SqlClient
is a .NET Core 3.1 package, it refers Microsoft.NETCore.Platforms
version 3.1.0
(or higher).由于System.Data.SqlClient
是一个 .NET Core 3.1 包,它指的是Microsoft.NETCore.Platforms
版本3.1.0
(或更高版本)。
Since my project does not have a direct dependency on Microsoft.NETCore.Platforms
well, NuGet chooses the lowest one.由于我的项目对Microsoft.NETCore.Platforms
没有很好的直接依赖,NuGet 选择了最低的一个。
I still really do not understand why the SDK reference does not cause a direct dependency, but I guess that reasoning have drowned in some GitHub issue discussion.我仍然真的不明白为什么 SDK 引用不会导致直接依赖,但我想这种推理已经淹没在一些 GitHub 问题讨论中。
The following contains a description of the resolution strategy: https://docs.microsoft.com/en-us/nuget/concepts/dependency-resolution#dependency-resolution-rules以下包含解析策略的说明: https ://docs.microsoft.com/en-us/nuget/concepts/dependency-resolution#dependency-resolution-rules
Long story short - Its currently only possible to get the latest versions with a long list of specific dependencies.长话短说 - 目前只能获得具有一长串特定依赖项的最新版本。
Edit编辑
Maybe a variation is using Central Package Management: https://devblogs.microsoft.com/nuget/introducing-central-package-management/也许一个变体正在使用中央包管理: https ://devblogs.microsoft.com/nuget/introducing-central-package-management/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.