Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New dependency resolver erroneously reports NU1605 (downgrade) when using transitive pinning a direct dependency and a downgrade exists in a package graph #13938

Closed
jeffkl opened this issue Nov 18, 2024 · 0 comments · Fixed by NuGet/NuGet.Client#6149
Assignees
Labels
Area:NewDependencyResolver Issues related to the new dependency graph resolver Priority:2 Issues for the current backlog. RegressionFromPreviousRTM A regression from the last RTM. Example: worked in 6.2, doesn't work in 6.3 Type:Bug
Milestone

Comments

@jeffkl
Copy link
Contributor

jeffkl commented Nov 18, 2024

NuGet Product Used

dotnet.exe, MSBuild.exe, NuGet.exe

Product Version

6.12

Worked before?

Yes

Impact

It's more difficult to complete my work

Repro Steps & Context

If you have a package with a downgrade in its graph, you have a direct package reference, and you have transitive pinning enabled, the new dependency resolution algorithm does not properly treat it as "pinned" and instead logs a downgrade warning. The legacy dependency resolution algorithm treats pinned dependencies as special, even if they are direct dependencies and will use higher versions, working around the downgrade. This results in erroneous NU1605 warnings being logged when they weren't before.

Verbose Logs

NU1605: Warning As Error: Detected package downgrade: PackageC from 2.0.0 to 1.0.0. Reference the package directly from the project to select a different version.
 Project -> PackageA 1.0.0 -> PackageB 1.0.0 -> PackageC (>= 1.0.0)
 Project -> PackageA 1.0.0 -> PackageC (>= 2.0.0)

Workaround

Users can workaround the issue by setting an MSBuild property in their Directory.Build.props or an environment variable:

<Project>
  <PropertyGroup>
    <RestoreUseLegacyDependencyResolver>true</RestoreUseLegacyDependencyResolver>
  </PropertyGroup>
</Project>
@jeffkl jeffkl added Priority:2 Issues for the current backlog. Type:Bug RegressionFromPreviousRTM A regression from the last RTM. Example: worked in 6.2, doesn't work in 6.3 Area:NewDependencyResolver Issues related to the new dependency graph resolver labels Nov 18, 2024
@jeffkl jeffkl self-assigned this Nov 18, 2024
@jeffkl jeffkl added this to the 6.13 milestone Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area:NewDependencyResolver Issues related to the new dependency graph resolver Priority:2 Issues for the current backlog. RegressionFromPreviousRTM A regression from the last RTM. Example: worked in 6.2, doesn't work in 6.3 Type:Bug
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant