PaketUpdate fails with semver 2.0 version and jfrog hosted repository

[Larusso]

Description

We use paket to install our internal dependencies from a jfrog SAS installation. We started to use semver 2.0 versioning and had no issues until recently.
We need to force a specific version which is not compatible for testing purposes but paket throws errors:
Couldn't get package details for package Wooga.Core 4.1.0-branch.pr.34.5 on https://foo.jfrog.io/foo/api/nuget/nuget. - 2_https://foo.jfrog.io/foo/api/nuget/nuget/Packages?$filter=(tolower(Id) eq 'wooga.core') and (Version eq '4.1.0-branch.pr.34.5'))r.34.5')
I tried to set the feed URL to v3 but get:
could not find an AllVersionsAPI endpoint for https://foo.jfrog.io/foo/api/nuget/v3/nuget
It looks like the switch doesn't work correctly: #3351

Repro steps

This is quite hard because I think the issue lies with jfrog here.
In the dependencies file we set

source https://foo.jfrog.io/foo/api/nuget/nuget
nuget Wooga.Core == 4.1.0-branch.pr.34.5
... additional packages

* What went wrong:
Execution failed for task ':paketUpdate'.
> Paket task paketUpdate failedPaket failed with
  -> There was a version conflict during package resolution.
       Conflict detected:
        - Dependencies file requested package Wooga.Core: == 4.1.0-branch.pr.34.5 (branch)*
        - Available versions:
          - (5.0.0-rc.4, [https://foo.jfrog.io/foo/api/nuget/atlas-nuget; https://foo.jfrog.io/foo/api/nuget/nuget])
          - (5.0.0-branch.release.5.x.6, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (5.0.0-branch.release.5.x.5, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (5.0.0-branch.release.5.x.3, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-master.6, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-master.4, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-master.3, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-master.2, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-branch.pr.36.7, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-branch.pr.36.6, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-branch.pr.35.6, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-branch.pr.34.5, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-branch.pr.33.3, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.1.0-branch.pr.32.3, [https://foo.jfrog.io/foo/api/nuget/nuget])
          - (4.0.1-master.6, [https://foo.jfrog.io/foo/api/nuget/nuget])
       Please try to relax some conditions or resolve the conflict manually (see http://fsprojects.github.io/Paket/nuget-dependencies.html#Use-exactly-this-version-constraint).
     StackTrace:
         at Paket.PackageResolver+ResolutionModule.getModelOrFail (Paket.PackageResolver+Resolution res) [0x0003d] in <be39d6458de040cea5971ea1db68cd3f>:0
         at [email protected] (System.Collections.Generic.KeyValuePair`2[TKey,TValue] kv) [0x00041] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Microsoft.FSharp.Collections.Internal+IEnumerator+choose@165[TResult,T].System-Collections-IEnumerator-MoveNext () [0x00063] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Microsoft.FSharp.Collections.MapTreeModule.mkFromEnumerator[a,b] (System.Collections.Generic.IComparer`1[T] comparer, Microsoft.FSharp.Collections.MapTree`2[TKey,TValue] acc, System.Collections.Generic.IEnumerator`1[T] e) [0x00000] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Microsoft.FSharp.Collections.MapTreeModule.ofSeq[TKey,T] (System.Collections.Generic.IComparer`1[T] comparer, System.Collections.Generic.IEnumerable`1[T] c) [0x00030] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Microsoft.FSharp.Collections.FSharpMap`2[TKey,TValue].Create (System.Collections.Generic.IEnumerable`1[T] ie) [0x00006] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Microsoft.FSharp.Collections.MapModule.OfSeq[TKey,T] (System.Collections.Generic.IEnumerable`1[T] elements) [0x00000] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.UpdateProcess.selectiveUpdate (System.Boolean force, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] getSha1, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] getVersionsF, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] getPackageDetailsF, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] getRuntimeGraphFromPackage, Paket.LockFile lockFile, Paket.DependenciesFile dependenciesFile, Paket.PackageResolver+UpdateMode updateMode, Paket.SemVerUpdateMode semVerUpdateMode) [0x0035d] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.UpdateProcess.SelectiveUpdate (Paket.DependenciesFile dependenciesFile, Microsoft.FSharp.Core.FSharpOption`1[T] alternativeProjectRoot, Paket.PackageResolver+UpdateMode updateMode, Paket.SemVerUpdateMode semVerUpdateMode, System.Boolean force) [0x000e6] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.UpdateProcess.SmartInstall (Paket.DependenciesFile dependenciesFile, Paket.PackageResolver+UpdateMode updateMode, Paket.UpdaterOptions options) [0x00001] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.UpdateProcess.Update (System.String dependenciesFileName, Paket.UpdaterOptions options) [0x0000e] in <be39d6458de040cea5971ea1db68cd3f>:0
         at <StartupCode$Paket-Core>[email protected] (Microsoft.FSharp.Core.Unit unitVar0) [0x0005b] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Utils.RunInLockedAccessMode[a] (System.String lockedFolder, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] action) [0x00077] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Dependencies.Update (System.Boolean force, System.Boolean withBindingRedirects, System.Boolean cleanBindingRedirects, System.Boolean createNewBindingFiles, System.Boolean installAfter, Paket.SemVerUpdateMode semVerUpdateMode, System.Boolean touchAffectedRefs) [0x00039] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Program.update (Argu.ParseResults`1[Template] results) [0x00bb9] in <be39d6458de040cea5971ea1db68cd3f>:0
         at [email protected] (Argu.ParseResults`1[Template] results) [0x00001] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Program.processWithValidationEx$cont@42[a] (System.Boolean silent, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] commandF, a result, Microsoft.FSharp.Core.Unit unitVar) [0x00002] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Program.processWithValidationEx[a] (Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] printUsage, System.Boolean silent, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] validateF, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] commandF, a result) [0x00067] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Program.processWithValidation[T] (System.Boolean silent, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] validateF, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] commandF, Argu.ParseResults`1[Template] result) [0x00006] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Program.processCommand[a] (System.Boolean silent, Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] commandF, Argu.ParseResults`1[Template] result) [0x00007] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Program.handleCommand (System.Boolean silent, Paket.Commands+Command command) [0x0022c] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.Program.main () [0x0041e] in <be39d6458de040cea5971ea1db68cd3f>:0
  -> Unable to retrieve package details for 'Wooga.Core'-4.1.0-branch.pr.34.5
     StackTrace:
         at [email protected] (Paket.PackageResolver+GetPackageDetailsParameters details) [0x00077] in <be39d6458de040cea5971ea1db68cd3f>:0
         at Paket.PackageResolver.explorePackageConfig (Microsoft.FSharp.Core.FSharpFunc`2[T,TResult] getPackageDetailsBlock, Paket.PackageResolver+PackageConfig pkgConfig) [0x001d9] in <be39d6458de040cea5971ea1db68cd3f>:0
  -> Couldn't get package details for package Wooga.Core 4.1.0-branch.pr.34.5 on https://foo.jfrog.io/foo/api/nuget/nuget.
        - 2_https://foo.jfrog.io/foo/api/nuget/nuget/Packages?$filter=(tolower(Id) eq 'wooga.core') and (Version eq '4.1.0-branch.pr.34.5'))r.34.5')

[forki]

/cc @matthid @enricosada

[matthid]

@forki I don't think this is related to the latest changes, but @Larusso can you please try with an slightly older paket version (like 5.207.3 or older)

[matthid]

Considering paket Couldn't get package details, did you just push this package to nuget? Maybe it hasn't been indexed yet?

[forki]

@matthid it seems to be listed in the AllVersions endpoint

[matthid]

We had issues in the conflict reporting in the past, maybe there is a conflict just not the one paket reported?

[Larusso]

I will try an older version and report back.

[Larusso]

Same issue with 5.207.3
I also think this filter URL looks strange:
https://foo.jfrog.io/foo/api/nuget/nuget/Packages?$filter=(tolower(Id) eq 'wooga.core') and (Version eq '4.1.0-branch.pr.34.5'))r.34.5')
Is this a valid filter query? I couldn't find a documentation for the nuget API and specifically the API for jfrog. Most curl calls I created either return 403 or 405.

[Larusso]

Hi, we still see this issue with paket + artifactory + semver 2.0 :)
Any ideas what I might can try. Or what I can do to provide you with better information?

[jbaehr]

I also experience this problem. I think the real source is a bug in Artifactory (6.11.6 here), but it's only triggered by Paket, not by nuget.exe.

At first, nuget.exe and paket do the same thing: GETing ...FindPackagesById, which returns an ATOM feed with some media link entries, pointing to the actual nupkgs (among with additional meta data). Then, nuget follows the download link directly (in ATOM: <content type="application/zip" src="https://artifactory.internal/api/nuget/my_feed/Download/MyCompany.TestPackage/0.1.0-alpha.13+ga002d67"/>), while paket first tries to get the individual entry again, using the self-link from the respective ATOM entry in the feed (<link rel="self" title="V2FeedPackage" href="Packages(Id='MyCompany.TestPackage',Version='0.1.0-afeat.ci-stages.9+g9c554a1')"/> with feed itself providing a xml:base="https://artifactory.internal/api/nuget/my_feed/"). Here Artifactory returns a 404, which seems wrong: they serve a dead link with the feed.

I don't know, however, why paket tries to get the individual entry again, as the complete entry is already in the feed returned by FindPackagesById.

This is what nuget does:

  GET https://artifactory.internal/api/nuget/my_feed/FindPackagesById()?id='MyCompany.TestPackage'&semVerLevel=2.0.0
  OK https://artifactory.internal/api/nuget/my_feed/FindPackagesById()?id='MyCompany.TestPackage'&semVerLevel=2.0.0 11ms
  GET https://artifactory.internal/api/nuget/my_feed/Download/MyCompany.TestPackage/0.1.0-alpha.13+ga002d67
  OK https://artifactory.internal/api/nuget/my_feed/Download/MyCompany.TestPackage/0.1.0-alpha.13+ga002d67 12ms

And here what paket does:

Starting request to 'https://artifactory.internal/api/nuget/my_feed/FindPackagesById()?semVerLevel=2.0.0&id='MyCompany.TestPackage''
...
 - Request 'https://artifactory.internal/api/nuget/my_feed/FindPackagesById()?semVerLevel=2.0.0&id='MyCompany.TestPackage'' finished with: [0.1.0-afeat.ci-stages.9+g9c554a1 ; 0.1.0-afeat.ci-stages.10+g02584e4 ; 0.1.0-alpha.13+ga002d67]
...
  Trying to resolve MyCompany.TestPackage  (from C:\...\paket.dependencies)
 - MyCompany.TestPackage 0.1.0-alpha.13+ga002d67
Starting request to 'https://artifactory.internal/api/nuget/my_feed/Packages(Id='MyCompany.TestPackage',Version='0.1.0-alpha.13+ga002d67')'
Request failed with '404': 'https://artifactory.internal/api/nuget/my_feed/Packages(Id='MyCompany.TestPackage',Version='0.1.0-alpha.13+ga002d67')'

Then paket (heuristically?) tries out a few other REST calls, all resulting either in 404 or 405 (/Packages?$filter=...). Eventually all this results in the message

  Conflict detected:
   - Dependencies file requested package MyCompany.TestPackage: >= 0 prerelease*
   - Available versions:
     - (0.1.0-alpha.13+ga002d67, [https://artifactory.internal/api/nuget/my_feed])
     - (0.1.0-afeat.ci-stages.10+g02584e4, [https://artifactory.internal/api/nuget/my_feed])
     - (0.1.0-afeat.ci-stages.9+g9c554a1, [https://artifactory.internal/api/nuget/my_feed])

[forki]

is there some open endpoint that I could look at?

[jbaehr]

There is an "Open Source Edition", which you can pull directly via docker, but as I understand their comparison matrix, it does not support nuget.
Then they offer "Artifactory Cloud for OSS", which seems to be a Pro-Edition with nuget support running in the Google Cloud. I don't know any OSS-Project using it, though. Maybe Paket itself could apply for this program; here in the issue tracker are far more then one Artifactory-related problem that is hard to debug without having access to an Artifactory service.

[jbaehr]

I think I have found a corresponding bug report at JFrog: API calls for certain NuGet packages are returning 404
Created two years ago and closed without a resolution more then one year ago. Not very promising...

[jbaehr]

I found that nuget.exe is also affected by this Artifactory Bug, if you specify an explicit version:

C:\...> nuget install -verbosity detailed -source https://artifactory.internal/api/nuget/my_feed -NoCache -version 0.1.0-alpha.28+g5764da6 MyCompany.TestPackage
NuGet Version: 5.3.0.6260
Feeds used:
  https://artifactory.internal/api/nuget/my_feed

Attempting to gather dependency information for package 'MyCompany.TestPackage.0.1.0-alpha.28' with respect to project 'C:\...', targeting 'Any,Version=v0.0'
  GET https://artifactory.internal/api/nuget/my_feed/Packages(Id='MyCompany.TestPackage',Version='0.1.0-alpha.28')
  NotFound https://artifactory.internal/api/nuget/my_feed/Packages(Id='MyCompany.TestPackage',Version='0.1.0-alpha.28') 34ms
  GET https://artifactory.internal/api/nuget/my_feed/FindPackagesById()?id='MyCompany.TestPackage'&semVerLevel=2.0.0
  OK https://artifactory.internal/api/nuget/my_feed/FindPackagesById()?id='MyCompany.TestPackage'&semVerLevel=2.0.0 16ms
Total number of results gathered : 1
Package 'MyCompany.TestPackage 0.1.0-alpha.28' is not found in the following primary source(s): 'https://artifactory.internal/api/nuget/my_feed'. Please verify all your online package sources are available (OR) package id, version are specified correctly.
System.InvalidOperationException: Package 'MyCompany.TestPackage0.1.0-alpha.28' is not found in the following primary source(s): 'https://artifactory.internal/api/nuget/my_feed'. Please verify all your online package sources are available (OR) package id, version are specified correctly.
...

Note the NotFound on the first GET request. Then nuget trys FindPackagesById as fallback. In the ATOM feed document served by Artifactory the package' version number is given with the build-metadata (separated by +). Nuget strips this off when sending the version to the server, and then fails to find the right package entry in the feed.

When you specify the version without build-metadata (e.g. -version 0.1.0-alpha.28 instead of -version 0.1.0-alpha.28+g5764da6), nuget performs the same web-requests (i.e with metadata stripped off), but then manages to find the package in the ATOM feed document (where the metadata is included: <d:Version>0.1.0-alpha.28+g5764da6</d:Version>). That, however, looks like a nuget bug.

[jbaehr]

After some ping-pong with the JFrog support I got the confirmation that it's a known issue and supposed to be fixed in Artifactory 6.14.

[jbaehr]

Can anyone of you confirm that the semver2 issue is fixed with Artifactory-6.14? I'm asking because we tested again with v6.15 and the issue is still exists here. JFrog confirmed again that "the issue is not fully fixed", but they are working on it and expect the fix to be available with the next Major.

Now, how do we proceed with Paket then? This effectively means that Artifactory-6 does not support SemVer2, despite their claims (at least with the v2 protocol). It only works somehow when using nuget.exe because nuget.exe performs some fall-back (the initial request fails, too).

Basically I see two options:

1. Address 'Could not find an AllVersionsAPI endpoint' when using Artifactory repository #3638 and see whether the v3 protocol is affected, too. (On that front, Paket is to blame, not Artifactory.)
2. Implement the same kind of fall-back that nuget.exe performs on the v2 protocol, i.e. getting the individual package metadata from the FindPackagesById end-point if Packages fails (cf. my comment above from 2019-10-31). This could also reduce the number of network round-trips if paket would cache the first FindPackagesById response (cf. my comment above from 2019-10-22). I haven't looked deeper into the code, but at the first glance it seems that paket remembers only the package versions from the FindPackagesById call and later fetches the other metadata over the Packages endpoint. If paket would remember the whole metadata (not only the version), we could eliminate this additional network request.

Unfortunately I don't have the resources right now to help implementing this :-(
It seems we have to stay with semver1 for some time... again.

[forki]

There is no public server to repro, right? jbaehr <[email protected]> schrieb am Do., 21. Nov. 2019, 10:53:

…

Can anyone of you confirm that the semver2 issue is fixed with Artifactory-6.14? I'm asking because we tested again with v6.15 and the issue is still exists here. JFrog confirmed again that "the issue is not fully fixed", but they are working on it and expect the fix to be available with the next Major. Now, how do we proceed with Paket then? This effectively means that Artifactory-6 *does not* support SemVer2, despite their claims (at least with the v2 protocol). It only works somehow when using nuget.exe because nuget.exe performs some fall-back (the initial request fails, too). Basically I see two options: 1. Address #3638 <#3638> and see whether the *v3 protocol* is affected, too. (On that front, Paket is to blame, not Artifactory.) 2. Implement the same kind of fall-back that nuget.exe performs on the *v2 protocol*, i.e. getting the individual package metadata from the FindPackagesById end-point if Packages fails (cf. my comment above from 2019-10-31). This could also reduce the number of network round-trips if paket would cache the first FindPackagesById response (cf. my comment above from 2019-10-22). I haven't looked deeper into the code, but at the first glance it seems that paket remembers only the package versions from the FindPackagesById call and later fetches the other metadata over the Packages endpoint. If paket would remember the whole metadata (not only the version), we could eliminate this additional network request. Unfortunately I don't have the resources right now to help implementing this :-( It seems we have to stay with semver1 for some time... again. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#3601?email_source=notifications&email_token=AAAOANAXHD2EG2WDYQGWZ5LQUZLA5A5CNFSM4H254GGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEZUBQI#issuecomment-557007041>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAOANHU5MGWCLYA5XH3ISLQUZLA5ANCNFSM4H254GGA> .

[jbaehr]

There is no public server to repro, right?

Not that I'm aware of

But fortunately the problem here is not about parsing some freaky response, but simply getting an HTTP-404 where an answer should be. (And even this answer was already send as part of the FindPackageById query earlier; at least in the case of artifactory)
Or does to code already takes another route before requesting package-versions/metadata from FindPackageById in case of nuget.org? -- that makes it harder, indeed.

[forki]

I'd really love to help but I'm totally lost without a repro.

[Larusso]

@forki I need to double check with my manager. But if it helps I could create a public virtual repo on our instance and set it to pull from nuget gallery if this helps? Even better if the access could be limited as the traffic costs could explode.

[forki]

That would be awesome. Manfred Endres <[email protected]> schrieb am Do., 21. Nov. 2019, 16:02:

…

@forki <https://github.com/forki> I need to double check with my manager. But if it helps I could create a public virtual repo on our instance and set it to pull from nuget gallery if this helps? Even better if the access could be limited as the traffic costs could explode. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#3601?email_source=notifications&email_token=AAAOANBFRC23QQMVGOAVJWTQU2PHZA5CNFSM4H254GGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEE2QR2Y#issuecomment-557123819>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAOAND3NDST3GDOBPHA4W3QU2PHZANCNFSM4H254GGA> .

[forki]

ok thanks to @Larusso I can now reproduce. The problem is I have no idea what to do. We try 9 different URLs to get package details. All of them are returning 404 or even 405. This is a artifactory issue. They need to check why their system is returning 404 for /Packages(Id='PackageName',Version='1.0.0-rc.1')"

Regarding NuGet. It seems they just download the package when they can't get metadata. That's a weird approach and I don't think we should go this route.

[Larusso]

@forki thanks for looking into this!

[forki]

can someone add someone from artifactory into the discussion?

[matthid]

Regarding NuGet. It seems they just download the package when they can't get metadata. That's a weird approach and I don't think we should go this route.

Well not too weird. You can download and inspect the nuspec to get the metadata as well :D

[matthid]

This is actually what you have to do when your source is a simple nupkg storage (like a local directory is)

Edit: I wanted to add that there is no doubt that artifactory is broken ;)

[forki]

it's weird in the sense that we create a lot of traffic and waste on devs machines

[Larusso]

The flow that @matthid describes sounds more like how maven works. So yes why all the fuzz with metadata fetching when you also could start of with a basic brute force download. But one thing to remember with jfrog is that you are able to reconfigure the repository layout. I never touched this option but it's possible ;)

[forki]

@Larusso Paket has > 2000 version and FAKE > 1700. If you hit such packages AND run into version conflict trouble so that it wants to check many many version then this can easily become very unpleasant

[Larusso]

@forki We had already some paket.dependencies files which took minutes to resolve because of pretty brutal version constrains. Yes doing these in a download fashion to check the metadata locally would be unpleasant :)

[jbaehr]

@forki

it's weird in the sense that we create a lot of traffic and waste on devs machines

Indeed. But what about this (see also my comment above):
Apparently the FindPackageById endpoint works. Paket uses it to get the package version in the first place. Now, paket could either cache the entire metadata (instead of just the version), so a second call to Packages(...) would not be needed at all.
Or use FindPackageById as a fall back (this seems redundant, but may be easier to implement if all other code paths pass just the version around)

The assumption here is that FindPackageById has all the metadata. That's the case with Artifactory: the ATOM feed contains all the ATOM entries in it's entirety. If other implementations serve just a subset of the entries' properties in the feed, fetching the individual entries again (via Packages(...), or whatever is linked from the feed's entry), might still be necessary.

It seems that nuget.exe behaves differently, depending on whether you request an explicit version or not:

• With explicit version request it uses FindPackageById as fallback
• Without explicit version it downloads the latest package directly

[forki]

@Larusso your v2 sample now works for me. Weird. Can you please retry with "paket install --force"?

[Larusso]

Yeah that is strange.
Worked for me as well. But I broke it again by publishing a 2.0.0-rc.1.
I had this issue also before while testing a couple of month ago. This was also the reason I started to switch to semver2 because my initial tests worked.

[forki]

Did you try --force? Manfred Endres <[email protected]> schrieb am Fr., 29. Nov. 2019, 16:40:

…

Yeah that is strange. Worked for me as well. But I broke it again by publishing a 2.0.0-rc.1. I had this issue also before while testing a couple of month ago. This was also the reason I started to switch to semver2 because my initial tests worked. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#3601?email_source=notifications&email_token=AAAOANHPLKU4R4GH77NW4UTQWEZYBA5CNFSM4H254GGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFPEPKI#issuecomment-559826857>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAOANGT3QLTJ26H5TZ75FTQWEZYBANCNFSM4H254GGA> .

[Larusso]

Yes I did.

[forki]

potential fix in #3739

[forki]

@Larusso I released a new version yesterday. Can you please check if it works?