Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly handle missing package versions in new dependency resolver #6028

Merged
merged 2 commits into from
Sep 17, 2024
Merged

Properly handle missing package versions in new dependency resolver #6028

merged 2 commits into from
Sep 17, 2024

Conversation

jeffkl
Copy link
Contributor

@jeffkl jeffkl commented Sep 13, 2024
edited
Loading

Bug

Fixes: NuGet/Home#13788

Description

During restore, NuGet verifies that CPM requirements are met by verifying all packages have versions. However, when one project references another and the referenced project has a missing package, NuGet logs an error for the referenced project but restores the other. It restores this project by skipping the dependency.

This change updates the new dependency resolver to ignore packages with missing versions.

PR Checklist

  • Meaningful title, helpful description and a linked NuGet/Home issue
  • Added tests
  • Link to an issue or pull request to update docs if this PR changes settings, environment variables, new feature, etc.

@jeffkl jeffkl added the Priority:1 PRs that are high priority and should be reviewed quickly label Sep 13, 2024
@jeffkl jeffkl self-assigned this Sep 13, 2024
@jeffkl jeffkl requested a review from a team as a code owner September 13, 2024 20:08
nkolev92
nkolev92 reviewed Sep 17, 2024
View reviewed changes
src/NuGet.Core/NuGet.Commands/RestoreCommand/DependencyGraphResolver.cs
@@ -650,6 +650,12 @@ async static (state) =>
for (int i = 0; i < refItemResult.Item.Data.Dependencies.Count; i++)
{
var dep = refItemResult.Item.Data.Dependencies[i];
// Packages with missing versions should not be added to the graph
if (dep.LibraryRange.VersionRange == null)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to make sure this isn't applied to the top-level project?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the top-level project, this will only be null if CPM is enabled and a version is missing. However, before this resolver is called, an error is logged and restore doesn't happen. This is only run if a transitive project isn't properly configured.

@jeffkl jeffkl enabled auto-merge (squash) September 17, 2024 22:24
@jeffkl jeffkl merged commit 47796c1 into dev Sep 17, 2024
28 checks passed
@jeffkl jeffkl deleted the dev-jeffkl-fix-new-resolver-cpm-missing-version branch September 17, 2024 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nkolev92 nkolev92 nkolev92 approved these changes

Assignees

@jeffkl jeffkl

Labels
Priority:1 PRs that are high priority and should be reviewed quickly
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

New dependency resolver does not properly handle missing package versions when using CPM
2 participants
@jeffkl @nkolev92