Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency resolver to never download packages eclipsed by direct references #6188

Merged
merged 2 commits into from
Dec 17, 2024
Merged

Update dependency resolver to never download packages eclipsed by direct references #6188

merged 2 commits into from
Dec 17, 2024

Conversation

jeffkl
Copy link
Contributor

@jeffkl jeffkl commented Dec 11, 2024
edited
Loading

Bug

Fixes: NuGet/Home#13943

Description

The new dependency resolver is optimized to download all packages in parallel. However, we don't want transitive packages to be downloaded if they are eclipsed by a direct reference. This is because the direct reference will always win so there's no point in downloading it. There's also a pattern of users adding direct dependencies to avoid downloading vulnerable packages.

This change creates a HashSet<int> containing the interned value of the package name for all direct package references and then skip them if a transitive package is found with the same ID. This could potentially make dependency resolution a little faster depending on how many direct package references are specified.

PR Checklist

  • Meaningful title, helpful description and a linked NuGet/Home issue
  • Added tests
  • Link to an issue or pull request to update docs if this PR changes settings, environment variables, new feature, etc.

@jeffkl jeffkl self-assigned this Dec 11, 2024
@jeffkl jeffkl changed the title WIP Update dependency resolver to never download packages eclipsed by direct references Dec 12, 2024
@jeffkl jeffkl marked this pull request as ready for review December 12, 2024 22:18
@jeffkl jeffkl requested a review from a team as a code owner December 12, 2024 22:18
jgonz120
jgonz120 previously approved these changes Dec 13, 2024
View reviewed changes
Copy link
Contributor

@jgonz120 jgonz120 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

src/NuGet.Core/NuGet.Commands/RestoreCommand/DependencyGraphResolver.cs Show resolved Hide resolved
@jeffkl jeffkl dismissed stale reviews from jgonz120 and donnie-msft via 562781d December 16, 2024 20:46
@jeffkl jeffkl force-pushed the dev-jeffkl-fix-overdownload branch from f394370 to 562781d Compare December 16, 2024 20:46
@jeffkl
Copy link
Contributor Author

jeffkl commented Dec 17, 2024

baseline-OrchardCore-git.csv
NuGet-Client-git.csv
OrchardCore-git.csv
baseline-NuGet-Client-git.csv

@jeffkl jeffkl merged commit 4e10b11 into dev Dec 17, 2024
23 checks passed
@jeffkl jeffkl deleted the dev-jeffkl-fix-overdownload branch December 17, 2024 16:22
@kasperk81
Copy link
Contributor

thanks @jeffkl, is it a candidate of 9.0 backport?

@jeffkl
Copy link
Contributor Author

jeffkl commented Dec 17, 2024

@kasperk81 Potentially, we're assessing that now but will decide in January. At the very least it will be in Visual Studio 17.13 Preview 3 and .NET 9.0.200.

@kasperk81
Copy link
Contributor

.NET 9.0.200

that's what i was hoping for

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jgonz120 jgonz120 jgonz120 approved these changes

@nkolev92 nkolev92 nkolev92 approved these changes

@donnie-msft donnie-msft donnie-msft left review comments

Assignees

@jeffkl jeffkl

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

New dependency resolver downloads more packages than before
5 participants
@jeffkl @kasperk81 @nkolev92 @jgonz120 @donnie-msft