Closed chucklu closed 3 years ago
Hi @chucklu - Can you help me understand why this is an issue?
Microsoft.IdentityModel.JsonWebTokens
depends on Microsoft.IdentityModel.Tokens
, which depends on Microsoft.IdentityModel.Logging
.
@GeoK Do you have the concept of top level dependency? https://www.nuget.org/packages/Microsoft.Extensions.Configuration.Json/5.0.0 You can check the dependencies of Microsoft.Extensions.Configuration.Json, it lists all top level dependencies. According your explanation, the following three library do not need to list as dependencies, since they are required by Microsoft.Extensions.Configuration.FileExtensions (>= 5.0.0) .
Microsoft.Extensions.Configuration.Abstractions (>= 5.0.0) Microsoft.Extensions.Configuration.FileExtensions (>= 5.0.0) Microsoft.Extensions.FileProviders.Abstractions (>= 5.0.0)
Doesn't nuget site always display only the top level of dependencies?
https://github.com/dotnet/runtime/issues/46284#issuecomment-749085221
Actually I am not pretty sure about the rule of nuget, what kind of dependencies need to list on nuget site? Since this library was released by Microsoft and Azure AD.
And https://www.nuget.org/packages/Microsoft.Extensions.Configuration.Json/ is also released by Microsoft along with aspnet and dotnetframework.
I supposed you guys have the same release policy.
Do you have a internal communication channel to communicate and make the policy about list dependency keep as the same?
@GeoK Any update?
@GeoK I almost forget this issue, @GeoK , any update?
@RojaEnnam @keegan-caruso @corogers-msft Anyone knows something about this? I encounter similar issue in another repository https://github.com/dotnet/SqlClient/issues/1137
transitive dependencies
https://github.com/dotnet/runtime/issues/46284 https://www.nuget.org/packages/Microsoft.IdentityModel.JsonWebTokens/6.8.0
.NETFramework 4.5 Microsoft.IdentityModel.Tokens (>= 6.8.0) .NETFramework 4.6.1 Microsoft.IdentityModel.Tokens (>= 6.8.0) .NETStandard 2.0 Microsoft.IdentityModel.Tokens (>= 6.8.0) packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net45\Microsoft.IdentityModel.JsonWebTokens.dll packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net461\Microsoft.IdentityModel.JsonWebTokens.dll packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\netstandard2.0\Microsoft.IdentityModel.JsonWebTokens.dll
The above three version net45, net461 and .net standard 2.0 verison of Microsoft.IdentityModel.JsonWebTokens both required another nuget library Microsoft.IdentityModel.Logging when you check the references of Microsoft.IdentityModel.JsonWebTokens through dnSpy. Microsoft.IdentityModel.Logging should be list as dependency of Microsoft.IdentityModel.JsonWebTokens. (Although Microsoft.IdentityModel.Tokens requires Microsoft.IdentityModel.Logging)
Both Microsoft.IdentityModel.Logging and Microsoft.IdentityModel.Tokens are top level dependencies, why you just list one of them as dependencies?