Closed chucklu closed 3 years ago
GeoK
commented
3 years ago Hi @chucklu - Can you help me understand why this is an issue?
Microsoft.IdentityModel.JsonWebTokens depends on Microsoft.IdentityModel.Tokens, which depends on Microsoft.IdentityModel.Logging.
chucklu
commented
3 years ago @GeoK Do you have the concept of top level dependency?
https://www.nuget.org/packages/Microsoft.Extensions.Configuration.Json/5.0.0
You can check the dependencies of Microsoft.Extensions.Configuration.Json, it lists all top level dependencies.
According your explanation, the following three library do not need to list as dependencies, since they are required by Microsoft.Extensions.Configuration.FileExtensions (>= 5.0.0) .
Microsoft.Extensions.Configuration.Abstractions (>= 5.0.0) Microsoft.Extensions.Configuration.FileExtensions (>= 5.0.0) Microsoft.Extensions.FileProviders.Abstractions (>= 5.0.0)
chucklu
commented
3 years ago Doesn't nuget site always display only the top level of dependencies?
https://github.com/dotnet/runtime/issues/46284#issuecomment-749085221
Actually I am not pretty sure about the rule of nuget, what kind of dependencies need to list on nuget site? Since this library was released by Microsoft and Azure AD.
And https://www.nuget.org/packages/Microsoft.Extensions.Configuration.Json/ is also released by Microsoft along with aspnet and dotnetframework.
I supposed you guys have the same release policy.
Do you have a internal communication channel to communicate and make the policy about list dependency keep as the same?
chucklu
commented
3 years ago @GeoK Any update?
chucklu
commented
3 years ago @GeoK I almost forget this issue, @GeoK , any update?
chucklu
commented
3 years ago @RojaEnnam @keegan-caruso @corogers-msft Anyone knows something about this? I encounter similar issue in another repository https://github.com/dotnet/SqlClient/issues/1137
chucklu
commented
3 years ago transitive dependencies
https://github.com/dotnet/runtime/issues/46284 https://www.nuget.org/packages/Microsoft.IdentityModel.JsonWebTokens/6.8.0
.NETFramework 4.5 Microsoft.IdentityModel.Tokens (>= 6.8.0) .NETFramework 4.6.1 Microsoft.IdentityModel.Tokens (>= 6.8.0) .NETStandard 2.0 Microsoft.IdentityModel.Tokens (>= 6.8.0) packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net45\Microsoft.IdentityModel.JsonWebTokens.dll packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\net461\Microsoft.IdentityModel.JsonWebTokens.dll packages\Microsoft.IdentityModel.JsonWebTokens.6.8.0\lib\netstandard2.0\Microsoft.IdentityModel.JsonWebTokens.dll
The above three version net45, net461 and .net standard 2.0 verison of Microsoft.IdentityModel.JsonWebTokens both required another nuget library Microsoft.IdentityModel.Logging when you check the references of Microsoft.IdentityModel.JsonWebTokens through dnSpy. Microsoft.IdentityModel.Logging should be list as dependency of Microsoft.IdentityModel.JsonWebTokens. (Although Microsoft.IdentityModel.Tokens requires Microsoft.IdentityModel.Logging)
Both Microsoft.IdentityModel.Logging and Microsoft.IdentityModel.Tokens are top level dependencies, why you just list one of them as dependencies?