search

MingweiSamuel / Camille

C# Riot API Library. Thread safe, automatic retries, autogenerated nightly releases.
Other
102 stars 8 forks source link

Enable Dependabot #74

Closed mikaeldui closed 2 years ago

mikaeldui commented 2 years ago

To keep dependencies up-to-date.

MingweiSamuel commented 2 years ago

So as a library in general we'd want to support the widest range of versions as possible. Looking at https://docs.microsoft.com/en-us/nuget/concepts/package-versioning#version-ranges , something like <PackageReference Include="Newtonsoft.Json" Version="9.0.1" /> actually means Newtonsoft.Json >= 9.0.1 , and this even includes major versions which is a bit strange. But overall a lower version means a wider range...

Interestingly, in a test project when I included Camille.RiotGames as a dependency it did end up pulling Newtonsoft.Json = 9.0.1. But then when I separately installed Newtonsoft.Json = 13.0.1 it did upgrade to that version without any build or runtime conflicts, and inspecting the bin did show just the v13 dll.

I'm not really sure what the best practice is with c#/nuget.

Of course, for the test projects and the node srcgen, those can be kept up to latest since they're internal.

MingweiSamuel commented 2 years ago

Also once .NET Framework 4.5.2/4.6/4.6.1 support ends we won't need Newtonsoft.JSON anymore. (.NET Framework 4.6.1 is the earliest version that can run System.Text.Json)

mikaeldui commented 2 years ago

Related article: https://docs.microsoft.com/en-us/nuget/concepts/security-best-practices