dotnet-issue-labeler[bot]
commented
3 years ago I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.
Open Anipik opened 3 years ago
dotnet-issue-labeler[bot]
commented
3 years ago I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.
ViktorHofer
commented
3 years ago I assume dependency drops happen more often intentionally than not. Such a system would need exclusions to react to false positives. Do we have a user story for this validation?
rainersigwald
commented
1 year ago I would also be interested in guarding against added dependencies. @ViktorHofer noticed recently that MSBuild is accidentally exposing what should be a development dependency to our referencers. I'd opt into a stricter mode that required an exception for intentional changes.
Removing a dependency from a package could be a breaking change as there could be some transitive dependencies which were pulled by this dependency.
This validation will provide a safer guard against it.
cc @safern @ViktorHofer @ericstj