search

fsprojects / Paket

A dependency manager for .NET with support for NuGet packages and Git repositories.
https://fsprojects.github.io/Paket/
MIT License
2.02k stars 520 forks source link

Paket.dependency with version ranges fails when package has pinned dependency and that version is unlisted #1579

Closed Rcomian closed 8 years ago

Rcomian commented 8 years ago

Description

We can't use version ranges in the paket.dependency file when a nuget package has a pinned dependency which has been unlisted and we require that dependency as well as that package.

Repro steps

NugetPackageA: Depends on NugetPackageB pinned to 1.1.5

NugetPackageB 1.1.5 has been unlisted, but is still available.

paket.dependencies brings in both packages, but tries to allow itself to use an unpinned version of the dependency:

nuget NugetPackageA
nuget NugetPackageB ~> 1.1

When running paket update we get the error message:

Could not resolve package NugetPackageB:
 - Dependencies file requested package NugetPackageB: >= 1.1 < 2.0
 - NugetPackageA 1.0.0 requested package NugetPackageB: 1.1.5

For testing, the specific unlisted package we're having trouble with is Mvvmlight 4.2.30.0.

Expected behavior

I would expect paket to bring in version 1.1.5 of NugetPackageB since it satisfies the requirements of both the package.dependencies and NugetPackageA.

Actual behavior

The actual behaviour is to claim that no version matches both criteria, which is wrong as the required version exists, it's just unlisted.

Known workarounds

If you pin the dependency to the same version as NugetPackageA or remove all version constraints, everything works ok. Version constraints are useful tho.

nuget NugetPackageA
nuget NugetPackageB 1.1.5

Related information

isaacabraham commented 8 years ago

Hmmm. Do unlisted versions of packages show up on the nuget feed?

Rcomian commented 8 years ago

No, unlisted means that they're not on the nuget feed, but they are available for download since projects get built against specific versions.

I can see what's happening in that paket is saying "What versions are available and match the constraints", getting a shortlist, then seeing that 1.1.5 is not in that shortlist.

But it's still a valid setup as you can still find and install version 1.1.5. If you can convince paket to allow the configuration, it will print a nice warning about it being unlisted, and everything works fine.

isaacabraham commented 8 years ago

So essentially what Paket should theoretically do is during the resolution phase check if the pinned versions are actually available even if not listed and add them to the versions available from the feed as part of the resolution phase?

forki commented 8 years ago

this is a bug. I'm tring to reproduce.

Rcomian commented 8 years ago

isaacbraham, something like that might work.

I'm not sure what the best resolution actually is, but the situation is a valid (if ill-advised) configuration.