Closed JohnTheGr8 closed 1 year ago
Please let me know if I should take care of the failing security check as part of this PR...
I did a bit of investigating, and the insecure package isn't actually a result of this change. It stems from some build-only dependencies, but the insecure transitive dependency can't currently be resolved just by upgrading direct package dependencies.
I think we're good to solve the two issues separately. However, looking at previous version constraints, I think nuget FSharp.Core >= 6
is probably the constraint we're looking for. I'll let you grab that if you still want the merge. I appreciate you taking initiative to contribute!
Just realized I can edit your PR. Hope that's ok with you.
It stems from some build-only dependencies, but the insecure transitive dependency can't currently be resolved just by upgrading direct package dependencies.
Yup, I figured as much... You can trick Paket to update just that package by adding it to paket.dependencies
, updating it and then resetting paket.dependencies
.
I think
nuget FSharp.Core >= 6
is probably the constraint we're looking for.
I tried this initially but it makes no difference: when packing, the minimum required version will be set to what Expecto uses, currently version 7.0.200
I thought about editing the lock file or similar, but it seems like an unstable solution.
Hmm. When I inspected the nuget packages, the ~>
approach does result in a max allowed version, while the >=
approach does not
This seems more in line with previous versioning constraints
This is what I'm getting...
Weird. Not sure why we'd get different results.
are you running an outdated version of nuget package explorer by any chance? .NETCoreApp, Version=v6.0
sounds very odd 😂
Nope. Looks like the latest release was 2022-08, and that's what I've got.
anyways, just meant to point out that in my testing setting it to >= 6
and >= 7
made no difference as it would always result in >= 7.0.200
... doesn't really matter
Noted
quick PR to change expecto's
FSharp.Core
version requirement from(= 7.0.200)
to(>= 7.0.200 && < 8.0.0)
closes #458