search

haf / expecto

A smooth testing lib for F#. APIs made for humans! Strong testing methodologies for everyone!
Apache License 2.0
663 stars 96 forks source link

Loosen FSharp.Core version requirement #459

Closed JohnTheGr8 closed 1 year ago

JohnTheGr8 commented 1 year ago

quick PR to change expecto's FSharp.Core version requirement from (= 7.0.200) to (>= 7.0.200 && < 8.0.0)

closes #458

JohnTheGr8 commented 1 year ago

Please let me know if I should take care of the failing security check as part of this PR...

farlee2121 commented 1 year ago

I did a bit of investigating, and the insecure package isn't actually a result of this change. It stems from some build-only dependencies, but the insecure transitive dependency can't currently be resolved just by upgrading direct package dependencies.

I think we're good to solve the two issues separately. However, looking at previous version constraints, I think nuget FSharp.Core >= 6 is probably the constraint we're looking for. I'll let you grab that if you still want the merge. I appreciate you taking initiative to contribute!

farlee2121 commented 1 year ago

Just realized I can edit your PR. Hope that's ok with you.

JohnTheGr8 commented 1 year ago

It stems from some build-only dependencies, but the insecure transitive dependency can't currently be resolved just by upgrading direct package dependencies.

Yup, I figured as much... You can trick Paket to update just that package by adding it to paket.dependencies, updating it and then resetting paket.dependencies.

I think nuget FSharp.Core >= 6 is probably the constraint we're looking for.

I tried this initially but it makes no difference: when packing, the minimum required version will be set to what Expecto uses, currently version 7.0.200

farlee2121 commented 1 year ago

I thought about editing the lock file or similar, but it seems like an unstable solution.

Hmm. When I inspected the nuget packages, the ~> approach does result in a max allowed version, while the >= approach does not image image

This seems more in line with previous versioning constraints

JohnTheGr8 commented 1 year ago

image

This is what I'm getting...

farlee2121 commented 1 year ago

Weird. Not sure why we'd get different results.

JohnTheGr8 commented 1 year ago

are you running an outdated version of nuget package explorer by any chance? .NETCoreApp, Version=v6.0 sounds very odd 😂

farlee2121 commented 1 year ago

Nope. Looks like the latest release was 2022-08, and that's what I've got.

JohnTheGr8 commented 1 year ago

anyways, just meant to point out that in my testing setting it to >= 6 and >= 7 made no difference as it would always result in >= 7.0.200... doesn't really matter

farlee2121 commented 1 year ago

Noted