Open rstm-sf opened 1 week ago
Hrmm, these issues do not occur in our CI build when we do a dotnet build
. I wonder if our dotnet
version is off. For instance, https://github.com/temporalio/sdk-dotnet/actions/runs/10812517816 is not reporting this. Can you provide the steps to replicate this build error? Is there a global setting you have that we do not in CI?
Regardless, we can definitely update the test dependencies. For the Temporalio.Extensions.Hosting
dependency I'm a bit more hesitant to require the next major version (though of course we suggest all users of the library use the latest), but we may be able to upgrade that too.
Seems to be because the .NET 6 SDK is being used and it may not have up-to-date package checking for known vulnerabilities.
I have SDKs from 6 to 9 and when I build, I used global.json to specify that I should use SDK 8. Now I tried to specify 6 SDK and there were no errors either
dotnet build
MSBuild version 17.3.4+a400405ba for .NET
Determining projects to restore...
Restored .\sdk-dotnet\src\Temporalio.Extensions.OpenTelemetry\Temporalio.Extensions.OpenTelemetry.csproj (in 193 ms).
Restored .\sdk-dotnet\src\Temporalio.Extensions.DiagnosticSource\Temporalio.Extensions.DiagnosticSource.csproj (in 193 ms).
Restored .\sdk-dotnet\src\Temporalio.Extensions.Hosting\Temporalio.Extensions.Hosting.csproj (in 213 ms).
Restored .\sdk-dotnet\src\Temporalio\Temporalio.csproj (in 193 ms).
Restored .\sdk-dotnet\tests\Temporalio.Tests\Temporalio.Tests.csproj (in 232 ms).
Temporalio -> .\sdk-dotnet\src\Temporalio\bin\Debug\netcoreapp3.1\Temporalio.dll
Temporalio -> .\sdk-dotnet\src\Temporalio\bin\Debug\netstandard2.0\Temporalio.dll
Temporalio -> .\sdk-dotnet\src\Temporalio\bin\Debug\net462\Temporalio.dll
Temporalio.Extensions.DiagnosticSource -> .\sdk-dotnet\src\Temporalio.Extensions.DiagnosticSource\bin\Debug\netstandard2.0\Temporalio.Extensions.DiagnosticSource.dll
Temporalio.Extensions.OpenTelemetry -> .\sdk-dotnet\src\Temporalio.Extensions.OpenTelemetry\bin\Debug\netstandard2.0\Temporalio.Extensions.OpenTelemetry.dll
Temporalio.Extensions.Hosting -> .\sdk-dotnet\src\Temporalio.Extensions.Hosting\bin\Debug\netstandard2.0\Temporalio.Extensions.Hosting.dll
Temporalio.Extensions.Hosting -> .\sdk-dotnet\src\Temporalio.Extensions.Hosting\bin\Debug\net462\Temporalio.Extensions.Hosting.dll
Temporalio.Extensions.DiagnosticSource -> .\sdk-dotnet\src\Temporalio.Extensions.DiagnosticSource\bin\Debug\net462\Temporalio.Extensions.DiagnosticSource.dll
Temporalio.Extensions.OpenTelemetry -> .\sdk-dotnet\src\Temporalio.Extensions.OpenTelemetry\bin\Debug\net462\Temporalio.Extensions.OpenTelemetry.dll
Temporalio.Extensions.Hosting -> .\sdk-dotnet\src\Temporalio.Extensions.Hosting\bin\Debug\net6.0\Temporalio.Extensions.Hosting.dll
Temporalio.Tests -> .\sdk-dotnet\tests\Temporalio.Tests\bin\Debug\net6.0\Temporalio.Tests.dll
{
"sdk": {
"version": "6.0.0",
"rollForward": "latestFeature",
"allowPrerelease": false
}
}
Thanks! We will look into setting up a build with .NET 8 and look into updating minimum dependencies in a way that doesn't harm past users.
This should just affect builds of the SDK not usage of the SDK so we likely won't release an emergency patch release for this, but we should get to this soon. You can either alter the dependency versions explicitly or disable this warning in the meantime.
Summary
When I try to build a solution, I get errors NU1903
Details
Restore failed with 4 error(s) in 0.7s