Home: Warn users of likely breaking changes when updating to new major versions
Recently we’ve had lots of users complaining that their projects broke when they updated their Bootstrap NuGet package from v3 to v4.
The root problem is that there are breaking changes between the major versions of Bootstrap. However, there was no way for a user to know that when updating via the NuGet manager.
Ultimately, a user should be careful when updating NuGet packages, as any change in dependencies could break their existing code.
Our response to the users could be something like “This is your fault. In future, please be careful when updating NuGet packages.”
But given how easy we make it for users to see updated NuGet packages and to one-click update all, we might be leading our users into a trap.
My suggestion is that, when updating NuGet packages, we warn the user that updating their dependencies could have detrimental effects on their project – especially when an updated NuGet package has an increased Major version.
Suggestion:
Could we offer a confirmation dialog on Update that warns of potentially breaking changes?
- It should include a “Don’t show this again”, for users who accept the risk and don’t want to be warned in future.
- It could list all packages that have an increased major version and call them out as “High Risk” updates.
justcla
All 2 comments
Another very related issue: If there are two versions of a dependency in the restore graph that span major versions, NuGet should also generate a big fat warning.
- Project
- DependencyA
- TransitiveDependency v1.0.0
- DependencyB
- TransitiveDependency v2.0.0
warning NUXXXX: TransitiveDependency version 2.0.0 is being used but DependencyA depends on version 1.0.0. DependencyA may encounter errors at runtime due to breaking changes between TransitiveDependency versions 1.0.0 and 2.0.0.
bricelam
on 29 Oct 2019
Another very related issue: If there are two versions of a dependency in the restore graph that span major versions, NuGet should also generate a big fat warning.
- Project
- DependencyA
- TransitiveDependency v1.0.0
- DependencyB
- TransitiveDependency v2.0.0
Current workaround is for every package that might be a DependencyA to specify explicit upper-bounds on PackageReference versions, e.g., aspnet/EntityFrameworkCore#18192 (with consideration for #6434).
This allows NU1608 to get raised in these situations, which doesn't quite have "big fat warning" status as things stand today, but I think it's an improvement over putting "obvious" values for PackageReference version numbers.
airbreather
on 1 Nov 2019
Related issues
philippe-lavoie
·
3Comments
vsfeedback
·
3Comments
skofman1
·
3Comments
dotMorten
·
3Comments
zhili1208
·
3Comments
Most helpful comment
Another very related issue: If there are two versions of a dependency in the restore graph that span major versions, NuGet should also generate a big fat warning.