Paket: RFC: Add SemVer mode for paket 6

Created on 4 Dec 2019  路  8Comments  路  Source: fsprojects/Paket

Since we noticed multiple issues with ASP.NET and how packages are release I propose a new group and package flag called semver_level with the following options:

  • major - Resolver will not skip to a higher major version
  • minor - Resolver will not skip to a higher minor version
  • none - Resolver works as in paket 5.

So if the you are using ASP.NET 2.2 using semver_level: major would shield you from resolving asp.net 3.x packages. If your are using ASP.NET 3.0 and don't want to draw ASP.NET 3.1 packages then you could use semver_level: minor.

This flag only applies to transitive dependencies. If you have direct dependency A which dependends on B >= 2.2 then semver_level: major would rewrite it to B >= 2.2 && B < 3.0.

This flag would work together with min and max strategy. Frankly min/max defines the order in which versions are probed while semver_level restricts the version ranges that are found in the nuspecs.

The default would be major. This will be a breaking change, but it would not break restore of exisitng lock files.

Alternative approach

We extend the "strategy" modifier to have 4 values:

  • "min" - uses the minimum matching version. That's how NuGet operates. Available in paket 5.
  • "latest-patch" - takes the latest patch that is available from the minimum version. Does not increase major or minor versions. Probably works best with Microsoft packages. Especially asp.net core.
  • "latest-minor" - takes the latest minor that is available from the minimum version. Does not increase major versions.
  • "max" - uses the maximum matching version. Default in paket 5.

All 8 comments

Is this basically the rule to use when applying to transitives?

@isaacabraham I added the follwoing to the RFC:

"This flag only applies to transitive dependencies. If you have direct dependency A which dependends on B >= 2.2 then semver_level: major would rewrite it to B >= 2.2 && B < 3.0."

How would it operate within the context of things like min / max for strategy?

I added:

"This flag would work together with min and max strategy. Frankly min/max defines the order in which versions are probed while semver_level restricts the version ranges that are found in the nuspecs."

Would be interesting to implement and see which tests in the test-suite start failing :)

Have you considered adding these as new values for the strategy option? They could be considered to be somewhat related.

@inosik I added this as alternative approach

What about an optional or some other way of knowing when this particular feature prevented taking a newer package? Do we need this?
Do we need a way to temporarily disable this for a particular package in case of conflicts due to this flag?
Should we just "warn" and take a newer package if a conflict occurs only because of this restriction?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

alfonsogarciacaro picture alfonsogarciacaro  路  8Comments

NatElkins picture NatElkins  路  6Comments

haraldsteinlechner picture haraldsteinlechner  路  4Comments

Katulus picture Katulus  路  8Comments

palutz picture palutz  路  6Comments