Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dotnet nuget why should check RID specific packages #13718

Closed
zivkan opened this issue Aug 20, 2024 · 0 comments · Fixed by NuGet/NuGet.Client#6154
Closed

dotnet nuget why should check RID specific packages #13718

zivkan opened this issue Aug 20, 2024 · 0 comments · Fixed by NuGet/NuGet.Client#6154
Assignees
@Nigusu-Allehu
Labels
Functionality:Why dotnet nuget why Priority:1 High priority issues that must be resolved in the current sprint. Type:DCR Design Change Request

Comments

@zivkan
Copy link
Member

zivkan commented Aug 20, 2024

NuGet Product(s) Affected

dotnet.exe

Current Behavior

Add any package which eventually adds System.Runtime as a depenedncy. For example, System.Collections.Specialized. Restore will warn you about System.Private.Uri having a known vulnerability (when NuGetAuditMode is set to all, which is default from .NET 9). However, dotnet nuget why my.csproj System.Private.Uri will tell you that the package is not used by the project

Desired Behavior

dotnet nuget why should tell me why this package is being restored.

Additional Context

Looking at the assets file, the package is being included due to RID-specific (Runtime IDentifier) dependencies. Therefore, dotnet nuget why appears to be looking only at the "RIDless" package graph in the assets file.
@zivkan zivkan added Priority:1 High priority issues that must be resolved in the current sprint. Type:DCR Design Change Request Functionality:Why dotnet nuget why labels Aug 20, 2024
@zivkan zivkan self-assigned this Aug 20, 2024
@zivkan zivkan mentioned this issue Sep 24, 2024
Open
@ProbablePrime ProbablePrime mentioned this issue Sep 25, 2024
Closed
@nkolev92 nkolev92 mentioned this issue Sep 30, 2024
Open
@Nigusu-Allehu Nigusu-Allehu self-assigned this Oct 7, 2024
@zivkan zivkan removed their assignment Oct 7, 2024
@leotsarev leotsarev mentioned this issue Nov 15, 2024
Closed
@nkolev92 nkolev92 mentioned this issue Nov 15, 2024
Closed
@jeromelaban jeromelaban mentioned this issue Nov 18, 2024
Closed
@Nigusu-Allehu Nigusu-Allehu mentioned this issue Nov 19, 2024
Merged
3 tasks
@zivkan zivkan mentioned this issue Dec 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nigusu-Allehu Nigusu-Allehu

Labels
Functionality:Why dotnet nuget why Priority:1 High priority issues that must be resolved in the current sprint. Type:DCR Design Change Request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add RID specific packages to dotnet nuget why NuGet/NuGet.Client
2 participants
@zivkan @Nigusu-Allehu