Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-10030

Nuget 3.4 breaking semver change

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 2.12.1
    • Fix Version/s: 3.10.0
    • Component/s: NuGet
    • Labels:
    • Story Points:
      5

      Description

      As of Nuget 3.4/Visual Studio 2015, NuGet now uses a much stricter policy for semantic versioning. c.f. http://docs.nuget.org/Create/Versioning#Normalized_Version_Numbers

      In order for Nexus to behave correctly, it will need to address how it sorts version numbers, and how it decides packages are pre-release or release.

      Unfortunately, there are some popular package on nuget.org that don't abide by this strictness - NLog, for instance, has gotten into the habit of labelling (in ODATA) versions like 4.4.0-beta3 as release versions.

      As of NuGet 3.4, the (new) Normalized Version ODATA field is the definitive version for uniqueness purposes, as well as the definitive indicator as to whether a package is pre-release or not. Visual Studio will actually prune packages with pre-release semvers out of the search results it gets from Nexus.

      Unfortunately, for now, Nexus defers to the metadata, not the semver. As a result:

      1. Create a Nexus proxy to nuget.org
      2. Open Visual Studio 2015
      3. Make the Nexus proxy the only nuget source
      4. In VS/NuGet, search for 'nlog'. Currently, NLog 4.2.3 is the latest release version, according to semver. It should appear in the search results.
      5. Now search for 'nlog', with the 'pre-release versions' option checked. Currently, this will bring down the badly-tagged NLog 4.4.0-beta3. Nexus now considers this the latest
      6. Perform the first search again, looking for release-only versions of 'nlog'
      => NLog has now completely disappeared from the VS search results. Nexus is returning 4.4.0-beta3 as the latest release version (as per the metadata), but VS prunes it out (as per its pre-release style semver)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jstephens Joseph Stephens
              Reporter:
              mprescott Michael Prescott
              Last Updated By:
              Peter Lynch
              Team:
              Nexus - Formats
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title