Skip to content

C#: Fix NuGet version bug and a .NET10 compatibility issue. #20964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
michaelnebel wants to merge 5 commits into
base: main
Choose a base branch
from
Open

C#: Fix NuGet version bug and a .NET10 compatibility issue. #20964

michaelnebel wants to merge 5 commits into from
+45 −50

Conversation

@michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Dec 4, 2025
edited
Loading

This PR enhances the dependency fetcher utilized by BMN.

  • Added /p:AllowMissingPrunePackageData=true to the dotnet restore arguments. This addresses a breaking change between .NET 9 and .NET 10, where restoring fails if we intentionally use fake framework directories to trigger framework downloads (these restores are intended as best-effort attempts).
  • Resolved an issue with sorting .NET framework version numbers. The previous implementation relied on lexicographic sorting, which caused problems when transitioning from version 9 to 10.
  • Refactored the DotNetVersion class to use NuGetVersion internally, replacing the custom logic previously in use.

@michaelnebel michaelnebel marked this pull request as ready for review December 4, 2025 15:15
@michaelnebel michaelnebel requested review from a team as code owners December 4, 2025 15:15
Copilot finished reviewing on behalf of michaelnebel December 4, 2025 15:17
Copilot AI reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes two critical issues in the dependency fetcher used by build mode none (BMN) to improve .NET framework version handling and ensure .NET 10 compatibility.

  • Replaces custom version sorting logic with NuGet's NuGetVersion class for proper semantic versioning
  • Adds /p:AllowMissingPrunePackageData=true flag to handle .NET 10 breaking changes in restore operations
  • Refactors DotNetVersion class to use NuGetVersion internally, eliminating custom version comparison code

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated no comments.

Show a summary per file
File Description
csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md Documents the bug fixes for version sorting and .NET 10 compatibility
csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected Updates test expectations to include the new NuGet.Versioning.dll dependency
csharp/paket.main.bzl Adds NuGet.Versioning 7.0.1 package configuration to the build system
csharp/paket.lock Locks NuGet.Versioning 7.0.1 as a project dependency
csharp/paket.dependencies Declares NuGet.Versioning as a required package
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references References NuGet.Versioning for the DependencyFetching project
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs Updates regex and parsing to use NuGetVersion for SDK version detection
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs Updates regex and parsing to use NuGetVersion for runtime version detection
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs Implements semantic version sorting for NuGet package directories using NuGetVersion
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs Simplifies implementation to delegate version comparison to NuGetVersion
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs Adds AllowMissingPrunePackageData flag for .NET 10 compatibility in restore operations
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs Updates method call to match signature change from static to instance method
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel Adds nuget.versioning build dependency

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

hvitved
hvitved approved these changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks plausible to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hvitved hvitved hvitved approved these changes

Assignees

No one assigned

Labels

C# documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@michaelnebel @hvitved