0

We have C# application in which we need to restrict Nuget package upgrade and stop compilation if version exceed. For example our application support Newtonsoft.JSON package version to 12.0.3 and by accident if any developer in team upgrade this package to 13.* then we need to stop compilation of project in Visual Studio 2019 or 2022.

Is there any way to do so? If throwing compilation error is not possible then how can I check the installed version of Nuget package and then throw runtime Exception? Please guide. Thanks in advance

user1455675
  • 81
  • 7
  • Can I ask why you want to impose such a restriction? – phuzi Aug 25 '23 at 14:14
  • @phuzi There is some business needs to restrict upgrade of specific package – user1455675 Aug 25 '23 at 14:44
  • 1
    Have you seen https://stackoverflow.com/questions/16125828/can-i-keep-nuget-on-the-jquery-1-9-x-1-x-path-instead-of-upgrading-to-2-x/16151570#16151570 is this an option? – phuzi Aug 25 '23 at 15:02
  • The only other option I can think of would be something like gated check ins or a commit hook that would run a check to prevent checking in or committing of an accidental upgrade. But that would depend upon what source control you're using. – phuzi Aug 25 '23 at 15:07
  • How about do not use the nuget pacage, manually download the dll. – shingo Aug 25 '23 at 15:21
  • @phuzi we are using Azure (online) GIT repo. Can you please give some detail about commit hook? – user1455675 Aug 25 '23 at 16:32
  • @user1455675 You can take a look of my answer, it shared an idea about msbuild achivement. :) – Bowman Zhu-MSFT Aug 28 '23 at 06:52
  • Restricting Nuget packages is certainly a valid need since reference conflicts or build issues (overwriting etc.) may well arise between projects of a solution. – Mustafa Özçetin Aug 28 '23 at 09:38
  • @phuzi thank you. Your suggested solution with "allowedVersion" attribute works for now. – user1455675 Aug 28 '23 at 14:52
  • @user1455675 Hi, since you have found the solution. Could you please share your solution to this question and [mark it as the answer](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work/5235#5235) to end this question(More detailed is better)? This will be beneficial to others who meet the similar situation and searching for the solution. :) – Bowman Zhu-MSFT Aug 30 '23 at 09:42

2 Answers2

1

I would just create an Unit Test that checks the version of the dll and fails if it has an unsupported version. Let it fail with a descriptive error message, so that if someone updates the nuget, he gets a clear indication of what's wrong. And if the developer then also updates the test, the reviewer should see that and put in his veto (you do have PR reviews in place, do you?). That way, it's also easy to update if, one day, there's really a ticket to do so.

PMF
  • 14,535
  • 3
  • 23
  • 49
1

by accident if any developer in team upgrade this package to 13.* then we need to stop compilation of project in Visual Studio 2019 or 2022.

Could you please clarify about this accident? And in this situation, you can use the version range in csproj package reference to prevent this issue from happening:

References in project files (PackageReference)

For example:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net7.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Newtonsoft.Json" Version="[10.0.1,12.0.3]" />
  </ItemGroup>
</Project>

To parse the version the project actually using, I suggest using inline task or exec to parse the package version:

MSBuild inline tasks

Exec method

Both of these method can use code to parse json file obj\project.assets.json(Which stored package version info).

After getting the version, you can use the error task and condition to make the error and stop the build:

Error Task

If you want devops side solution, PMF's answer is another way.

Bowman Zhu-MSFT
  • 4,776
  • 1
  • 9
  • 10