Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft.CodeAnalysis.NetAnalyzers warns that I should be using version 7.0.0; but there isn't a release version of 7.0.0 yet #65581

Closed
richardissimo opened this issue Nov 23, 2022 · 22 comments
Closed

Microsoft.CodeAnalysis.NetAnalyzers warns that I should be using version 7.0.0; but there isn't a release version of 7.0.0 yet #65581

richardissimo opened this issue Nov 23, 2022 · 22 comments
Assignees
@mavasani
Labels
Area-Analyzers

Comments

@richardissimo
Copy link

Version Used:
microsoft.codeanalysis.netanalyzers 6.0.0

Steps to Reproduce:

  1. Create a .Net SDK project (e.g. C# library, .net 6)
  2. Add a package reference to microsoft.codeanalysis.netanalyzers\6.0.0
  3. Compile it (after the prerelease versions of that package are published but before the v7.0.0 of that package is released)

Diagnostic Id:

C:\Users\redacted\.nuget\packages\microsoft.codeanalysis.netanalyzers\6.0.0\build\Microsoft.CodeAnalysis.NetAnalyzers.targets(591,5): warning : The .NET SDK has newer analyzers with version '7.0.0' than what version '6.0.0' of 'Microsoft.CodeAnalysis.NetAnalyzers' package provides. Update or remove this package reference.

Expected Behavior:
No warning should be given because there isn't a release version of 7.0.0 yet. I would only expect this complaint to be made when there is a release version available.

Actual Behavior:
The warning is given that I'm using version 6.0.0; and that there is a 7.0.0. Except there isn't a release version of 7.0.0 yet - there are currently 13 pre-release versions of 7.0.0; but no release version yet.
@dotnet-issue-labeler dotnet-issue-labeler bot added Area-Analyzers untriaged Issues and PRs which have not yet been triaged by a lead labels Nov 23, 2022
@Youssef1313
Copy link
Member

Youssef1313 commented Nov 23, 2022
edited
Loading

This belongs to dotnet/roslyn-analyzers, and I think the message is pretty much by-design.

Which version of the .NET SDK are you using? (I see you mentioned you have .NET 6 library, but I assume you're referring to TargetFramework, not SDK version)
If you're using .NET 7 SDK, then this warning is by-design. As the message mentions, you could remove the package reference and get the analyzers from SDK directly. You could silence the message by specifying <_SkipUpgradeNetAnalyzersNuGetWarning>true</_SkipUpgradeNetAnalyzersNuGetWarning>

@richardissimo
Copy link
Author

richardissimo commented Nov 23, 2022
edited
Loading

This belongs to dotnet/roslyn-analyzers

Apologies if I've put this in the wrong group. It's very hard to tell where it should go.

Which version of the .NET SDK are you using?

dotnet --list-sdks on my machine returns 7.0.100 [C:\Program Files\dotnet\sdk]

Despite what I put in the question, my project actually multi-targets "net6.0;net48", and I get 2 copies of this warning, one for each of those targets - I've changed the value to different combinations to confirm that. But as it says in the overview

Starting in .NET 5, these analyzers are included with the .NET SDK and you don't need to install them separately. [...] If you [...] prefer a NuGet package-based model, the analyzers are also available in the Microsoft.CodeAnalysis.NetAnalyzers NuGet package.

I tend to prefer the package-based approach, since it means that the analyzers being used are chosen within what's in version control, rather than by the tool doing the build. If the tool is allowed to choose, then it can lead to discrepancies between a build on a developer's machine and the build server (for example, if those have slightly different versions of the build tool). This can mean that a build passes on a developer's machine but fails on the build server (or vice versa).

The warning message says "Update or remove this package reference." I didn't update it because there wasn't a release version of 7.0.0 yet; and I didn't want to remove it because I want consistency of analyzers.

I don't really want to silence it, because when there is a release version, I will want to update to that version. As an aside: Is there a reason why there still isn't a release version of the 7.0.0 analyzers?

My point is really that the message says The .NET SDK has newer analyzers with version '7.0.0' than what version '6.0.0' of 'Microsoft.CodeAnalysis.NetAnalyzers' package provides., and that can't be true, because there isn't a version 7.0.0 of that package on NuGet.org - there are 13 prerelease versions, but [by definition of being prerelease] none of them are '7.0.0'.

@Youssef1313
Copy link
Member

If the tool is allowed to choose, then it can lead to discrepancies between a build on a developer's machine and the build server (for example, if those have slightly different versions of the build tool). This can mean that a build passes on a developer's machine but fails on the build server (or vice versa).

This is easily solvable by using a global.json file to pin the .NET SDK version. A global.json will require a specific version of the .NET SDK when building.

The warning message says "Update or remove this package reference." I didn't update it because there wasn't a release version of 7.0.0 yet; and I didn't want to remove it because I want consistency of analyzers.

You could use the latest prerelease (preview) package from NuGet until a stable 7.0 is released.

I don't really want to silence it, because when there is a release version, I will want to update to that version.

I think dependabot should be used for this scenario. Though, you can still not silence the warning by referencing the latest prerelease (preview) version, or by using the .NET 6 SDK.

As an aside: Is there a reason why there still isn't a release version of the 7.0.0 analyzers?

I don't think there is a reason. I agree it should have been released a while ago. I opened an issue on roslyn-analyzers to release a stable 7.0 on NuGet.

In short:

  • Using a global.json is a good practice anyway, regardless of this issue.
  • It should be okay to use the latest prerelease, and wait for 7.0 to be released (hopefully it happens soon)

@richardissimo
Copy link
Author

This is easily solvable by using a global.json file to pin the .NET SDK version.

Using global.json will control the version of the SDK; but you'd want to be using the "rollForward" feature to have some flexibility there, so you can take any improvements that are made, and so that not everyone on the team has to be on exactly the same version - because it's very difficult to manage keeping everyone on a team on the same version. And the build server needs to have the same version; and our build server is shared with other teams who may be using different versions. But that flexibility means you've still got variation of which version of the SDK is being used, so potential variation of the Analyzers package. Which is why it seems better to know exactly which version of the analyzers it should be using, rather than pinning the SDK.

The other thing about pinning the SDK is that as well as causing difficulties of ensuring people have every different version of an SDK installed that various different solutions require, it also causes extra maintenance work every time you want to update one of those global.jsons to make use of the next minor or major version jump (as well as the logistical challange of getting all those people to install another version of the SDK). Whereas without that file, it will always use the latest available.

I think dependabot should be used for this scenario.

Last time I looked at dependabot, it required docker, and that would have a financial implication due to the licensing.

You could use the latest prerelease (preview) package from NuGet until a stable 7.0 is released.

Absolutely; but I interpret "prerelease" as meaning it's not ready for general use yet. Thanks for opening the issue suggesting that a stable 7.0 release should be done. Luckily I can ignore the warning because it is evading the setting to treat warnings as errors.

We've got a bit off topic, so returning to the original point...

My point is really that the message says The .NET SDK has newer analyzers with version '7.0.0' than what version '6.0.0' of 'Microsoft.CodeAnalysis.NetAnalyzers' package provides., and that can't be true, because there isn't a version 7.0.0 of that package on NuGet.org - there are 13 prerelease versions, but [by definition of being prerelease] none of them are '7.0.0'.

@Youssef1313
Copy link
Member

Youssef1313 commented Nov 23, 2022
edited
Loading

@richardissimo That would generally be fixed when 7.0.0 is released, it's just a matter of time.

@mavasani Do we have a better mechanism to know the exact version that is pulled from the .NET SDK so that the message is more accurate regarding the version?

@richardissimo
Copy link
Author

That would generally be fixed when 7.0.0 is released, it's just a matter of time.

@Youssef1313 Whilst that is true, it's also just a matter of time before this issue occurs again, with 8.0.0, and then 9.0.0, etc.

@oskrabanek
Copy link

It's still not fixed. Any progress on this issue?

@edgarssults
Copy link

edgarssults commented Feb 22, 2023
edited
Loading

I am also having this issue and would like the warning to not take into account preview versions.

We have upgraded to 7.0.0 analyzers recently and just started getting warnings again about upgrading to 7.0.1, but there are only preview versions of it available right now which we generally don't care about unless there are critical fixes.

@RobSwDev
Copy link

We're also hitting this issue.

@jasonmalinowski jasonmalinowski removed the untriaged Issues and PRs which have not yet been triaged by a lead label Feb 24, 2023
@bobwah
Copy link

bobwah commented Mar 1, 2023
edited
Loading

That would generally be fixed when 7.0.0 is released, it's just a matter of time.

@Youssef1313 Whilst that is true, it's also just a matter of time before this issue occurs again, with 8.0.0, and then 9.0.0, etc.

Happening again 7.0.1

image

@mavasani
Copy link
Contributor

mavasani commented Mar 1, 2023

I’ll work on a fix here..

@LukeOrdelmans
Copy link

Adding this (in .csproj / Directory.Build.props) worked for me:

<PropertyGroup>
   <_SkipUpgradeNetAnalyzersNuGetWarning>true</_SkipUpgradeNetAnalyzersNuGetWarning>
</PropertyGroup>

@mavasani
Copy link
Contributor

mavasani commented Mar 9, 2023

7.0.1 is now released on NuGet

@mavasani mavasani closed this as completed Mar 9, 2023
@hoerup
Copy link

hoerup commented Jun 14, 2023

And now you have done exactly the same with 7.0.3 :(

@richardissimo
Copy link
Author

I'm getting the same as @hoerup: The latest stable is 7.0.1; but it's complaining that:

C:\Program Files\dotnet\sdk\7.0.304\Sdks\Microsoft.NET.Sdk\analyzers\build\Microsoft.CodeAnalysis.NetAnalyzers.targets(593,5): warning : The .NET SDK has newer analyzers with version '7.0.3' than what version '7.0.1' of 'Microsoft.CodeAnalysis.NetAnalyzers' package provides. Update or remove this package reference.

@mavasani It would appear that whatever fix was done hasn't resolved the issue; so this issue will continue to happen during every time period in future between the creation of a pre-release and the actual release. Please can we reopen this?

Presumably it is checking a NuGet package source to see what version is available; but I know from doing that myself that when doing that you can choose to ignore pre-release versions - so could it be changed to it ignore pre release versions?

@Pentadome
Copy link

The .NET SDK has newer analyzers with version '7.0.3' than what version '7.0.1' of 'Microsoft.CodeAnalysis.NetAnalyzers' package provides.

Can confirm that this issue is not fixed yet. There is no 7.0.3 version of 'Microsoft.CodeAnalysis.NetAnalyzers' on Nuget

@CyrusNajmabadi
Copy link
Member

Can confirm that this issue is not fixed yet. There is no 7.0.3 version of 'Microsoft.CodeAnalysis.NetAnalyzers' on Nuget

I don't believe that this belongs to this repo. Can you file an issue over to dotnet/roslyn-analyzers? They can take a look there. Thanks.

@mavasani
Copy link
Contributor

https://www.nuget.org/packages/Microsoft.CodeAnalysis.NetAnalyzers/7.0.3 is now available.

I have also started an offline email thread to ensure that we synchronize the publishing of the NuGet package with the .NET SDK releases. We may also consider completely removing this warning. I'll post an update here once we have consensus.

Sorry for the inconvenience and thank you for your patience!

@Pentadome Pentadome mentioned this issue Aug 9, 2023
Closed
@b-f-
Copy link

b-f- commented Aug 10, 2023
edited
Loading

image
Seems like the warning is always a 0.0.1 ahead of actual latest release. Looks like package version is out of sync.

Is it possible the issue is related to this one? I checked all package references in a MAUI Blazor project and none are pointing to 7.0.1
image

@hoerup
Copy link

hoerup commented Aug 10, 2023

I have also started an offline email thread to ensure that we synchronize the publishing of the NuGet package with the .NET SDK releases. We may also consider completely removing this warning. I'll post an update here once we have consensus.

@mavasani Since this situation now also occurred with 7.0.4 i assume that the mentioned email thread didn't come up with a solution ?

@hoerup
Copy link

hoerup commented Aug 17, 2023

Now a week later, 7.0.4 still hasn't been published :(

@odinserj
Copy link

I have the same warning, and version 7.0.4 is still pre-release only. I don't want to disable this warning entirely, because it can be useful in future. But in my opinion, it should not take into account preview versions.

Microsoft.CodeAnalysis.NetAnalyzers.targets(593,5): Warning  : The .NET SDK has newer analyzers with version '7.0.4' than what version '7.0.3' of 'Microsoft.CodeAnalysis.NetAnalyzers' package provides. Update or remove this package reference.

@coderabbitai coderabbitai bot mentioned this issue Feb 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mavasani mavasani

Labels
Area-Analyzers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests