Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUERY] Dependencies mayhem #38857

Closed
svrooij opened this issue Sep 20, 2023 · 8 comments
Closed

[QUERY] Dependencies mayhem #38857

svrooij opened this issue Sep 20, 2023 · 8 comments
Assignees
@KrzysztofCwalina
Labels
Azure.Core Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request This issue requires a new behavior in the product in order be resolved. issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close.
Milestone
Backlog

Comments

@svrooij
Copy link

svrooij commented Sep 20, 2023
edited
Loading

Library name and version

Azure.Core 1.35.0

Query/Question

I think the dependencies for this project can be cleaned up at least for .net core 3 and up.

These packages are not needed they are only needed on .netstandard and everything before .net core 3:

[Microsoft.Bcl.AsyncInterfaces](https://www.nuget.org/packages/Microsoft.Bcl.AsyncInterfaces/) (>= 1.1.1)
[System.Diagnostics.DiagnosticSource](https://www.nuget.org/packages/System.Diagnostics.DiagnosticSource/) (>= 6.0.1)
[System.Memory.Data](https://www.nuget.org/packages/System.Memory.Data/) (>= 1.0.2)
[System.Numerics.Vectors](https://www.nuget.org/packages/System.Numerics.Vectors/) (>= 4.5.0)
[System.Text.Encodings.Web](https://www.nuget.org/packages/System.Text.Encodings.Web/) (>= 4.7.2)
[System.Text.Json](https://www.nuget.org/packages/System.Text.Json/) (>= 4.7.2)
[System.Threading.Tasks.Extensions](https://www.nuget.org/packages/System.Threading.Tasks.Extensions/) (>= 4.5.4)

Provides the IAsyncEnumerable and IAsyncDisposable interfaces and helper types for .NET Standard 2.0. This package is not required starting with .NET Standard 2.1 and .NET Core 3.0.
Microsoft.Bcl.AsyncInterfaces

Some of the packages you're forcing for everybody are like 7 years old.

Environment

.NET SDK:
Version: 7.0.308
Commit: f6a2f50f2d

Runtime Environment:
OS Name: Windows
OS Version: 10.0.22621
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\7.0.308\

Host:
Version: 7.0.11
Architecture: x64
Commit: ecb34f85ec

.NET SDKs installed:
6.0.414 [C:\Program Files\dotnet\sdk]
7.0.111 [C:\Program Files\dotnet\sdk]
7.0.302 [C:\Program Files\dotnet\sdk]
7.0.308 [C:\Program Files\dotnet\sdk]

.NET runtimes installed:
Microsoft.AspNetCore.App 3.1.32 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 6.0.16 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 6.0.22 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 7.0.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 7.0.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 3.1.32 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 6.0.16 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 6.0.22 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 7.0.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 7.0.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 3.1.32 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 6.0.16 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 6.0.22 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 7.0.5 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Microsoft.WindowsDesktop.App 7.0.11 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Drop support for end-of-life targets

And maybe even start considering dropping support for all those versions that are out off support for years, according to your own support policy:

  • .NET Core 2.1 ended support Augustus 21th 2021 which is over 2 years ago.
  • .NET5 ended support May 10th 2022 which is also over 16 months ago
  • .NET 4.6.1 ended support on April 26th 2022 according to this page which is 17 months ago.

Remove high severity vulnerabilities

Packages.Data.props seem to be forcing <PackageReference Update="Newtonsoft.Json" Version="10.0.3" /> which according to nuget has at least 1 high severity vulnerability

Check PR #38885 for more comments
@github-actions github-actions bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 20, 2023
svrooij added a commit to svrooij/azure-sdk-for-net that referenced this issue Sep 21, 2023
@svrooij
fix: Fixed the dependency mess
c5e195b 
Fixed Azure#38857
@svrooij svrooij mentioned this issue Sep 21, 2023
Closed
@jsquire jsquire added Client This issue points to a problem in the data-plane of the library. Azure.Core feature-request This issue requires a new behavior in the product in order be resolved. and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 21, 2023
@jsquire jsquire added this to the Backlog milestone Sep 21, 2023
@github-actions github-actions bot added the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Sep 21, 2023
@jsquire
Copy link
Member

jsquire commented Sep 21, 2023
edited
Loading

Hi @svrooij. Thank you for your feedback. The majority of the Azure SDK ecosystem uses a netstandard2.0 target only and relies on Azure.Core for these dependencies. We're currently in the process of formalizing a policy around managing targets as the .NET platform continues to evolve. I agree this would be a good area for us to revisit as part of those efforts and consider whether or not we continue to need these as blanket references or we can move them to conditional based on target.

//fyi: @KrzysztofCwalina, @annelo-msft

@svrooij
Copy link
Author

svrooij commented Sep 21, 2023

I've tried fixing it here, but it resulted in an even bigger mess.
The Azure.Core package is building, but some others fail.

#38885

I also stated that you might want to remove end-of-life targets.

@avendel avendel mentioned this issue Nov 8, 2023
Closed
@m-redding m-redding mentioned this issue Oct 15, 2024
Open
9 tasks
@m-redding m-redding mentioned this issue Oct 29, 2024
Merged
@m-redding
Copy link
Member

Resolved by #46637

@m-redding m-redding added issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. and removed needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Nov 18, 2024
@github-actions GitHub Actions
Copy link

Hi @svrooij. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

@svrooij
Copy link
Author

svrooij commented Nov 21, 2024

/unresolve

I just updated the Azure.Core package to version 1.44.1 only to find out that even the net6.0 version still requires Microsoft.Bcl.AsyncInterfaces..... This package is no longer needed for anything above netcore 3.1. Stop including it!
This will probably also count for System.Memory.Data, System.Diagnostics.DiagnosticSource and System.Numerics.Vectors

Image

@github-actions github-actions bot added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. labels Nov 21, 2024
@jsquire
Copy link
Member

jsquire commented Nov 21, 2024

@svrooij: Apologies for the confusion, but this is expected. The implementation for trimming was done as part of the work to add a net8.0 target to packages in the pull request that was linked above. That has not yet been released and is scheduled for our January window. At that time, and going forward, Azure SDK packages will include the new target and will be trimming the known safe set of polyfill packages.

@jsquire jsquire added the issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close. label Nov 21, 2024
@github-actions github-actions bot removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Nov 21, 2024
@github-actions GitHub Actions
Copy link

Hi @svrooij. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

@github-actions GitHub Actions
Copy link

Hi @svrooij, since you haven’t asked that we /unresolve the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve to reopen the issue.

@github-actions github-actions bot locked and limited conversation to collaborators Feb 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@KrzysztofCwalina KrzysztofCwalina

Labels
Azure.Core Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request This issue requires a new behavior in the product in order be resolved. issue-addressed Workflow: The Azure SDK team believes it to be addressed and ready to close.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

fix: Partially fixed the dependency mess svrooij/azure-sdk-for-net
4 participants
@jsquire @svrooij @KrzysztofCwalina @m-redding