CPMR0052 - Dependency With No Version (nuspec)
CPMR0052 - Dependency With No Version (nuspec)
WARNING
This rule has been marked as a Guideline
Guidelines are strong suggestions that improve the quality of a package version. These are considered something to fix for next time to increase the quality of the package. Over time Guidelines can become Requirements. A package version can be approved without addressing Guideline comments but will reduce the quality of the package.
If you have implemented the recommended fixes, you should see this go away on checks after this has been corrected.
Issue
In the nuspec, you have a dependency on another package without at the very least a minimum version.
Recommended Solution
Version-less dependencies are not recommended now that choco will resolve the latest version of a package. Please add at the very least the minimum version (also known as the lower bound) of the package you depend on. Note how version ranges work, see http://docs.nuget.org/Create/versioning#Specifying-Version-Ranges-in-.nuspec-Files
Reasoning
At a point in history, NuGet would always get the oldest version of a package that would meet the version range that was specified. When you didn’t specify a version, it would get the latest possible version. Once choco 0.9.9+ came out, it flipped NuGet to always getting the most recent version of a package that satisfied a dependency. It’s considered incorrect to not at the very least specify a minimum version that would meet a dependency. This way it is more explicit.