CPMR0052 - Dependency With No Version (nuspec)

CPMR0052 - Dependency With No Version (nuspec)

⚠️ This rule has been marked as a Guideline

Guidelines are strong suggestions that improve the quality of a package version. These are considered something to fix for next time to increase the quality of the package. Over time Guidelines can become Requirements. A package version can be approved without addressing Guideline comments but will reduce the quality of the package.

⚠️ WARNING There is a bug with this check - https://github.com/chocolatey/package-validator/issues/84

If you have implemented the recommended fixes, you should see this go away on checks after this has been corrected.

Issue

In the nuspec, you have a dependency on another package without at the very least a minimum version.

Version-less dependencies are not recommended now that choco will resolve the latest version of a package. Please add at the very least the minimum version (also known as the lower bound) of the package you depend on. Note how version ranges work, see http://docs.nuget.org/Create/versioning#Specifying-Version-Ranges-in-.nuspec-Files

Reasoning

At a point in history, NuGet would always get the oldest version of a package that would meet the version range that was specified. When you didn't specify a version, it would get the latest possible version. Once choco 0.9.9+ came out, it flipped NuGet to always getting the most recent version of a package that satisfied a dependency. It's considered incorrect to not at the very least specify a minimum version that would meet a dependency. This way it is more explicit.