'Private' metadata is not propagated to transitive dependencies
See original GitHub issueThis was discovered moving Roslyn’s VSIX projects to the new SDK.
Roslyn builds a number of VSIX projects and is very particular about which projects end up embedded in which VSIX. There are a number of patterns employed to accomplish this including
<ProjectReference Include="..\..\VisualStudio\Core\Impl\ServicesVisualStudioImpl.csproj">
<Project>{c0e80510-4fbe-4b0c-af2c-4f473787722c}</Project>
<Name>ServicesVisualStudioImpl</Name>
<Private>false</Private>
</ProjectReference>
The intent here is to reference the project but not include its contents in the resulting VSIX by means of <Private>false</Private>
. This continues to work in the new SDK.
However implicit transitive references ends up pulling in all of the projects that ServicesVisualStudioImpl.csproj. None of those projects are marked as <Private>false</Private>
and as a result end up included in the VSIX. This both bloats (in some cases 100 fold) and functionally breaks our VSIX (some cases 100 fold).
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:16 (14 by maintainers)
Top Results From Across the Web
Maven - Transitive dependencies are not resolved for ...
To successfully resolve transitive dependencies, project B's jar and pom.xml must be accessible in the Maven repository.
Read more >On the Effect of Transitivity and Granularity on Vulnerability ...
In this work, we study the effect of transitivity and granularity on vulnerability propagation in the Maven ecosystem. In our research methodology, we...
Read more >Upgrading versions of transitive dependencies
Dependency constraints are only published when using Gradle Module Metadata. This means that currently they are only fully supported if Gradle is used...
Read more >POM Reference - Maven
Dependency details can be set in one central location, which propagates to all inheriting POMs. Note that the version and scope of artifacts...
Read more >Specifying Dependencies - The Cargo Book
Specifying Dependencies. Your crates can depend on other libraries from crates.io or other registries, git repositories, or subdirectories on your local ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Changing title to match more general issue as #1467 stated it (marked as dupe now). The repro steps in #1467 are also very clear and should be used to construct a test case when fixing this. cc @sharwell
This is also an issue for VS for Mac.
Here are my notes, in case it’s helpful:
And here’s my workaround: