You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
additional version data is case-insensitive when refering to packages: 1.0.0-Alpha and 1.0.0-alpha are identical
trailing zeros may be stripped, especially if these are the fourth component of a package version.
As an example, System.Data.SQLite.Core declares a version like 1.0.118.0 in its metadata, but Nuget tooling silently converts this, for example in the package name, to 1.0.118.
While this is a tool-specific issue, the Nuget tooling effectively controls the ecosystem. It would be good to clarify what exact version should appear in the PURL in case of conflict. I guess, the exact version of the Nuget package name is the safest option, but I do not have a strong opinion on this issue.
The text was updated successfully, but these errors were encountered:
I have recently been made aware that Nuget versions are a bit tricky. If you look at https://learn.microsoft.com/en-us/nuget/concepts/package-versioning, it has some specialties.
Two highlights:
As an example, System.Data.SQLite.Core declares a version like 1.0.118.0 in its metadata, but Nuget tooling silently converts this, for example in the package name, to 1.0.118.
While this is a tool-specific issue, the Nuget tooling effectively controls the ecosystem. It would be good to clarify what exact version should appear in the PURL in case of conflict. I guess, the exact version of the Nuget package name is the safest option, but I do not have a strong opinion on this issue.
The text was updated successfully, but these errors were encountered: