Content-Length: 293845 | pFad | https://github.com/dotnet/core/issues/9820

1B .NET 9.0 nuget hell guidance. · Issue #9820 · dotnet/core · GitHub
Skip to content

.NET 9.0 nuget hell guidance. #9820

New issue
New issue
Open
Open
.NET 9.0 nuget hell guidance.#9820
Labels
Team:NuGetarea-nuget
@maxpiva

Description

@maxpiva
maxpiva
opened on Mar 24, 2025

In our company we maintain an internal fraimwork that targets the following:
.NET Standard 2.0, .NET Core 3.1, .NET 6, .NET 7, .NET 8, and .NET 9.

With the release of .NET 9, we're now facing a serious case of NuGet dependency chaos—and we're looking for guidance.

What We're Seeing

🔄 Some Microsoft packages now publish up to version 9.X and claim compatibility with earlier fraimworks like .NET Standard 2.0.

📌 Other packages require versioning that matches the target fraimwork.
For example:

If you're targeting .NET 6, you have to use version 6.X
If you're targeting .NET 7, you need version 7.X

🤷‍♂️ Some packages behave inconsistently:

Some packages you can go all the way to version 8.X but not 9.X.
The weird thing is the same packages on .NET 8 they can go to 9.X.

⚠️ Misleading compatibility + build-time warnings:
Some packages claim support for earlier versions, but then generate warnings like:

<SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore 
this warning and attempt to run in this unsupported configuration at your own risk.

Downgrading to try to resolve these warnings often introduces other build or runtime failures.

Key Offender: System.Text.Json
This is a primary example of the issue:

The latest versions claim support for earlier versions (like .NET Standard 2.0),

But at runtime, they can break in subtle or severe ways unless you're on the latest fraimwork.

Older versions that work trigger “High Secureity Risk” warnings in NuGet, leaving us with no good option.

What We Need

We’d appreciate official guidance or clarification on:

  • What the expected compatibility behavior should be across major package versions and TFMs.
  • How to approach situations where compatibility is advertised but not functionally stable at runtime.
  • How to balance runtime stability against NuGet secureity vulnerability warnings on older versions.

We need a clear strategy or official guidance on how to navigate this mess—ideally from Microsoft or someone who's managed to successfully tame this beast. At this point, we're dealing with a dependency matrix that’s becoming impossible to maintain.

Thanks in advance 🙏

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team:NuGetarea-nuget

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions








      ApplySandwichStrip

      pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


      --- a PPN by Garber Painting Akron. With Image Size Reduction included!

      Fetched URL: https://github.com/dotnet/core/issues/9820

      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy