Reputation: 1002
Restrict nuget package updates to current versions for some packages
Is there a way to disable updates of specific nuget packages installed in a project?
I have made some local modifications to a couple of javascript library packages and do not want to run the risk of someone updating over the top of my changes in the future.
I've never created my own nuget package, I'm guessing one option might be to fork the existing packages?
Upvotes: 38
Views: 18383
Answers (4)
Reputation: 2193
With Visual Studio 2022 and the new csproj-format, there is a new element PackageReference
Snippet of a csproj-file. The nuget package Microsoft.Extensions.Logging.Abstractions is limited to version at least 8.0.2, but no version from version 9 and above. Useful when you want to use only LTS versions of dotnet
<ItemGroup>
<PackageReference
Include="Microsoft.Extensions.Logging.Abstractions"
Version="[8.0.2,9.0)" />
</ItemGroup>
See more details on the Microsoft learn platform https://learn.microsoft.com/en-us/nuget/concepts/package-versioning?tabs=semver20sort#Constraining_Upgrades_To_Allowed_Versions
Upvotes: 0
Reputation: 2114
EDIT:
WARNING: Please note that this works only for "Manage Nuget packages for a [project]" (which is rarely used), not "Manage Nuget packages for Solution" (which is the one you use every other day). See comments.
So this is no solution at all. I will keep it here for some random googlers who will try this, but it is almost useless.
For PackageReference you can block updates on single version like this:
<PackageReference Include="IdentityServer4.AspNetIdentity">`
<Version>[3.1.1]</Version>
</PackageReference>
For some reason, it has to be in its own element and not in an attribute, so you are stuck with editing your .csproj by hand.
VS2019 will look funny (some yellow triangles) but just restart it and it will take effect.
It is not the same as allowedVersions= because AFAIK you can lock to exactly one version only (for example, [3.1.0, 3.1.1] or (3.0.0, 3.1.1] or whatever else does NOT work!)
(I know I am necromanting this question - the accepted answer is about the older tag <Package /> - my answer is about newer the tag <PackageReference />).
Upvotes: 8
Reputation: 12371
I don't have a package.config. (VS 2019, .NET Core 3.1) What I did instead was changing the .csproj of the project which had the package which I needed to stop showing up for updates.
In my case it was EPPlus, and I wrapped the version number within square brackets.
<ItemGroup>
<PackageReference Include="EPPlus" Version="[4.5.3.3]" />
</ItemGroup>
After that, it stopped showing up on the Updates tab in Nuget Package Manager.
And it doesn't give any option to update from anywhere else too. (Installed tab, Nuget for the solution, etc)
You'll need to restart VS to get rid of the yellow triangles next to the packages.
Upvotes: 37
Reputation: 47987
You could try constraining the package so it your project will only allow a particular version to be used. Then all updates to any newer version will be prevented.
You can do this by editing your project's package.config file. For example, the line below should only allow version 2.1.0 to be used.
<package id="SomePackage" version="2.1.0" allowedVersions="[2.1.0]" />
Upvotes: 47
Related Questions
- How to Lock a Package Version from Nuget Updates
- Constrain PackageReference upgrade version when update-package run
- Force Nuget package to use specific version of sub dependency?
- Upgrade to a specific Package version with NuGet
- Prevent Nuget from downloading the most updated version of a dependency
- Disallow to use multiple versions of NuGet packages in solution
- nuget: constrain version when installing to version already in local repository
- How to prevent nuget from reverting to older versions of dependent packages when updating a package
- Prevent update notifications for specific packages in Nuget Package Manager
- How to prevent Nuget from updating automatically package (minor) versions?