NuGetSolver tool

NuGetSolver is a new experimental Visual Studio extension that automates resolving complex NuGet dependency conflicts, such as NU1605, NU1701, NU1107, and NU1202 warnings or errors in VS2022 for solutions. Please check here for more information.

Features

• Generates recommendations on how to change versions to resolve dependency conflicts in solutions.

• View suggested changes before you apply or cancel the operation.

• Toggle "Show only changes" to see all direct dependencies or just changes.

• Toggle "Include prerelease" to include stable or preview versions in calculations.

• Copy suggestions to the clipboard.

• Toggle "Secure packages only" to fix known vulnerable direct package versions to non-vulnerable versions without dependency conflicts.

• Change "Algorithm" to change "LatestVersion" option that updates dependencies to the latest version without conflict.

Usage

You can run the tool from the “Solution Explorer”.

It will prompt which NuGet feeds will be used for the calculation, feeds that require authentication are excluded. Please click Ok.

After a brief calculation to determine if it can generate suggestions, the tool displays the differences between the current and suggested states.

If the recommended suggestion looks satisfactory, click "Apply fix" and try rebuilding the solution to check if the dependency conflicts are resolved.

By default, the "Secure packages only" option is checked, which means it will automatically try to fix security vulnerabilities of direct dependencies using NuGet Vulnerability information.

The "Default" resolution algorithm tries to minimize changes while fixing the dependency conflict and direct dependency vulnerability. There is also a new "LatestVersion" algorithm that updates dependencies to the latest version without conflict, can be used for keeping up with the very latest version.

You can run the tool even if your solution doesn't have any dependency conflicts at the moment. It will upgrade your dependencies while keeping the changes minimal if the "Default" algorithm is selected, or to the latest version if the "LatestVersion" algorithm is selected.

Requirements:

• VS 2022 is required.

• This tool requires an internet connection to function properly, as it needs to download the cache database file from our cache hosting service.

Usage Recommendations and Known Constraints:

• Any local and remote feeds that do not require authentication are supported, such as the nuget.org feed (https://api.nuget.org/v3/index.json). If you want to add a new feed, please make changes in the nuget.config file.

• Currently, package versions from feeds that require authentication are excluded from the calculation and are not yet supported.

• For better performance, please keep the number of remote feeds in the nuget.config file to a minimum, especially if calculations take too long.

• Multi-targeting is not fully supported; the tool may generate a fix, but it might not work for all target frameworks.

• 'Apply Fix' doesn't fully support updating versions if custom msbuild logic is used for setting the version. You may need to manually update the versions.

• Central Package Management (CPM) is not fully supported; the tool can generate fixes, but you may need to manually update the versions in the Directory.Packages.props file.

• The tool may not consider all available Preview versions when "Include prerelease" is toggled during suggestion calculations.

• For packages.config or legacy-sdk style projects, it can generate suggestions, but cannot apply the fix directly. You may need to apply the fix manually.

• NuGetSolver may resolve compile-time dependency conflicts, but runtime errors could still occur.

• Currently, NuGetSolver checks if versions of direct dependencies have known vulnerabilities. Transitive dependency vulnerabilities are not covered yet. You can use the auditing functionality in NuGet to help you resolve these.

• "LatestVersion" option select one of the possible combinations higher than the current versions without conflict. You may run additional rounds to get the very latest version.

• Does not add a new direct dependency or promote any transitive dependencies to direct dependencies to resolve conflicts.

What's New in This Release:

Bug Fixes and Feature Improvements in 1.2.0:

• Automatically fix security vulnerabilities of direct dependencies using NuGet Vulnerability information. Transitive dependency vulnerabilities are not covered yet.
• Added a new resolution algorithm that allows fixing dependency conflicts and updating dependencies to the latest version without conflict, useful for keeping up with the very latest version.

Bug Fixes and Feature Improvements in 1.1.0:

• Added support for multifeed; remote and local feeds that do not require authentication are supported, previously only nuget.org was supported. If you want to add a new feed, please make changes in the nuget.config file.
• Ignore sqlproject type projects for NuGetSolver; there is no need to unload them.

Feedback

This is currently in an experimental phase, and we would greatly appreciate any feedback you have! Please rate the extension and provide comments on the VS Marketplace.

If there are any problems with this extension, check Visual Studio Developer Community for existing issues. For new issues, let us know via the Report a Problem option found in your favorite IDE under Help > Report a Problem.