Comments (5)
I'm afraid I won't have time to chase what's causing the false positives. I'm happy to review a PR that proposes fixes, but I don't want to start guessing about it being that dependency (which would also affect lots of other packages, e.g. Google.Protobuf).
I suggest you contact one of Norton or AVG and ask for support there - if they can give precise reasons, that may suggest a workaround. (For example, we haven't released a new minor version since updating the dependency on System.Runtime.CompilerServices.Unsafe to a newer one. If that would fix the problem, I can look at doing a minor version earlier than I would otherwise; that would be a significantly less disruptive change than removing it entirely. We may be able to make the dependency conditional, too - but I don't want to put in a load of work for this only to find it's not the cause.)
from nodatime.
Looking more closely, it looks like we can indeed make the dependency conditional, so it'll only be present in the netstandard2.0 build. Whether that helps you or not will depend on what you're targeting in your Xamarin Forms project - and on whether this is actually the source of the false positive in the first place.
(The code using System.Runtime.CompilerServices.Unsafe is still present - so if that's what AVG and Norton are detecting, it won't help at all.)
from nodatime.
Looking at this, I'd be happy to update the dependency to the latest version (6.0.0) and conditionalize it within the 3.1.x branch (included with netstandard2.0; excluded for net6.0). I'd then probably just wait for the next release of TZDB data as that's when we normally do a 3.1.x release.
@nord- Please let me know if you're in a position to verify whether this helps, so we can decide what to do.
from nodatime.
@jskeet I don't see that we can bump the minimum version of a dependency without a minor version bump ourselves, can we? (i.e. I think that such a change would need to be in a 3.2 release, not on the 3.1.x branch.)
I know that we follow semver, but I'm not sure if there's anywhere that explores what that actually means in practice, wrt this kind of situation. My intuition has always been that any 3.1.x should be binary-compatible with any other 3.1.y, but that won't be the case if the two have different requirements on their dependencies.
(I think even #1796 is on slightly shaky ground for this, since an in-place downgrade from 3.1.12 to 3.1.11 should work as well, and with #1796, a downgrade could potentially break a working system. However, you could also argue that the dependencies were still required with 3.1.12, just not actually enforced...)
from nodatime.
@malcolmr: Yes, you're right of course. I think we can reasonably conditionalize the dependency because the dependency is already part of .NET 6 - anyone targeting .NET 6 shouldn't see any difference, basically.
And yes, we should indeed be binary compatible. .NET dependency resolution is normally fine in terms of making binary compatibility work, and even though the dependency version change is a major version, I'd be happy to bump it in minor version of Noda Time because it's a "system level" dependency, so really won't have breaking changes... but you're right that we shouldn't do it in a patch release.
If we'd already done the TimeProvider work, I'd be tempted to do a 3.2 release to clear the backlog of unreleased features... maybe we should do that anyway, rather than delaying while I dither about time providers...
from nodatime.
Related Issues (20)
- Typo in comment HOT 1
- Custom Pattern Support for text serialization HOT 6
- Nullable arguments in Parse methods HOT 1
- Incorrect names for Ukrainian aliases HOT 2
- Idea: Add the ability to compute `Interval` compliments HOT 9
- Question: FakeClock and AutoAdvance HOT 3
- Use Int128 in .NET 8 target
- Check AOT support in .NET 8
- Repository link in nuget is point to website HOT 2
- Proposal: Week type HOT 2
- Conversion operators `Duration` - `TimeSpan` HOT 2
- Period Between invalid calculation HOT 5
- Remove polyfil package HOT 1
- Missing timezone for Kosovo HOT 2
- Provide RFC9557 patterns HOT 5
- Calling Instant.FromUtc(2024, 2, 29, 12, 0) results in a out of range exception HOT 3
- Potential mistake in the docs for `LocalDatePattern.CreateWithInvariantCulture` HOT 4
- Consider adding Period.{Max,Min}Value HOT 14
- UnparsableValueException and how to migrate old data? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nodatime.