Nuget dependency version is too high

[kimdiego2098]

11>C:\Users\Diego\.nuget\packages\system.text.encodings.web\9.0.0\buildTransitive\netcoreapp2.0\System.Text.Encodings.Web.targets(4,5): warning : System.Text.Encodings.Web 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
11>C:\Users\Diego\.nuget\packages\system.io.pipelines\9.0.0\buildTransitive\netcoreapp2.0\System.IO.Pipelines.targets(4,5): warning : System.IO.Pipelines 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
12>C:\Users\Diego\.nuget\packages\system.text.encodings.web\9.0.0\buildTransitive\netcoreapp2.0\System.Text.Encodings.Web.targets(4,5): warning : System.Text.Encodings.Web 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
12>C:\Users\Diego\.nuget\packages\system.io.pipelines\9.0.0\buildTransitive\netcoreapp2.0\System.IO.Pipelines.targets(4,5): warning : System.IO.Pipelines 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
11>C:\Users\Diego\.nuget\packages\microsoft.bcl.asyncinterfaces\9.0.0\buildTransitive\netcoreapp2.0\Microsoft.Bcl.AsyncInterfaces.targets(4,5): warning : Microsoft.Bcl.AsyncInterfaces 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
11>C:\Users\Diego\.nuget\packages\system.text.json\9.0.0\buildTransitive\netcoreapp2.0\System.Text.Json.targets(4,5): warning : System.Text.Json 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
11>C:\Users\Diego\.nuget\packages\microsoft.extensions.dependencymodel\9.0.0\buildTransitive\netcoreapp2.0\Microsoft.Extensions.DependencyModel.targets(4,5): warning : Microsoft.Extensions.DependencyModel 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
12>C:\Users\Diego\.nuget\packages\microsoft.bcl.asyncinterfaces\9.0.0\buildTransitive\netcoreapp2.0\Microsoft.Bcl.AsyncInterfaces.targets(4,5): warning : Microsoft.Bcl.AsyncInterfaces 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
12>C:\Users\Diego\.nuget\packages\system.text.json\9.0.0\buildTransitive\netcoreapp2.0\System.Text.Json.targets(4,5): warning : System.Text.Json 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.
12>C:\Users\Diego\.nuget\packages\microsoft.extensions.dependencymodel\9.0.0\buildTransitive\netcoreapp2.0\Microsoft.Extensions.DependencyModel.targets(4,5): warning : Microsoft.Extensions.DependencyModel 9.0.0 doesn't support net6.0 and has not been tested with it. Consider upgrading your TargetFramework to net8.0 or later. You may also set <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings> in the project file to ignore this warning and attempt to run in this unsupported configuration at your own risk.

For example, System Text.Encodings.Web v9.0.0 will have a warning prompt，This seems to be contagious, causing me to add SuppressTfmSupportBuildWarnings to every library. Perhaps it can be modified from the source?

[oleg-shilo]

Sorry, I do not follow.
System.Text.Encodings.Web v9.0.0 is the latest stable version of the package. Why targeting older versions would be beneficial from your point of view?

And of course, if you believe it makes sense for you you can always set the version you need from your project settings. But be careful. system.text.json had the vulnerabilities reported just one version ago. That's why you need to work always with the latest compatible version of the packages.

[saskathex]

Hi,
just stepped over the same issue. Currently we are running net80 as long as some "big" dependency packages are not ready for net90. Someone accidently updated to CSScript to the current version which requires .json 9.0 as transitive package and was not paying attention.
What happened afterwards was, the release was tested with an net80 runtime installation (default since we are targeting net80). The released failed on. The unit tests someone did not catch that issue. This is still under investigation on our side.

In our opinion it would be good to stick with the lowest still supported net version. In the current case net80 until the support ends (next year?).

[oleg-shilo]

That's not a problem. I just recently released CS-Script CLI (.NET tool) that targets both .NET 8 and .NET 9
I will just extend this approach to CS-ScriptLib nuget package and you will be able to choose which .NET platform to target.

[oleg-shilo]

Hm... I just realized that the target platform for CSScriptLib is netstandards2.0 meaning that it can be referenced from any host platform version.
So you should have no problems with referencing the package from your .NET8 project. I just tested it.
All the dependent packages that are not netstandards2.0 are automatically resolved to the host app runtime. This is what I have for the .NET8 project.

Remember " .json 9.0" does not mean that the package targets .NET9 it can run on all runtimes it supports. In this case it's for in total:

What am I missing?

[kimdiego2098]

What am I missing?

test .NET6 project.

[oleg-shilo]

Wait... you asked about the lowest supported .NET version and it is NET8, not NET6.

it would be good to stick with the lowest still supported net version. In the current case net80 until the support ends (next year?).

[saskathex]

Hm... I just realized that the target platform for CSScriptLib is netstandards2.0 meaning that it can be referenced from any host platform version. So you should have no problems with referencing the package from your .NET8 project. I just tested it. All the dependent packages that are not netstandards2.0 are automatically resolved to the host app runtime. This is what I have for the .NET8 project.

Remember " .json 9.0" does not mean that the package targets .NET9 it can run on all runtimes it supports. In this case it's for in total:

What am I missing?

This looks fine too me. But think about the following:

• In case you remove net90 runtime from your machine. You now just have net80 json installed.
• Your app targets net80. The assembly resolving of json 9.0 will fail

I am not that familiar with packages, but what could be done is something like different json versions for net80 and net90

net80 -> Json => 8.0.X
net90 -> Json => 9.0

that usually what we do in cases of multi target frameworks of our project in a transition phase while upgrading .net

@oleg-shilo: The net60 comment was coming from @kimdiego2098. But it really does not matter at the moment.

[oleg-shilo]

I am not that familiar with packages, but what could be done is something like different json versions for net80 and net90

I think there is some confusion here caused by the tricky-looking numbers.

system.text.json v9.0 does not mean that this package can run on .NET9.
No. It means that it is v9.0 of the product called "system.text.json" and it can run on all .NET versions the binaries included in the package are compatible. and in this case the package can run on .NET4.62, .NET8.0 and .NET9.0.
Thus this package cannot upset your VS project for .NET 8.0.

I even tested it for you and shared the screenshot that the dotnet package resolution correctly picks the system.text.json.dll from the .NET8.0 package folder

[kimdiego2098]

The only issue is that system. text. json 9.0.0 will display a warning in the net6 assembly. When I reference the latest version of 'cs script', a warning similar to the following will appear during compilation.

...... doesn't support net6.0 and has not been tested with it .....

[oleg-shilo]

Yeah, but this is something that is implemented by system.text.json.dll and has nothing to do with CS-Script. Thus I cannot possibly fix it.

BTW if indeed the message is caused by your hosting app being net6, then I cannot really blame system.text.json.dll team. .NET6 is out of support from long time ago.

[kimdiego2098]

If possible, I hope to add net6.0 compilation output items

[oleg-shilo]

I am not sure what you are asking. Can you elaborate?
. . .
Right now you can use cs-script in your .NET6 application without any problems.
You have a warning message emitted by another nuget package, not by cs-script. The warning reason is a valid one.
I kinda do not see how much CS-Script can impact the problem.

You can assess the risk and just ignore the warning. Fair enough. But this will be between the warning source (.NET team) and the warning receiver (you). Again, I do not see the role here for cs-script

[kimdiego2098]

cssript requires a minimum version 9.0 of system.text.json, which means adding the net6 condition

<ItemGroup Condition=" '$(TargetFramework)' == 'net6.0' ">

<PackageReference Include="System.Text.Json" Version="8.0.5" />

</ItemGroup>

[oleg-shilo]

Ok, I see what you are trying to achieve. But unfortunately, it does not work like that.

The conditional package dependency from the project file is not translated into the nuspec dependency. The nuget package still requires version 9.0.0:

It's understandable since CS-Script class lib is compiled for netstandard2.0. Thus '$(TargetFramework)' == 'net6.0' will always be false. Adding another target to the CS-Script class lib project completely invalidates the idea of building it for netstandard2.0. So it's not a viable option.
. . .
The fact is that you are stuck with .NET6 runtime. This means that you cannot use the latest packages of both CS-Script and system.text.json. There is no good way out of this.

You have to sacrifice the latest changes of the package that are not supported on your runtime. It doesn't matter if it is system.text.json or cs-script

[oleg-shilo]

I did some further experiments. I thought that maybe I could create a standalone project for you so you can build net6 version for yourself. But it seems more difficult than I thought. Other packages also do not like net6

[oleg-shilo]

OK, I have downgraded another package and it seems to build the package. Can you check if this new package works for you:
CS-Script.net6.4.8.24.zip