From time to time, some packages need to be updated to fix vulnerabilities raised by alerts.
As an example: package name: "Contoso", affected versions: >=3.0.0 and <3.1.3, patched version: 3.1.3.
As I use DotNet, my solution's packages are shown in the project XML file in the following format: <PackageReference Include="Contoso" Version="x.y.z" />
In spite of the fact that I want to update the package, I don't want to set it as version "3.1.3" since I have a few different uses for it.
There are some packages/solutions that depend on "Consto" (example) package version 1.x.x,
but there are other packages/solutions that depend on version 3.x.x.
In those cases, setting the version to 3.1.3 may be problematic.
Can the current in use packages be constrained by range? As an example: < ... Condition=" '$(CurrentInUseVersion)'>= '3.0.0'& '$(CurrentInUseVersion)'< '3.1.3'" Version="3.1.3" .../>
I appreciate your help in advance!
Didn't work- <PackageReference Include="Microsoft.AspNetCore.Mvc.WebApiCompatShim" Version="1.0.4" Condition="'$(PackageVersion)'>= '1.0.0' And '$(PackageVersion)'< '1.0.4'" />