References to HtmlSanitizer have wrong version number when using the nuget

[gfox1984]

1. Install the HtmlSanitizer nuget to your project (tested with 3.4.156 and 4.0.185)
2. Notice that a reference to HtmlSanitizer version 3.0.0.0 is added to your project:

    <Reference Include="HtmlSanitizer, Version=3.0.0.0, Culture=neutral, PublicKeyToken=61c49a1a9e79cc28, processorArchitecture=MSIL">
      <HintPath>..\..\packages\HtmlSanitizer.4.0.185\lib\net45\HtmlSanitizer.dll</HintPath>
    </Reference>

This causes a problem when you upgrade to a new version. The DLLs are not updated in the projects that reference your project because the referenced version number does not change.

[mganss]

This is due to #35. Json.NET does it the same way. I've found that VS updates the DLLs most of the time when building after updating NuGet packages but not always. Proposals for other approaches welcome.

[skovsboll]

This is a big problem for us because we rely on loading multiple versions of the same assembly inside one app domain. The scenario is sort of a plugin architecture, where the host app might use one version of HTMLSanitizer and each plugin might use another.

Because both the latest version of HtmlSanitizer (4.0) as well as all versions since 3.0 have the same assembly version (3.0.0.0), our attempts to use <dependentAssembly> in web.config to locate the correct assembly by assembly version fail.
There's at least one binary incompatibility between version 3 and 4, so we can't use binding redirects either.

Would it be possible to ship a new version of the nuget package with matching assembly version and assembly file version please? That would be of huge value to us.

Yours is the best sanitizer out there and this is the only thing prohibiting us using it.

[mganss]

Personally, I'd love to have all versions numbers be identical again, but I'm afraid this would cause pain to users who need the strong named assembly (see #35).

The .NET open source library guidance docs for strong naming say:

✔️ CONSIDER incrementing the assembly version on only major version changes to help users reduce binding redirects, and how often they're updated.

Under versioning it says:

✔️ CONSIDER only including a major version in the AssemblyVersion.
✔️ CONSIDER keeping the major version number of the AssemblyVersion and the NuGet package version in sync.
❌ DO NOT have a fixed AssemblyVersion.

So I'm thinking to increase the AssemblyVersion to 4.0.0.0. Would this work with your use case?

[skovsboll]

Updating the assembly version to 4.0.0.0 would be helpful. Thank you!
The first symptom that made us aware that we were juggling different versions was the fact that there was at least one breaking change between v. 3 and 4 (number of constructor args in HtmlSanitizer).

The .NET guidance further states:

✔️ CONSIDER using SemVer 2.0.0 to version your NuGet package.

If we can know that any breaking changes will result in a major version increment then everyone should be happy going forward.

[mganss]

🆗 done in 4.0.207. Regarding SemVer, see #35.

[skovsboll]

Thank you, @mganss 💯
I suppose you could close this issue now 😄