Add warnings for newer tool versions during dotnet tool restore

[Copilot]

• Explored repository structure and understood the codebase
• Located the ToolRestoreCommand and related files
• Identified the current restoration flow in ToolPackageRestorer.InstallPackage()
• Found CLI string resources for messaging
• Identified existing test infrastructure
• Added new CLI string for warning about newer versions
• Extended ToolRestoreResult to include warning information
• Modified ToolPackageRestorer to check for newer versions after successful restore
• Updated PrintConclusionAndReturn to display warnings in yellow text
• Added comprehensive test for warning functionality
• Verified build succeeds and test passes
• Manual testing with real packages (dotnet-ef, powershell)
• Verified warnings only appear during restore, not tool execution
• Confirmed all existing tests pass with no regressions
• Tested edge cases (latest version, multiple tools, network issues)
• Addressed PR feedback: Fixed formatting indentation
• Added tests for prerelease version behaviors

Changes in this commit:

• Fixed indentation of warning: parameter in ToolPackageRestorer.cs (line 103)
• Improved existing test to use explicit versions to prevent breaking when _packageVersionA changes
• Added test for prerelease-to-stable upgrade warning
• Added test for stable-to-prerelease (no warning) behavior

Test Coverage:

• Basic version upgrade warning
• Prerelease to stable version warning
• Stable to prerelease (no warning - prevents prerelease noise)

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[marcpopMSFT]

@baronfel I tested and this new code only runs if the current version of the tool is not found in the cache. That seems like an ok compromise to me as otherwise, we're hitting the network when theoretically we don't need to. However, it does mean that if you have the tool installed locally, you'll never get the notice.

[marcpopMSFT]

Tool 'dotnetsay' (version '2.1.1') was restored. Available commands: dotnetsay

A newer version of tool 'dotnetsay' is available (version '2.1.7'). Consider updating your manifest file.

[baronfel]

That's an interesting compromise for sure. I could see a dotnet tool check command in the future for more comprehensive checking.

[marcpopMSFT]

or a flag to dotnet tool restore which asks for the check. Either way, this change is reasonable and working as is so published for review.

[Copilot]

Pull Request Overview

This PR adds functionality to display warnings when newer versions of tools are available during dotnet tool restore operations. This helps users stay informed about tool updates and prevent compatibility issues with newer SDKs.

Key Changes:

• Enhanced restore functionality to check for newer tool versions and display warnings
• Added localized warning messages for the new version notification feature
• Implemented comprehensive test coverage for the warning functionality

Reviewed Changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 13 comments.

Show a summary per file

File	Description
ToolPackageRestorer.cs	Added version checking logic and warning generation functionality
ToolRestoreCommand.cs	Enhanced result structure and display logic to show version warnings
CliCommandStrings.resx	Added the new localized message string for version warnings
Multiple .xlf files	Added localization entries for the new warning message
ToolRestoreCommandTests.cs	Added comprehensive test coverage for the warning functionality

[KalleOlaviNiemitalo]

This PR enhances dotnet tool restore to show warnings when newer versions of tools are available in the configured package sources.

I saw this and immediately worried about such a warning getting triggered in an automated build, being parsed by Jenkins and causing the build to be considered UNSTABLE.

It looks like the output is not actually formatted anything like "warning SDK0000: tool is not the latest available version" though, so it won't be parsed as a warning. Please call it a note, then.

[marcpopMSFT]

@KalleOlaviNiemitalo yeah, this in the bucket of CLI messages so shouldn't impact exit codes or builds. It can impact if someone is processing the output.

[nagilson]

I'm pretty confident this won't add additional unexpected terminal output, so that's good.

[nagilson]

Nice comments here 👍

[nagilson]

Interesting, so we're returning it as a regular, (but yellow) line instead of a warning to prevent breaking changes. Seems good.

[nagilson]

nit: we could probably add to the _packageVersionA to prevent updating that from breaking this test.

@copilot We also don't test the prerelease version behaviors, which seems significant enough that we should test to prevent regression.

[Copilot]

Added in commit 1f3148a. The test now uses explicit versions to avoid breaking if _packageVersionA changes. Also added two tests for prerelease behaviors:

• Prerelease to stable: Shows warning
• Stable to prerelease: Does NOT show warning (prevents prerelease noise)

[nagilson]

Looks good - let's validate it adds the test and if it doesn't change anything else we should be good to go

[nagilson]

Nicely done on the new test.

[marcpopMSFT]

/backport to release/10.0.3xx

[github-actions]

Started backporting to release/10.0.3xx (link to workflow run)

[github-actions]

@marcpopMSFT backporting to release/10.0.3xx failed, the patch most likely resulted in conflicts. Please backport manually!

git am output

$ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch

Patch format detection failed.
Error: The process '/usr/bin/git' failed with exit code 128

Link to workflow output

[github-actions]

Started backporting to release/10.0.3xx (link to workflow run)

[github-actions]

@marcpopMSFT backporting to release/10.0.3xx failed, the patch most likely resulted in conflicts. Please backport manually!

git am output

$ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch

Patch format detection failed.
Error: The process '/usr/bin/git' failed with exit code 128

Link to workflow output

[baronfel]

manual backport pr for 10.0.3xx is #52715

[KalleOlaviNiemitalo]

Does this show a warning if:

• the manifest specifies version 1.0.0
• the feed has versions 1.0.0, 1.1.0, and 1.2.0-rc.1

In this case, I think it should warn that the newer stable version 1.1.0 is available; but the implementation looks like it won't warn anything about versions, because the latest version 1.2.0-rc.1 is a prerelease but the specified version 1.0.0 is stable.

[marcpopMSFT]

@KalleOlaviNiemitalo see the code here: https://github.com/dotnet/sdk/blob/main/src/Cli/dotnet/Commands/Tool/Restore/ToolPackageRestorer.cs#L159

If the current version is a prerelease, it'll tell you if there's a newer prerelease. Otherwise, it won't tell you to update to a prerelease. Looking at the code, there is a slight gap in the scenario you mentioned where if there is a prerelease, we won't tell you about the latest stable version to upgrade to. Not sure how common that is but if you think it's worth improving the logic for, feel free to file an issue and we'll see if copilot can change the GetNuGetVersion call to account for that. Not something I'd prioritize as that seems more niche.

[KalleOlaviNiemitalo]

Linking back to #50991 for reference. This link was originally in the PR description but Copilot edited it out on December 10.