Does PackageReference and package.lock.json remove the need for Binding Redirects in App.Config

In Nuget we can now use PackageReference format for dependencies and also enable repeatable builds using lock files

In my project, I get something along the lines of:

{   "version": 1,   "dependencies": {
".NETFramework,Version=v4.6.1": {
  "System.Reactive": {
    "type": "Direct",
    "requested": "[4.1.2, )",
    "resolved": "4.1.2",
    "contentHash": "QRxhdvoP51UuXZbSzcIiFu3/MCSAlR8rz3G/XMcm3b+a2zOC5ropDVaZrjXAO+7VF04Aqk4MCcLEdhxTfWVlZw==",
    "dependencies": {
      "System.Threading.Tasks.Extensions": "4.5.1",
      "System.ValueTuple": "4.4.0"
    }
  },
  "System.Threading.Tasks.Extensions": {
    "type": "Direct",
    "requested": "[4.5.2, )",
    "resolved": "4.5.2",
    "contentHash": "BG/TNxDFv0svAzx8OiMXDlsHfGw623BZ8tCXw4YLhDFDvDhNUEV58jKYMGRnkbJNm7c3JNNJDiN7JBMzxRBR2w==",
    "dependencies": {
      "System.Runtime.CompilerServices.Unsafe": "4.5.2"
    }
  },
  "Apache.Avro": {
    "type": "Transitive",
    "resolved": "1.7.7.2",
    "contentHash": "4zx8Y5wnavxi57ivpMIon4XAnY0d69e4KoiTkMgy4LcstVUPXqD1YZ+IKl3TV2dzV6PJvYGrsLViN+dAN16yvg==",
    "dependencies": {
      "Newtonsoft.Json": "3.5.0",
      "log4net": "1.2.10"
    }
  },
  "Newtonsoft.Json": {
    "type": "Transitive",
    "resolved": "12.0.1",
    "contentHash": "jmVyoEyk0In8r+AObYQyFKVFm7uSRzE0XSHSbEtBJcZDMV6DqJoyB4FLcHwprPVhAh826so0db3DIKXVnpGoPA=="
  },

So we can see that we for example have conflicting Newtonsoft.Json dependencies. In this case, I believe the dependency for Apache.Avro states that the version must be >= 3.5.0 and so this should be compatible.

When NuGet performs its restore, only one DLL for a given assembly is resolved and used when the application is started. Without lock files I have had to use AutoGenerateBindingRedirects=true in all csproj files.

This generates the familiar binding redirects: oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"

Without such redirects you get the equally familiar error message:

2019-02-19 11:24:10.955 [Debug] host_Opened
2019-02-19 11:24:11.058 [Error] Could not load file or assembly 'Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
2019-02-19 11:24:11.058 [Error]    at System.Net.Http.Formatting.BaseJsonMediaTypeFormatter..ctor()

at start up. Because a dependency wants a very old Newtonsoft.Json version and we only gave it the resolved version 12.0.1.

I was under the impression that the new PackageReference and lock file would remove the need for assembly binding redirects. But my impression now is that they are still needed to avoid said error.

Is that correct? Does the need for binding redirects necessarily imply something is wrong with the setup of dependencies? Why would binding redirects be necessary when libraries specify that they will accept DLLs of a version equal or higher than X.Y.Z?

Seems that System.Net.Http.Formatting.dll needs Newtonsoft.Json v6.0, and you get the error since the other file defines version 12.0.1 to be used.

Maybe you can bring the System.Net.Http.Formatting.dll up to version that is compatible with Newtonsoft 12.0.1 ?

If you define binding redirects for Newtonsoft you assure to CLR that assemblies are compatible even if their internal references say otherwise. There might still be problems during runtime with incompatible dlls..