Edit

Share via


NuGet 6.12 Release Notes

Note

In response to developers' feedback to ensure builds continuity when updating to .NET SDK 9, we have reverted the default value of NuGetAuditMode to direct in Visual Studio 17.12.3 and .NET 9.0.101.

NuGet distribution vehicles:

NuGet version Available in Visual Studio version Available in .NET SDK(s)
6.12 Visual Studio 2022 version 17.12 9.0.1xx1

1 Installed with Visual Studio 2022 with any .NET workload

Known Issues

  • Project and package in the same graph with the same name but different dependencies may lead to incorrect versions of the dependencies of that id #13888
  • VS PM UI shows warning icon about package vulnerability even after upgrade #13866
  • dotnet nuget why reports missing argument, even though it ran #13908

Summary: What's New in 6.12.1

NuGet 6.12.1 is available in Visual Studio 17.12.0 and the .NET 9.0.101 SDK.

Issues fixed in this release

  • Deserializing an empty version range in a package dependency fails in .NET SDK 9.0.100-rc.2 #13869

Summary: What's New in 6.12

NuGet 6.12.0 is available in the .NET 9.0.100 SDK.

  • Add new graph resolution algorithm for better performance with large graphs - #13692

  • NuGetAudit raises warnings for vulnerable transitive packages by default when the .NET 9 SDK is installed #13293

  • Change NuGetAuditMode default from direct to all, raising warnings for vulnerable transitive packages for non-SDK style projects - #13584

  • Audit security vulnerabilities without adding nuget.org as package source - #12698

  • Owner profile hyperlinks needed in Details Pane of PM UI - #13686

  • Deprecate SHA-1 fingerprints usage in NuGet Sign commands in favor of SHA-2 family fingerprints #13891

  • Bubble-up Known Vulnerability Indicators in Solution Explorer for Transitive Packages - #13636

  • Enable Transitive Dependencies and vulnerabilities for Solution-level in Visual Studio - #13216

Breaking changes

  • Deprecate http usage: Promote from warning to error - #13289

Issues fixed in this release

  • Enable dotnet nuget why on non-SDK style projects - #13576

  • NuGetAuditSuppress for packages.config - #13575

  • Roll-out new breaking change process for SDK tools, respect SdkAnalysisLevel - #13309

  • Add property for toggling the to the previous NuGet resolver: RestoreUseLegacyDependencyResolver - #13700

  • Reduce allocations in TokenSegment.TryMatch - #12728

  • Use SDKAnalysisLevel in restore "https everywhere: promote from warning to error" - #13546

  • tweak wording of NU1603 - #13446

  • Default Package icon shown even when embedded icon file exists on disk - #13766

  • Navigation telemetry for hyperlinks: License, ReportAbuse, Readme, ProjectUrl - #13749

  • Navigation telemetry for Owner Profile URLs in PM UI - #13738

  • PM UI should show transitive path - #13574

  • NuGetVersion should use a factory to intern parsed versions - #13532

  • Remove NuGet.Packaging.Core code - #13385

  • PM UI transitive dependencies should display all transitive dependencies, not just ones brought in through packages directly installed in a project - #13060

  • Remove deprecated field "owners" from VS UI Details Pane - #10666

  • "Value cannot be null; Parameter name: source" displays in error list when clicking installed tab in PM UI - #13801

  • New dependency resolver does not properly handle missing package versions when using CPM - #13788

  • Saving PackageManagementFormat throws Nullable object must have a value. - #13773

  • ProjectReference causing PM UI to error with "Value cannot be null. Parameter name: frameworkIdentifier" - #13737

  • LockFileUtils.CreateLockFileTargetProject allocates a lot - #13712

  • ConvertToProjectPaths causes extra allocations due to yield usage - #13677

  • dotnet add package with CPM installs a different version than what gets restored - #13657

  • dotnet list package does not work if project is using central package management system, after upgrading to .NET 8.0 - #13632

  • Add a log code NuGetAuditSuppress duplicate items - #13620

  • Solution Explorer search can be broken by skipped dataflow updates - #13619

  • Add nullability declarations to ResolverUtility and RemoteWalkContext - #13617

  • Use of Obsolete X509Certificate2 ctor - #13612

  • nuget restore warnings can't be suppressed with NoWarn in Visual Studio - #13571

  • Restore may write nulls to project.assets.json - #13563

  • VS 17.10 - Error building projects with CPM explicitly enabled if ManagePackageVersionsCentrally is set to false in Directory.Build.props - #13560

  • PERF: Version and VersionRange allocations are very prevalent in profiles of Roslyn solution load - #13559

  • PERF: LockFileFormat is filled completely when common callers only need some of the data - #13558

  • PERF: Unnecessary construction of LockFileItem.Properties dictionary - #13557

  • Narator does not read the value of allowInsecureConnections - #13555

  • NuGet fails because of invalid characters in User-Agent header - #13531

  • 'why' and 'config' command does not show up in 'dotnet nuget --help' output - #13517

  • allocation: nuget.protocol.dll!NuGet.Protocol.HttpCacheUtility+<CreateCacheFileAsync>d__.MoveNext|nuget.protocol.dll!NuGet.Protocol.PackageDependencyGroupConverter.ReadJson - #13445

  • Reduce allocations in ContentItemCollection - #12657

  • When a source isn't accessible, service index cannot be read issues suppress the internal message making it difficult to understand the root cause - #12530

  • [Bug]: Extra space at start of package description in tooltip - #12105

  • Map branch name from sourcelink to RepositoryBranch for NuGet pack - #13625

List of commits in this release

Community contributions

Thank you to all the contributors who helped make this NuGet release awesome!

  • akoeplinger
    • 6005 Improve build.sh and fixes for building on arm64 macOS
    • 5956 Add System.Formats.Asn1 into Version.Details.xml
    • 5911 Don't use obsolete X509Certificate2 constructor on net9.0
  • ToddGrun
    • 5862 Reduce allocations for version / versionranges
    • 5857 Reduce memory allocations during solution load in VS
    • 5861 Defer LockFileItem.Properties dictionary construction until needed
  • KirillOsenkov
    • 6008 Always debug RestoreTask and RestoreEx when environment variable is set
  • vernou
    • 5982 Fix restore when a package is installed with a version specified in CPM
  • mthalman
    • 5959 Allow override of System.Formats.Asn1 package version
  • MattKotsenas
    • 5923 Map SourceBranchName from sourcelink to RepositoryBranch for NuGet pack