Edit

Share via

NuGet 6.10 Release Notes

  • Article

NuGet distribution vehicles:

NuGet version Available in Visual Studio version Available in .NET SDK(s)
6.10 Visual Studio 2022 version 17.10 8.0.3xx1

1 Installed with Visual Studio 2022 with any .NET workload

Summary: What's New in 6.10

  • [Feature]: add dotnet nuget config command - #12469

  • Warn when vulnerabilities are detected during packages.config restore - #12307

  • Display a vulnerability info bar when there's vulnerabilities in packages.config based projects. - #13271

  • [Bug]: VS Credential Provider Incorrectly Setting Value of isRetry - #11210

  • dotnet list package --vulnerable requires constant login to 3rd party nuget feed - #12456

6.10.0 Known issues

NuGet.exe 6.10.0 and Visual Studio 17.10.0 may have failures during NuGet operations for projects using packages.config under the following scenarios:

  • Two or more projects in the solution have the same name
  • Two or more projects in the solution use the same packages.config file (the project files exist in the same directory)

These issues have been fixed in NuGet.exe 6.10.1 and Visual Studio 17.10.2.

Public tracking issues and discussions can be found in the following locations:

Breaking changes

  • Add nullable annotations to NuGet.Configuration - #13250

  • [Dotnet Package Search] The search result of the package should be “version” instead of “latestVersion” when executing command “dotnet package search <Package Name> --exact-match --format json” - #13158

  • ResolvedDependencyKey should be struct to reduce memory allocations - #13138

  • [DCR]: Central Package Management - Respect .props file as a way to opt-in to the feature. - #11834

Issues fixed in this release

  • Warn when vulnerabilities are detected during packages.config restore in CLI scenarios. - #13253

  • Stop using JObject in assets file reading to reduce allocations. #12715

  • Add event tracing to restore to make it possible to measure performance - #13274

  • Read auditSources from nuget.config files - #13211

  • SourceRepository.GetResourceAsync should be cancellable. - #13234

  • CreateWalkAsync should not be recursive - #13222

  • ProjectModel.HashObjectWriter.OnFlush is using a SHA512 hash versus a cheaper hash which seems like overkill - #13214

  • Owner package metadata is an array in JSON but a string in Protocol types - #13186

  • dotnet package search --verbosity detailed output table too wide - #13162

  • Calls in SetWarningProperties() have allocation overhead due to multiple enumeration - #13151

  • Use of ConcurrentStack in object pool implementation creates large amounts of allocations - #13147

  • IsBestVersion boxes HashSet<T> enumerators resulting in lots of allocation overhead during restore. - #13146

  • Deprecate NuGet.exe list in favor of NuGet.exe search - #7912

  • [Dotnet Package Search] An unhandled exception is thrown when searching with “--verbosity detailed” and “--format json” - #13300

  • dotnet package search crashes on .NET 9 preview 2 nightly - #13286

  • Use the StringBuilderPool rather than allocating a new StringBuilder - #13285

  • Pass in an appropriate size for List<T> - #13284

  • JsonTextWriter allocates a large number strings - #13283

  • Usage of StringBuilder.Append() allocates when appending an int - #13282

  • Unnecessary boxing of struct enumerators - #13281

  • Process objects should be disposed so that the finalizer doesn't run - #13280

  • Avoid boxing enumerators for collections - #13279

  • [.NET 9 Preview 3] no-op restore is no longer a no-op - #13269

  • Reduce allocations in calling IVsProjectAdpater.IsCapabilityMatchAsync - #13268

  • Consolidate packages.config restore implementations by minimizing discrepancies - #13233

  • Unroll LINQ usage to trim some allocations in AddMSBuildAssets - #13223

  • PackageSpecWriter is calling Any on an ICollection<T>/IList<T> instances instead of .Count - #13213

  • StringBuilder.Append(int) causes unnecessary allocations - #13207

  • Caching task results can cause all continuations to occur on the same thread - #13206

  • LibraryDependency creates a collection that is mostly empty - #13184

  • PackageSpecWriter should write out original string for versions instead of allocating a new one - #13183

  • SetCentralDependencies is calling OrderBy without specifying comparison defaulting to cultural-sensitive compare - #13182

  • Search results in json format from dotnet package search should not include fields for which no values are provided - #13166

  • The search result of the package should be “totalDownloads” instead of “total downloads” when executing command “dotnet package search <Package Name> --format json” - #13165

  • [dotnet package search] the failure to load a serivce index should be an error and not a warning. - #13163

  • dotnet package search format shows help output in addition to a json file - #13161

  • Cancelling static graph-based restore does not end the restore process - #13140

  • Use string.Contains instead of IEnumerable.Contains in VersionRange parsing - #13124

  • Static graph restore doesn't restore packages.config only solution - #13109

  • NuGet restore always touched the project.assets.json file even no content is changed when it needs log error messages. - #13098

  • Audit at restore time must not throw and fail the operation - #13085

  • Getting "An item with the same key has already been added" error when restoring. - #13067

  • PM UI Scrolling no longer loads additional packages. - #13063

  • NuGet restore cache check is no longer using file existence cache - #13058

  • Adding a reference to an esproj from an ASP.Net project results in a NU1105 error - #12986

  • RemoteDependencyWalker allocates a lot due to the fact that it's called recursively - #12748

  • [Bug]: Canceling msbuild restore is slow when invalid/unreachable source configured - #11813

  • Restore: excessive deep cloning of ProjectSpec - #9041

List of commits in this release

Community contributions

Thank you to all the contributors who helped make this NuGet release awesome!

  • Erarndt
    • 5659 Reduce boxing when enumerating lists
    • 5662 Use StringBuilder.AppendInt() in more places to reduce allocations when appending integers to a StringBuilder
    • 5663 Remove allocations from TextWriter.NewLine implementation
    • 5665 Use pooled StringBuilder
    • 5661 Avoid enumerator boxing in PackageSpecificWarningProperties.AddRangeOfCodes and TransitiveNoWarnUtils.AddToSeen
    • 5660 Ensure that Process objects are disposed when launching authentication plug-ins
    • 5664 Specify list size in TopologicalSortUtility.CalculateRelationships
    • 5624 Switch CreateNodeAsync to an iterative approach
    • 5584 Unroll LINQ usage to trim some allocations in AddMSBuildAssets
    • 5574 Unroll several LINQ calls
    • 5593 Further reduce allocations in CreateGraphNodeAsync
    • 5592 Avoid multiple enumeration when writing Json objects
    • 5600 Avoid intermediate string allocation caused by StringBuilder Append(i…
    • 5555 Unroll Linq in GetFlags
    • 5588 Avoid boxing HashSet Enumerator in IsBestVerion
    • 5589 Update the pool implementation to use a stack with a lock to avoid al…
    • 5568 Change ResolvedDependencyKey to a struct
    • 5553 Avoid some allocations in GetCompatibilityData
    • 5554 Switch from Tuple to ValueTuple for Dictionary keys
    • 5552 Avoid creating the capture class for calls to WithExtension
    • 5556 Switch from ConcurrentDictionary to Dictionary with lock to avoid rep…
    • 5551 Use string.Contains instead of IEnumerable.Contains
    • 5550 Avoid boxing List<T> enumerator
  • GenelleM
    • 5655 Add 64-bit non crypto hash algo for dgspec uniqueness computation
    • 5629 Replace calls to Any() on ICollection in PackageSpecWriter with Count > 0 Issue #13213
    • 5619 Reduces some CPU time usage in SetCentralDependencies
  • NikolaMilosavljevic
    • 5673 Enable publishing in VMR
    • 5625 Eliminate System.CommandLine prebuilt package
  • brianrob
    • 5650 Add Restore Instrumentation