Edit

Share via

NuGet 7.3 Release Notes

NuGet distribution vehicles:

NuGet version Available in Visual Studio version Available in .NET SDK(s)
7.3.0 Visual Studio 2026 version 18.3.0 10.0.2001

1 Installed with Visual Studio 2026 with any .NET workload

Summary: What's New in 7.3.0

  • Support for managing audit sources in Visual Studio options UI - #13955

  • Manage NuGet Packages in vulnerability gold bar could take you to a view with vulnerability filter selected - #13050

  • Vulnerability InfoBar in Visual Studio now has "How to fix with GitHub Copilot" link to NuGet's MCP Server documentation - #14680

  • Add dotnet nuget download command - #12513

Issues fixed in this release

  • Use a deterministic order for adding files to nuget packages - #14448

  • Audit Sources region is collapsed until needed in VS Options - #14665

  • IAssetsLogMessage.TargetGraphs and IRestoreLogMessage.TargetGraphs should use the alias TargetFramework instead of the effective target framework - #14528

  • [Localization] The string ‘Machine-wide package sources are provisioned by Visual Studio workloads and can only be enabled or disabled’ was not localized - #14716

  • [Localization] The string ‘Use separate sources for vulnerability audit’ in ‘Options->NuGet Package Manager->Package Sources’ page was not localized - #14715

  • Tooltips are not appearing via keyboard navigation on Package List - #14683

  • Package Owners are no longer separated with a space in the Package Item ToolTip - #14682

  • No warning NU1905 shows when no audit sources are configured however the info said it would in Options->NuGet Package Manager->Package Sources->Audit source part - #14678

  • Static graph restore with duplicate PackageVersion crashes - #14676

  • dotnet list package error Sequence contains no matching element targeting netcoreapp3.1 when package with build targets that fails the build is part of the deps - #14670

  • NuGet.Packaging should reference System.Security.Cryptography.Pkcs v8 for net8.0 targets - #14636

  • "Clear NuGet local resources" button is hidden until NuGet VSIX loads - #14625

  • Dependency resolver allocating and resizing HashSet - #14611

  • NuGetEnvironment.GetFolderPath should cache results - #14602

  • Use TargetAlias in AssetsFileDependencies snapshot - #14584

  • LockFileTarget and IRestoreTargetGraph are labeled with an alias - #14577

  • Cannot set updatePackageLastAccessTime config via dotnet nuget config set - #14576

  • dotnet package update should support multiple projects - #14309

  • Migrator (PC to PR) shouldn't suggest using project.json project - #14240

  • Include prerelease checkbox is truncated in PM UI for any width - #14221

  • dotnet restore fails to invalidate lock file and produce puzzling error messages - #14198

  • dotnet list package --format=json outputs warning "(A) : Auto-referenced package." - #13080

  • [Bug Bash] The vulnerability filter “show only vulnerable” checkbox is truncated when the PM UI width is not wide enough to display all controls - #13002

  • [Bug]: NuGet.Common.dll RuntimeEnvironmentHelper.GetIsMacOSX throws a first-chance exception - #11433

  • [Bug]: KeyNotFoundException in LockFileBuilder.CreateLockFile - #11028

List of commits in this release

Community contributions

Thank you to all the contributors who helped make this NuGet release awesome!

  • SimonCropp
    • 6719 Remove un used parameters
    • 6716 Avoid the perf hit of using linq .Count()
    • 6721 Remove un used members
  • omajid
    • 6963 Ensure stable order of files in the nuget package
  • nareshjo
    • 6994 Prevent dictionary allocations in LockFileItem.Equals
  • bradselw
    • 6924 Addressing SFI-ES2.1.2 in DartLab pipelines
  • dkurepa
    • 6951 Set source tag to VMR main
  • Last updated on