Merge pull request #3317 from NuGet/main

Live drop for July 2024

Author: JonDouglas

docs/concepts/Auditing-Packages.md

@@ -87,7 +87,21 @@ We recommend that audit is configured at a repository level.
 
 ### Excluding advisories
 
-There is no support for excluding individual advisories at this time.
+You can choose to exclude specific advisories from the audit report by adding a new `NuGetAuditSuppress` MSBuild item for each advisory.
+Define a `NuGetAuditSuppress` item with the `Include=` metadata set to the advisory URL you wish to suppress.
+
+```xml
+<ItemGroup>
+    <NuGetAuditSuppress Include="https://github.com/advisories/XXXX" />
+</ItemGroup>
+```
+
+Similar to the other NuGet audit configuration properties, `NuGetAuditSuppress` items can be defined at the project or repository level.
+
+`NuGetAuditSuppress` is available for PackageReference projects starting from NuGet 6.11, Visual Studio 17.11, and the .NET 8.0.400 SDK.
+It is not currently available for packages.config projects.
+
+Additionally, you have the option to suppress warnings based on their severity.
 You can use `<NoWarn>` to suppress `NU1901`-`NU1904` warnings or use the `<NuGetAuditLevel>` functionality to ensure your audit reports are useful to your workflow.
 
 ### Warning codes

docs/consume-packages/configuring-nuget-behavior.md

@@ -9,7 +9,7 @@ ms.topic: conceptual
 
 # Common NuGet configurations
 
-NuGet's behavior is driven by the accumulated settings in one or more `NuGet.Config` (XML) files that can exist at solution- (project if no solution is used), user-, and computer-wide levels. A global `NuGetDefaults.Config` file also specifically configures package sources. Settings apply to all commands issued in the CLI, the Package Manager Console, and the Package Manager UI.
+NuGet's behavior is driven by the accumulated settings in one or more config (XML) files that can exist at solution- (project if no solution is used), user-, and computer-wide levels.
 
 ## Config file locations and uses
 
@@ -58,29 +58,35 @@ Settings are managed using the NuGet CLI [config command](../reference/cli-refer
 Windows:
 
 ```cli
-# Set repositoryPath in the user-level config file
-nuget config -set repositoryPath=c:\packages 
+# Set globalPackagesFolder in the user-level config file
+dotnet nuget config set globalPackagesFolder "C:\packages"
+
+# Set repositoryPath (available for packages.config only) in the user-level config file
+dotnet nuget config set repositoryPath "C:\packages"
 
 # Set repositoryPath in solution-level files
-nuget config -set repositoryPath=c:\packages -configfile c:\my.Config
-nuget config -set repositoryPath=c:\packages -configfile .\myApp\NuGet.Config
+dotnet nuget config set repositoryPath "C:\packages" --configfile "C:\my.config"
+dotnet nuget config set repositoryPath "c:\packages" --configfile "..\..\my.config"
 
 # Set repositoryPath in the computer-level file (requires elevation)
-nuget config -set repositoryPath=c:\packages -configfile %ProgramFiles(x86)%\NuGet\Config\NuGet.Config
+dotnet nuget config set repositoryPath "c:\packages" --configfile "%appdata%\NuGet\NuGet.Config"
 ```
 
 Mac/Linux:
 
 ```cli
-# Set repositoryPath in the user-level config file
-nuget config -set repositoryPath=/home/packages 
+# Set globalPackagesFolder in the user-level config file
+dotnet nuget config set globalPackagesFolder /home/packages
+
+# Set repositoryPath (available for packages.config only) in the user-level config file
+dotnet nuget config set repositoryPath /home/packages
 
 # Set repositoryPath in solution-level files
-nuget config -set repositoryPath=/home/projects/packages -configfile /home/my.Config
-nuget config -set repositoryPath=/home/packages -configfile home/myApp/NuGet.Config
+dotnet nuget config set repositoryPath /home/projects/packages --configfile /home/my.Config
+dotnet nuget config set repositoryPath /home/packages --configfile home/myApp/NuGet.Config
 
 # Set repositoryPath in the computer-level file (requires elevation)
-nuget config -set repositoryPath=/home/packages -configfile $XDG_DATA_HOME/NuGet.Config
+dotnet nuget config set repositoryPath /home/packages --configfile $XDG_DATA_HOME/NuGet.Config
 ```
 
 > [!Note]
@@ -100,7 +106,10 @@ nuget config -set repositoryPath= -configfile /home/my.Config
 
 ### Creating a new config file
 
-Copy the template below into the new file and then use `nuget config -configFile <filename>` to set values:
+Using the .NET CLI, create a default nuget.config by running `dotnet new nugetconfig`.
+For more information, see [dotnet CLI commands](../reference/dotnet-commands.md#package-consumption).
+
+Alternatively, manually copy the template below into the new file and then use `nuget config -configFile <filename>` to set values:
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -116,7 +125,7 @@ If a command line tool is used on a project file, rather than a solution file, t
 
 Specifically, when a config file is not specified explicitly on the command line, NuGet loads settings from the different config files in the following order:
 
-1. The [`NuGetDefaults.Config` file](#nuget-defaults-file), which contains settings related only to package sources.
+1. (*Uncommon*) The [`NuGetDefaults.Config` file](#nuget-defaults-file), which contains settings related only to package sources.
 1. The computer-level file.
 1. The user-level file.
 1. Files found in every folder in the path from the drive root to the current folder (where `nuget.exe` is invoked or the folder containing the Visual Studio solution). For example, if a command is invoked in `c:\A\B\C`, NuGet looks for and loads config files in `c:\`, then `c:\A`, then `c:\A\B`, and finally `c:\A\B\C`.
@@ -154,9 +163,9 @@ File A. User-level file, (`%appdata%\NuGet\NuGet.Config` on Windows, `~/.config/
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
-    <activePackageSource>
-        <add key="NuGet official package source" value="https://api.nuget.org/v3/index.json" />
-    </activePackageSource>
+  <packageSources>
+    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
+  </packageSources>
 </configuration>
 ```
 
@@ -226,7 +235,9 @@ These files cannot be edited by the standard tooling.
 
 ## NuGet defaults file
 
-The `NuGetDefaults.Config` file exists to specify package sources from which packages are installed and updated, and to control the default target for publishing packages with `nuget push`. Because administrators can conveniently (using Group Policy, for example) deploy consistent `NuGetDefaults.Config` files to developer and build machines, they can ensure that everyone in the organization is using the correct package sources rather than nuget.org.
+The `NuGetDefaults.Config` is uncommon and can only specify package sources from which packages are installed and updated, or control the default target for publishing packages with `nuget push`.
+
+Because administrators can conveniently (using Group Policy, for example) deploy consistent `NuGetDefaults.Config` files to developer and build machines, they can ensure that everyone in the organization is using consistent package sources, whether or not that includes nuget.org.
 
 > [!Important]
 > The `NuGetDefaults.Config` file never causes a package source to be removed from a developer's NuGet configuration. That means if the developer has already used NuGet and therefore has the nuget.org package source registered, it won't be removed after the creation of a `NuGetDefaults.Config` file.

docs/consume-packages/install-use-packages-visual-studio.md

@@ -38,9 +38,22 @@ To find and install a NuGet package with Visual Studio, follow these steps:
 
    The **NuGet Package Manager** window opens.
 
-1. Select the **Browse** tab to display packages by popularity from the currently selected source (see [Package sources](#package-sources)). To search for a specific package, use the search box on the upper left. Select a package from the list to display its information on the right pane, which enables you to select a version to install.
-
-    :::image type="content" source="media/package-manager-install-tab.png" alt-text="Screenshot showing the NuGet Package Manager window with the Browse tab selected.":::
+1. Select the **Browse** tab to display packages by popularity from the currently selected source (see [Package sources](#package-sources)).
+
+    - To search for a specific package, use the search box on the upper left.
+    - Abbreviated information may be shown beside each package ID to help identify the correct package, and varies based on the selected package source(s).
+  Examples include package download count, author, or owner profile hyperlinks.
+
+    > [!Note]
+    > In Visual Studio 17.11 and higher, package owners are shown as profile hyperlinks when supported by the selected package source.
+    > Package ownership is defined by the package source. For example, see [Manage package owners on nuget.org](../nuget-org/publish-a-package.md#manage-package-owners-on-nugetorg).
+    >
+    > In Visual Studio 17.10 and earlier, the package _author_ metadata is shown, which appears as plain-text.
+    > For more information, see [Authors package metadata](../create-packages/package-authoring-best-practices.md#authors).
+
+    - Select a package to see detailed package information.
+    The details pane on the right appears and enables you to select a version to install.
+    ![Screenshot showing the NuGet Package Manager window with the Browse tab selected.](media/package-manager-browse-tab.png)
 
 1. In the right pane, select a **Version** from the dropdown list. If you want to include prerelease versions in the **Version** list, select **Include prerelease**.
 

docs/consume-packages/media/package-manager-browse-tab.png

@@ -23,4 +23,4 @@ The project or nuspec being packaged contains a dependency on a prerelease packa
 If you intend to create a prerelease package then please refer to SemVer2 guidelines and add a prerelease tag to the version property i.e. `<version>1.0.0-pre</version>`. If you intend to create a stable package then please update the specified dependency version to a stable version.
 
 > [!NOTE]
-> Mixing stable and prerelease packages may lead to unexpected behaviors are resolution time. Learn more about how [PackageReference](../../concepts/Dependency-Resolution.md#version-ranges-and-prerelease-versions-with-packagereference) and [packages.config](../../concepts/Dependency-Resolution.md#version-ranges-and-prerelease-versions-with-packagesconfig) projects handle this resolution.
+> Mixing stable and prerelease packages may lead to unexpected behaviors at resolution time. Learn more about how [PackageReference](../../concepts/Dependency-Resolution.md#version-ranges-and-prerelease-versions-with-packagereference) and [packages.config](../../concepts/Dependency-Resolution.md#version-ranges-and-prerelease-versions-with-packagesconfig) projects handle this resolution.

docs/reference/errors-and-warnings/NU5104.md

@@ -31,7 +31,7 @@ Contains miscellaneous configuration settings, which can be set using the [`nuge
 | Key | Value |
 | --- | --- |
 | dependencyVersion (`packages.config` only) | The default `DependencyVersion` value for package install, restore, and update, when the `-DependencyVersion` switch is not specified directly. This value is also used by the NuGet Package Manager UI. Values are `Lowest`, `HighestPatch`, `HighestMinor`, `Highest`. |
-| globalPackagesFolder (projects using PackageReference only) | The location of the default global packages folder. The default is `%userprofile%\.nuget\packages` (Windows) or `~/.nuget/packages` (Mac/Linux). A relative path can be used in project-specific `nuget.config` files. This setting is overridden by the `NUGET_PACKAGES` environment variable, which takes precedence. |
+| globalPackagesFolder | The location of the default global packages folder. The default is `%userprofile%\.nuget\packages` (Windows) or `~/.nuget/packages` (Mac/Linux). A relative path can be used in project-specific `nuget.config` files. This setting is overridden by the `NUGET_PACKAGES` environment variable, which takes precedence. |
 | repositoryPath (`packages.config` only) | The location in which to install NuGet packages instead of the default `$(Solutiondir)/packages` folder. A relative path can be used in project-specific `nuget.config` files. |
 | defaultPushSource | Identifies the URL or path of the package source that should be used as the default if no other package sources are found for an operation. |
 | http_proxy http_proxy.user http_proxy.password no_proxy | Proxy settings to use when connecting to package sources; `http_proxy` should be in the format `http://<username>:<password>@<domain>`. Passwords are encrypted and cannot be added manually. For `no_proxy`, the value is a comma-separated list of domains the bypass the proxy server. You can alternately use the http_proxy and no_proxy environment variables for those values. For additional details, see [NuGet proxy settings](http://skolima.blogspot.com/2012/07/nuget-proxy-settings.html) (skolima.blogspot.com). |

docs/reference/nuget-config-file.md

@@ -35,7 +35,9 @@ In this topic:
 
 ## General form and schema
 
-The current `nuspec.xsd` schema file can be found in the [NuGet GitHub repository](https://github.com/NuGet/NuGet.Client/blob/dev/src/NuGet.Core/NuGet.Packaging/compiler/resources/nuspec.xsd).
+A `nuspec.xsd` schema file can be found in the [NuGet GitHub repository](https://github.com/NuGet/NuGet.Client/blob/dev/src/NuGet.Core/NuGet.Packaging/compiler/resources/nuspec.xsd).
+Note, that this file only represents the most recent schema for a `.nuspec` file. 
+No officially published versions exists and no version of that file corresponds to any specific NuGet version.  
 
 Within this schema, a `.nuspec` file has the following general form:
 
@@ -64,6 +66,11 @@ All XML element names in the .nuspec file are case-sensitive, as is the case for
 metadata element `<description>` is correct and `<Description>` is not correct. The proper casing for each element name
 is documented below.
 
+> [!Important]
+> While the `.nuspec` file contains a reference to a schema 
+> (`xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd"`),
+> The NuGet-Team has never published a schema file that could be used for automatic schema validation.
+
 ### Required metadata elements
 
 Although the following elements are the minimum requirements for a package, you should consider adding the [optional metadata elements](#optional-metadata-elements) to improve the overall experience developers have with your package. 

docs/reference/nuspec.md

@@ -12,10 +12,20 @@ NuGet distribution vehicles:
 
 | NuGet version | Available in Visual Studio version | Available in .NET SDK(s) |
 |:---|:---|:---|
-| [**6.10**](https://nuget.org/downloads) | [Visual Studio 2022 version 17.10](https://visualstudio.microsoft.com/downloads/) | [8.0.3xx](https://dotnet.microsoft.com/download/dotnet/8.0)<sup>1</sup> |
+| [**6.10.1**](https://nuget.org/downloads) | [Visual Studio 2022 version 17.10](https://visualstudio.microsoft.com/downloads/) | [8.0.3xx](https://dotnet.microsoft.com/download/dotnet/8.0)<sup>1</sup> |
 
 <sup>1</sup> Installed with Visual Studio 2022 with any .NET workload
 
+## Summary: What's New in 6.10.1
+
+### Issues fixed in this release
+
+* Visual Studio and PMC restore/update fails when multiple packages.config projects in the solution share the same name (An item with the same key has already been added) - [#13465](https://github.com/NuGet/Home/issues/13465)
+
+* ##[error]The nuget command failed with exit code(1) and error(An item with the same key has already been added. - [#13456](https://github.com/NuGet/Home/issues/13456)
+
+[List of commits in this release](https://github.com/NuGet/NuGet.Client/compare/6.10.0.97...6.10.1.5)
+
 ## Summary: What's New in 6.10
 
 * [Feature]: add dotnet nuget config command - [#12469](https://github.com/NuGet/Home/issues/12469)
@@ -53,6 +63,8 @@ Public tracking issues and discussions can be found in the following locations:
 
 * [DCR]: Central Package Management - Respect .props file as a way to opt-in to the feature. - [#11834](https://github.com/NuGet/Home/issues/11834)
 
+* Remove NuGet.Packaging.Core - [#12495](https://github.com/NuGet/Home/issues/12495)
+
 ### Issues fixed in this release
 
 * Warn when vulnerabilities are detected during packages.config restore in CLI scenarios. - [#13253](https://github.com/NuGet/Home/issues/13253)