diff --git a/docs/TOC.md b/docs/TOC.md index a1cc9d343..418c0c625 100644 --- a/docs/TOC.md +++ b/docs/TOC.md @@ -128,6 +128,7 @@ #### [Package metadata](api/registration-base-url-resource.md) #### [Push and delete](api/package-publish-resource.md) #### [Push symbol packages](api/symbol-package-publish-resource.md) +#### [README URI](api/readme-template-resource.md) #### [Report abuse URL](api/report-abuse-resource.md) #### [Repository signatures](api/repository-signatures-resource.md) #### [Search](api/search-query-service-resource.md) @@ -185,6 +186,9 @@ ### [NU1506](reference/errors-and-warnings/NU1506.md) ### [NU1507](reference/errors-and-warnings/NU1507.md) ### [NU1508](reference/errors-and-warnings/NU1508.md) +### [NU1509](reference/errors-and-warnings/NU1509.md) +### [NU1510](reference/errors-and-warnings/NU1510.md) +### [NU1511](reference/errors-and-warnings/NU1511.md) ### [NU1601](reference/errors-and-warnings/NU1601.md) ### [NU1602](reference/errors-and-warnings/NU1602.md) ### [NU1603](reference/errors-and-warnings/NU1603.md) @@ -344,6 +348,7 @@ ### [Known Issues](release-notes/known-issues.md) ### NuGet 6.x +#### [NuGet 6.13](release-notes/NuGet-6.13.md) #### [NuGet 6.12](release-notes/NuGet-6.12.md) #### [NuGet 6.11](release-notes/NuGet-6.11.md) #### [NuGet 6.10](release-notes/NuGet-6.10.md) diff --git a/docs/api/implementation-guide.md b/docs/api/implementation-guide.md index fdf9e7696..8168aa909 100644 --- a/docs/api/implementation-guide.md +++ b/docs/api/implementation-guide.md @@ -35,6 +35,7 @@ To assist authors of existing NuGet repositories keep up to date with NuGet's ne ||Added `packageTypes` query parameter to `SearchQueryService` requests| |2021|[Embedded readme](#embedded-files)| |2023|[PreAuthenticate authenticated requests](#url-structure-for-authenticated-feeds)
[`VulnerabilityInfo` resource](#known-vulnerabilities-database-vulnerabilityinfo)| +|2025|[Enable embedded README downloads](#enable-embedded-readme-downloads)| ## Owner field @@ -140,3 +141,7 @@ In this case, every request to the service index will have additional latency, d While NuGet's V3 API was designed to work on a static file server, the search resource is the exception that always requires a dynamic web service to process requests. If you wish to host search, or indeed any other NuGet API resource, on different servers, in order to benefit from `HttpClientHandler`'s `PreAuthenticate`, you will need to use a reverse proxy to ensure all customer facing URLs in the service index meet the "same or subdirectory" rule. + +## Enable embedded README downloads + +A [new resource](./readme-template-resource.md) was documented for constructing a URL that can be used to download a README for a given package. This will allow client, like the Package Management UI in VS, to display the embedded README for packages which haven't been previously installed by the user. The client will construct this URL and attempt to download the README, using the response to the request to determine if a README is available. This means servers should expect multiple requests to the constructed endpoint as users navigate the PM UI. \ No newline at end of file diff --git a/docs/api/overview.md b/docs/api/overview.md index 2d15e8766..ecf2fd22c 100644 --- a/docs/api/overview.md +++ b/docs/api/overview.md @@ -61,6 +61,7 @@ Resource name | Required [PackageBaseAddress](package-base-address-resource.md) | yes | Get package content (.nupkg). [PackageDetailsUriTemplate](package-details-template-resource.md) | no | Construct a URL to access a package details web page. [PackagePublish](package-publish-resource.md) | yes | Push and delete (or unlist) packages. +[ReadmeUriTemplate](readme-template-resource.md) | no | Construct a URL to access a package's README. [RegistrationsBaseUrl](registration-base-url-resource.md) | yes | Get package metadata. [ReportAbuseUriTemplate](report-abuse-resource.md) | no | Construct a URL to access a report abuse web page. [RepositorySignatures](repository-signatures-resource.md) | no | Get certificates used for repository signing. diff --git a/docs/api/readme-template-resource.md b/docs/api/readme-template-resource.md new file mode 100644 index 000000000..565789ea7 --- /dev/null +++ b/docs/api/readme-template-resource.md @@ -0,0 +1,62 @@ +--- +title: README Uri Template, NuGet API +description: The README uri template allows clients to download the readme for a package, if available. +author: jgonz120 +ms.author: jongonza +ms.date: 1/6/2025 +ms.topic: reference +ms.reviewer: +--- + +# README Uri Template + +It is possible for a client to build a URL that can be used to download a README for a specific package. +This will enable the clients to render the package's README without downloading the entire package. + +The resource used for building this URL is the `ReadmeUriTemplate` resource found in the +[service index](service-index.md). + +## Versioning + +The following `@type` values are used: + +@type value | Notes +--------------------------------- | ----- +ReadmeUriTemplate/6.13.0 | The initial release + +## URL template + +The URL for the following API is the value of the `@id` property associated with one of the aforementioned +resource `@type` values. + +## HTTP methods + +The constructed URL must support the HTTP method `GET` + +## Construct the URL + +Given a known package ID and version, the client implementation can construct a URL to download the README. + +The value of the `@id` is a URL string containing any of the following placeholder tokens: + +### URL placeholders + +Name | Type | Required | Notes +----------- | ------- | -------- | ----- +`{lower_id}` | string | yes | The package ID, lowercased +`{lower_version}` | string | yes | The package version, lowercased + +Both `lower_id` and `lower_version` are lowercased using the rules implemented by .NET's +[`System.String.ToLowerInvariant()`](/dotnet/api/system.string.tolowerinvariant?view=netstandard-2.0#System_String_ToLowerInvariant&preserve-view=true) +method. + +The `lower_version` is the desired package version normalized using NuGet's version +[normalization rules](../concepts/package-versioning.md#normalized-version-numbers). This means that build metadata +that is allowed by the SemVer 2.0.0 specification must be excluded in this case. + +### Response body + +If the package has a readme, a 200 status code is returned. The response body will be the readme +content itself. + +If the package does not have a readme, a 404 status code is returned. diff --git a/docs/consume-packages/Package-References-in-Project-Files.md b/docs/consume-packages/Package-References-in-Project-Files.md index 15d372a96..1476382ff 100644 --- a/docs/consume-packages/Package-References-in-Project-Files.md +++ b/docs/consume-packages/Package-References-in-Project-Files.md @@ -61,7 +61,7 @@ This may be useful, if you reference projects which are PackageReference styled ## PackageReference and sources -In PackageReference projects, the transitive dependency versions are resolved at restore time. As such, in PackageReference projects all sources need to be available for all restores. +In PackageReference projects, the transitive dependency versions are resolved at restore time. As such, in PackageReference projects all sources need to be available for all restores. ## Floating Versions @@ -285,7 +285,7 @@ To suppress a warning project wide, consider doing: ``` -Sometimes warnings apply only to a certain package in the graph. We can choose to suppress that warning more selectively by adding a `NoWarn` on the PackageReference item. +Sometimes warnings apply only to a certain package in the graph. We can choose to suppress that warning more selectively by adding a `NoWarn` on the PackageReference item. ```xml @@ -307,15 +307,15 @@ When in Visual Studio, you can also [suppress warnings](/visualstudio/ide/how-to Input to NuGet restore is a set of `PackageReference` items from the project file (top-level or direct dependencies) and the output is a full closure of all the package dependencies including transitive dependencies. NuGet tries to always produce the same full closure of package dependencies if the input PackageReference list has not changed. However, there are some scenarios where it is unable to do so. For example: -* When you use floating versions like ``. While the intention here is to float to the latest version on every restore of packages, there are scenarios where users require the graph to be locked to a certain latest version and float to a later version, if available, upon an explicit gesture. -* A newer version of the package matching PackageReference version requirements is published. E.g. +- When you use floating versions like ``. While the intention here is to float to the latest version on every restore of packages, there are scenarios where users require the graph to be locked to a certain latest version and float to a later version, if available, upon an explicit gesture. +- A newer version of the package matching PackageReference version requirements is published. E.g. - * Day 1: if you specified `` but the versions available on the + - Day 1: if you specified `` but the versions available on the NuGet repositories were 4.1.0, 4.2.0 and 4.3.0. In this case, NuGet would have resolved to 4.1.0 (nearest minimum version) - * Day 2: Version 4.0.0 gets published. NuGet will now find the exact match and start resolving to 4.0.0 + - Day 2: Version 4.0.0 gets published. NuGet will now find the exact match and start resolving to 4.0.0 -* A given package version is removed from the repository. Though nuget.org does not allow package deletions, not all package repositories have this constraint. This results in NuGet finding the best match when it cannot resolve to the deleted version. +- A given package version is removed from the repository. Though nuget.org does not allow package deletions, not all package repositories have this constraint. This results in NuGet finding the best match when it cannot resolve to the deleted version. ### Enabling the lock file @@ -329,12 +329,13 @@ In order to persist the full closure of package dependencies you can opt-in to t ``` -If this property is set, NuGet restore will generate a lock file - `packages.lock.json` file at the project root directory that lists all the package dependencies. +If this property is set, NuGet restore will generate a lock file - `packages.lock.json` file at the project root directory that lists all the package dependencies. > [!Note] > Once a project has `packages.lock.json` file in its root directory, the lock file is always used with restore even if the property `RestorePackagesWithLockFile` is not set. So another way to opt-in to this feature is to create a dummy blank `packages.lock.json` file in the project's root directory. ### `restore` behavior with lock file + If a lock file is present for project, NuGet uses this lock file to run `restore`. NuGet does a quick check to see if there were any changes in the package dependencies as mentioned in the project file (or dependent projects' files) and if there were no changes it just restores the packages mentioned in the lock file. There is no re-evaluation of package dependencies. If NuGet detects a change in the defined dependencies as mentioned in the project file(s), it re-evaluates the package graph and updates the lock file to reflect the new package closure for the project. @@ -366,6 +367,7 @@ You may also set this conditional MSBuild property in your project file: If locked mode is `true`, restore will either restore the exact packages as listed in the lock file or fail if you updated the defined package dependencies for the project after lock file was created. ### Make lock file part of your source repository + If you are building an application, an executable and the project in question is at the start of the dependency chain then do check in the lock file to the source code repository so that NuGet can make use of it during restore. However, if your project is a library project that you do not ship or a common code project on which other projects depend upon, you **should not** check in the lock file as part of your source code. There is no harm in keeping the lock file but the locked package dependencies for the common code project may not be used, as listed in the lock file, during the restore/build of a project that depends on this common-code project. @@ -388,7 +390,7 @@ You can control various behaviors of restore with lock file as described below: | NuGet.exe option | dotnet option | MSBuild equivalent option | Description | |:--- |:--- |:--- |:--- | | `-UseLockFile` |`--use-lock-file` | RestorePackagesWithLockFile | Opts into the usage of a lock file. | -| `-LockedMode` | `--locked-mode` | RestoreLockedMode | Enables locked mode for restore. This is useful in CI/CD scenarios where you want repeatable builds.| +| `-LockedMode` | `--locked-mode` | RestoreLockedMode | Enables locked mode for restore. This is useful in CI/CD scenarios where you want repeatable builds.| | `-ForceEvaluate` | `--force-evaluate` | RestoreForceEvaluate | This option is useful with packages with floating version defined in the project. By default, NuGet restore will not update the package version automatically upon each restore unless you run restore with this option. | | `-LockFilePath` | `--lock-file-path` | NuGetLockFilePath | Defines a custom lock file location for a project. By default, NuGet supports `packages.lock.json` at the root directory. If you have multiple projects in the same directory, NuGet supports project specific lock file `packages..lock.json` | @@ -458,3 +460,51 @@ You can leave off `$(AssetTargetFallback)` if you wish to overwrite, instead of > If you are using a [.NET SDK based project](/dotnet/core/sdk), appropriate `$(AssetTargetFallback)` values are configured and you do not need to set them manually. > > `$(PackageTargetFallback)` was an earlier feature that attempted to address this challenge, but it is fundamentally broken and *should* not be used. To migrate from `$(PackageTargetFallback)` to `$(AssetTargetFallback)`, simply change the property name. + +## PrunePackageReference + +The .NET Runtime is constantly evolving, with performance improvements and new APIs each release. +There is a lot of functionality that's available within the runtime, but also as packages, such as [System..Text.Json](https://www.nuget.org/packages/System.Text.Json). This can often lead to a `System.Text.Json 8.0.0` in a project targeting `.NET 9` or `.NET 8`. This dependency is unnecessary and the build conflict resolution would not use the assembly coming from the package since it's already available in the .NET Runtime. +Starting in in [NuGet version 6.13](..\release-notes\NuGet-6.13.md) and .NET SDK 9.0.200, `PrunePackageReference` enables the pruning of these packages at restore time for .NET SDK based projects. + +Package pruning is available as an opt-in feature with the .NET 9 SDK, and will be enabled by default for all `.NET` frameworks and `>= .NET Standard 2.0` starting with .NET 10 SDK. + +Package pruning is only available with the default dependency resolver as [released in 6.12](#nuget-dependency-resolver). + +### PrunePackageReference specification + +The list of packages to be pruned is defined with the `PrunePackageReference` item. + +| Attributes | Description | +|------------|-------------| +| Version | Specifies the maximum version to be pruned. `1.0.0` means that all packages up to and including 1.0.0 will be pruned. For `1.0.0`, `0.9.0` and `1.0.0` will be pruned, but `1.0.1` would not. | + +The following properties can be used to modify the pruning behavior. + +| PropertyName | Description | +|--------------|-------------| +| RestoreEnablePackagePruning | Enables package pruning for the packages specified with `PrunePackageReference`. This property is per target framework and the valid values are `true` and `false`. Defaults may differ based on the .NET SDK as defined above. | + +The .NET SDK predefines the list of packages to be pruned for you. + +### How PrunePackageReference works + +When a package is specified to be pruned during restore, it is removed from the dependency graph. This package is not downloaded and does not appear in any of the outputs of NuGet. When a package is pruned, there is a detailed verbosity message indicating that the package has been removed for the given target framework. + +Pruning is only supported for transitive packages, meaning packages that are referenced by other packages or projects. The following table illustrates various package pruning behaviors. + +| Dependency disposition | Behavior | +|-----------------|----------| +| Matches the ID of a transitive package coming through another package | Prune | +| Matches the ID of a transitive package coming through another project | Prune | +| Matches the ID of a direct `PackageReference` | Raise the [NU1510](../reference/errors-and-warnings/NU1510.md) warning and do not prune | +| Matches the ID of a `ProjectReference` | Raise the [NU1511](../reference/errors-and-warnings/NU1511.md) warning and do not prune | + +### PrunePackageReference applications + +The benefits of package pruning are two-fold: + +- Performance benefits, by virtue of reducing the number of packages within a dependency graph +- Reduction of false positives by component scanners such as `NuGetAudit` + +Pruning is particularly valuable when [auditing](./../concepts/Auditing-Packages.md) packages with `NuGetAuditMode` is set to `all`. If you are using the .NET 9, we recommend you try out pruning by setting `RestoreEnablePackagePruning` to `true`. diff --git a/docs/consume-packages/install-use-packages-visual-studio.md b/docs/consume-packages/install-use-packages-visual-studio.md index 1084f44fc..361bd0a4a 100644 --- a/docs/consume-packages/install-use-packages-visual-studio.md +++ b/docs/consume-packages/install-use-packages-visual-studio.md @@ -53,7 +53,9 @@ To find and install a NuGet package with Visual Studio, follow these steps: - Select a package to see detailed package information. The details pane on the right appears and enables you to select a version to install. - ![Screenshot showing the NuGet Package Manager window with the Browse tab selected.](media/package-manager-browse-tab.png) + ![Screenshot showing the NuGet Package Manager window with the Browse tab, details pane, and "Package Details" tab selected.](media/package-manager-package-details.png) + You can see package metadata, information about the owner(s), author(s), license, etc., in the Package Details tab and the package README file (if it is provided by the package author) in the README tab. + ![Screenshot showing the NuGet Package Manager window with the README tab selected.](media/package-manager-package-readme.png) 1. In the right pane, select a **Version** from the dropdown list. If you want to include prerelease versions in the **Version** list, select **Include prerelease**. diff --git a/docs/consume-packages/media/package-manager-package-details.png b/docs/consume-packages/media/package-manager-package-details.png new file mode 100644 index 000000000..4ec7cc9a7 Binary files /dev/null and b/docs/consume-packages/media/package-manager-package-details.png differ diff --git a/docs/consume-packages/media/package-manager-package-readme.png b/docs/consume-packages/media/package-manager-package-readme.png new file mode 100644 index 000000000..855595145 Binary files /dev/null and b/docs/consume-packages/media/package-manager-package-readme.png differ diff --git a/docs/reference/Errors-and-Warnings.md b/docs/reference/Errors-and-Warnings.md index 11def614f..65977a512 100644 --- a/docs/reference/Errors-and-Warnings.md +++ b/docs/reference/Errors-and-Warnings.md @@ -43,7 +43,7 @@ NuGet supports the following configuration properties. | Group | Warning numbers | | --- | --- | -| Invalid input warnings | [NU1501](./errors-and-warnings/NU1501.md), [NU1502](./errors-and-warnings/NU1502.md), [NU1503](./errors-and-warnings/NU1503.md), [NU1504](./errors-and-warnings/NU1504.md), [NU1505](./errors-and-warnings/NU1505.md), [NU1506](./errors-and-warnings/NU1506.md), [NU1507](./errors-and-warnings/NU1507.md), [NU1508](./errors-and-warnings/NU1508.md) | +| Invalid input warnings | [NU1501](./errors-and-warnings/NU1501.md), [NU1502](./errors-and-warnings/NU1502.md), [NU1503](./errors-and-warnings/NU1503.md), [NU1504](./errors-and-warnings/NU1504.md), [NU1505](./errors-and-warnings/NU1505.md), [NU1506](./errors-and-warnings/NU1506.md), [NU1507](./errors-and-warnings/NU1507.md), [NU1508](./errors-and-warnings/NU1508.md), [NU1509](./errors-and-warnings/NU1509.md), [NU1510](./errors-and-warnings/NU1510.md), [NU1511](./errors-and-warnings/NU1511.md) | | Unexpected package version warnings | [NU1601](./errors-and-warnings/NU1601.md), [NU1602](./errors-and-warnings/NU1602.md), [NU1603](./errors-and-warnings/NU1603.md), [NU1604](./errors-and-warnings/NU1604.md), [NU1605](./errors-and-warnings/NU1605.md), [NU1606](./errors-and-warnings/NU1108.md), [NU1607](./errors-and-warnings/NU1107.md) | | Resolver conflict warnings | [NU1608](./errors-and-warnings/NU1608.md) | | Package fallback warnings | [NU1701](./errors-and-warnings/NU1701.md), [NU1702](./errors-and-warnings/NU1702.md), [NU1703](./errors-and-warnings/NU1703.md)| diff --git a/docs/reference/errors-and-warnings/NU1508.md b/docs/reference/errors-and-warnings/NU1508.md index 542939894..eb9f758aa 100644 --- a/docs/reference/errors-and-warnings/NU1508.md +++ b/docs/reference/errors-and-warnings/NU1508.md @@ -19,7 +19,7 @@ f1_keywords: Sometimes when adding `NuGetAuditSuppress` items, you may end up adding an item for a particular package multiple times. -MSBuild projects commonly import multiple `.props` and `.targets` files, so the duplicates might not be in the same file, but may be in included files, such as `Directory.Build.props`, `Directory.Packages.props`, or `Directory.Build.targets`. +MSBuild projects commonly import multiple `.props` and `.targets` files, so the duplicates might not be in the same file, but may be in imported files, such as `Directory.Build.props`, `Directory.Packages.props`, or `Directory.Build.targets`. ### Solution diff --git a/docs/reference/errors-and-warnings/NU1509.md b/docs/reference/errors-and-warnings/NU1509.md new file mode 100644 index 000000000..cae01fdd4 --- /dev/null +++ b/docs/reference/errors-and-warnings/NU1509.md @@ -0,0 +1,28 @@ +--- +title: NuGet Warning NU1509 +description: NU1509 warning code +author: nkolev92 +ms.author: nikolev +ms.date: 02/04/2025 +ms.topic: reference +f1_keywords: + - "NU1509" +--- + +# NuGet Warning NU1509 + +## Scenario 1 + +> Duplicate 'PrunePackageReference' items found. Remove the duplicate items or use the Update functionality to ensure a consistent restore behavior. The duplicate 'PrunePackageReference' items are: X 1.0.0, X 2.0.0. + +### Issue + +Sometimes when adding `PrunePackageReference` items, you may end up adding an item for a particular package multiple times. + +MSBuild projects commonly import multiple `.props` and `.targets` files, so the duplicates might not be in the same file, but may be in imported files, such as `Directory.Build.props`, `Directory.Packages.props`, or `Directory.Build.targets`. + +The `.NET SDK` provides a of list `PrunePackageReference`, so the conflict may be happening because you have specified a `PrunePackageReference` or due to a bug with the `.NET SDK`. + +### Solution + +Remove the duplicate item, so that it's included exactly once. diff --git a/docs/reference/errors-and-warnings/NU1510.md b/docs/reference/errors-and-warnings/NU1510.md new file mode 100644 index 000000000..12666d58f --- /dev/null +++ b/docs/reference/errors-and-warnings/NU1510.md @@ -0,0 +1,25 @@ +--- +title: NuGet Warning NU1510 +description: NU1510 warning code +author: nkolev92 +ms.author: nikolev +ms.date: 02/04/2025 +ms.topic: reference +f1_keywords: + - "NU1510" +--- + +# NuGet Warning NU1510 + +## Scenario 1 + +> PackageReference System.Text.Json 9.0.0 will not be pruned. Consider removing this package from your dependencies, as it is likely unnecessary. + +### Issue + +The package `System.Text.Json` has been specified for pruning through the [PrunePackageReference](../../consume-packages/Package-References-in-Project-Files.md#prunepackagereference) feature. +The `.NET SDK` generally specifies the list of packages to be pruned. The package is not needed as a direct PackageReference since the .NET runtime itself carries either the same or higher version of the assembly. + +### Solution + +Remove the PackageReference as it's unnecessary. diff --git a/docs/reference/errors-and-warnings/NU1511.md b/docs/reference/errors-and-warnings/NU1511.md new file mode 100644 index 000000000..c91ba031e --- /dev/null +++ b/docs/reference/errors-and-warnings/NU1511.md @@ -0,0 +1,27 @@ +--- +title: NuGet Warning NU1511 +description: NU1511 warning code +author: nkolev92 +ms.author: nikolev +ms.date: 02/04/2025 +ms.topic: reference +f1_keywords: + - "NU1511" +--- + +# NuGet Warning NU1511 + +## Scenario 1 + +> A ProjectReference cannot be pruned, X. + +### Issue + +The project id `X` has been specified for pruning through the [PrunePackageReference](../../consume-packages/Package-References-in-Project-Files.md#prunepackagereference) feature. +Pruning of projects is not supported. + +### Solution + +- The `.NET SDK` generally specifies the list of packages to be pruned. It may mean that you have a project matching the id of a platform assembly. +In this scenario, change the name of the project. +- If the `PrunePackageReference` has been specified within your project, you may need to remove the `PrunePackageReference` diff --git a/docs/reference/extensibility/NuGet-Cross-Platform-Plugins.md b/docs/reference/extensibility/NuGet-Cross-Platform-Plugins.md index 02428709d..061508024 100644 --- a/docs/reference/extensibility/NuGet-Cross-Platform-Plugins.md +++ b/docs/reference/extensibility/NuGet-Cross-Platform-Plugins.md @@ -47,11 +47,18 @@ Under this version, the requirements are as follows: - Adhere to the negotiated plugin protocol version. - Respond to all requests within a reasonable time period. - Honor cancellation requests for any in-progress operation. +- **Starting with NuGet 6.13, executable plugins (including global .NET tools) must follow these requirements:** + - Naming Convention: Must follow the pattern `nuget-plugin-*`. + - Windows: + - Must be either `.exe` or `.bat` files. + - Linux: + - Must have their executable permissions enabled. The technical specification is described in more detail in the following specs: - [NuGet Package Download Plugin](https://github.com/NuGet/Home/wiki/NuGet-Package-Download-Plugin) - [NuGet cross plat authentication plugin](https://github.com/NuGet/Home/wiki/NuGet-cross-plat-authentication-plugin) +- [Dotnet Tools Plugins](https://github.com/NuGet/Home/blob/dev/accepted/2024/support-nuget-authentication-plugins-dotnet-tools.md) ## Client - Plugin interaction @@ -70,7 +77,14 @@ CI/CD scenarios and power users can use environment variables to override the be - `NUGET_NETFX_PLUGIN_PATHS` - defines the plugins that will be used by the .NET Framework based tooling (NuGet.exe/MSBuild.exe/Visual Studio). Takes precedence over `NUGET_PLUGIN_PATHS`. (NuGet version 5.3+ only) - `NUGET_NETCORE_PLUGIN_PATHS` - defines the plugins that will be used by the .NET Core based tooling (dotnet.exe). Takes precedence over `NUGET_PLUGIN_PATHS`. (NuGet version 5.3+ only) -- `NUGET_PLUGIN_PATHS` - defines the plugins that will be used for that NuGet process, priority preserved. If this environment variable is set, it overrides the convention based discovery. Ignored if either of the framework specific variables is specified. +- `NUGET_PLUGIN_PATHS` + - defines the plugins that will be used for that NuGet process, priority preserved. If this environment variable is set, it overrides the convention based discovery. Ignored if either of the framework specific variables is specified. + + - **Starting with NuGet 6.13:** + - Can specify paths to executable plugin files, including .NET tools plugins. + - Supports both file paths and folders containing plugin files. + - **Windows:** Supports `.exe` and `.bat` files. + - **Linux:** Requires executable permissions (`chmod +x`). - User-location, the NuGet Home location in `%UserProfile%/.nuget/plugins`. This location cannot be overriden. A different root directory will be used for .NET Core and .NET Framework plugins. | Framework | Root discovery location | diff --git a/docs/release-notes/NuGet-6.13.md b/docs/release-notes/NuGet-6.13.md index 825f7b406..c52653ca5 100644 --- a/docs/release-notes/NuGet-6.13.md +++ b/docs/release-notes/NuGet-6.13.md @@ -1,19 +1,13 @@ --- title: NuGet 6.13 Release Notes description: Release notes for NuGet 6.13 including new features, bug fixes, and DCRs. -author: zivkan +author: Nigusu-Allehu +ms.author: nyenework +ms.date: 2/4/2025 ms.topic: conceptual --- -# NuGet 6.13 Release Notes - +# NuGet 6.13 Release Notes NuGet distribution vehicles: @@ -23,6 +17,110 @@ NuGet distribution vehicles: 1 Installed with Visual Studio 2022 with any .NET workload -## Not yet released +## Summary: What's New in 6.13.1 + +NuGet 6.13.1 is available in Visual Studio 17.13. + +* Support for new slnx solution format in dotnet nuget why and dotnet list package - [#14034](https://github.com/NuGet/Home/issues/14034) + +## Summary: What's New in 6.13.0 + +NuGet 6.13.0 is available in the .NET 9.0.200 SDK. + +* Support for credential providers deployed via .NET tools - [#12567](https://github.com/NuGet/Home/issues/12567) + +* Opt-in feature: "Supplied by Platform", which removes packages that are supplied by the .NET platform from the dependency graph. This results in better performance and eliminates false positives for vulnerabilities in transitive dependencies. + +* dotnet nuget why should check RID specific packages - [#13718](https://github.com/NuGet/Home/issues/13718) + +* Allow specifying the msbuild binlog path when invoking static graph restore to avoid modifying the environment - [#10789](https://github.com/NuGet/Home/issues/10789) + +* New Dependency Resolver Fixes + + * New dependency resolver downloads more packages than before - [#13943](https://github.com/NuGet/Home/issues/13943) + + * New dependency resolver does not handle floating versions correctly in some situations - [#13992](https://github.com/NuGet/Home/issues/13992) + + * New dependency resolver erroneously reports NU1605 (downgrade) when using transitive pinning a direct dependency and a downgrade exists in a package graph - [#13938](https://github.com/NuGet/Home/issues/13938) + + * NuGet Restore restoring old versions of transitive dependencies when direct dependency does not have guidelines for user's targeted .NET Framework - [#13934](https://github.com/NuGet/Home/issues/13934) + + * Project and package in the same graph with the same name but different dependencies may lead to incorrect versions of the dependencies of that id - [#13888](https://github.com/NuGet/Home/issues/13888) + +* Package Manager UI in Visual Studio now shows embedded READMEs for NuGet packages, if available - [#12583](https://github.com/NuGet/Home/issues/12583) + +### Issues fixed in this release + +* Detect if restore used NuGetAudit or not for PackageReference projects - [#13778](https://github.com/NuGet/Home/issues/13778) + +* Add indicator for deprecated and vulnerable packages to Package Details tab header. - [#13974](https://github.com/NuGet/Home/issues/13974) + +* Navigation telemetry for 'Clear All NuGet Storage' Command in VS Settings - [#13968](https://github.com/NuGet/Home/issues/13968) + +* Nuget Package Manager for Solution automatically selects transitive dependencies - [#13893](https://github.com/NuGet/Home/issues/13893) + +* Debugging large repos with static graph-based restore is slow - [#13876](https://github.com/NuGet/Home/issues/13876) + +* NuGet Client SDK packages updating to net8.0 - [#13842](https://github.com/NuGet/Home/issues/13842) + +* Promote NU3043 warning to error in .NET 10 - [#13814](https://github.com/NuGet/Home/issues/13814) + +* Setting "Allow format selection on first package install" meaning is unclear - [#14016](https://github.com/NuGet/Home/issues/14016) + +* `dotnet nuget why` reports missing argument, even though it ran - [#13908](https://github.com/NuGet/Home/issues/13908) + +* Spacing adjustments in Details Pane Tabs - [#13880](https://github.com/NuGet/Home/issues/13880) + +* The focus border on the Details Pane Tab content is being truncated - [#13879](https://github.com/NuGet/Home/issues/13879) + +* JAWS is reading the entire contents of the Package Details Tab when first visiting it - [#13878](https://github.com/NuGet/Home/issues/13878) + +* ContentItemCollection.PopulateItemGroups unnecessarily allocates - [#13851](https://github.com/NuGet/Home/issues/13851) + +* Read and write .nupkg.metadata files with System.Text.Json - [#13835](https://github.com/NuGet/Home/issues/13835) + +* NuGet Fails in Containers When HOME Is Not Set - [#13834](https://github.com/NuGet/Home/issues/13834) + +* Signing: key not disposed - [#13823](https://github.com/NuGet/Home/issues/13823) + +* Walk TFMs in parallel when collecting pack outputs - [#13776](https://github.com/NuGet/Home/issues/13776) + +* PERF: NuGet Cloning operations are showing heavily in allocations during VS solution load - [#13647](https://github.com/NuGet/Home/issues/13647) + +* Fetching Vulnerability Resources doesn't respect cancellation - [#13644](https://github.com/NuGet/Home/issues/13644) + +* Wrong order of arguments in logs for centralized package version (string `Info_AddPkgCPM`) - [#13155](https://github.com/NuGet/Home/issues/13155) + +* Satellite assemblies for three-letter languages are not copied from NuGet package - [#12253](https://github.com/NuGet/Home/issues/12253) + +* Nuget pack doesn't support blank <version> in .nuspec even though version is passed on the command line - [#7987](https://github.com/NuGet/Home/issues/7987) + +[List of commits in this release](https://github.com/NuGet/NuGet.Client/compare/6.13.1.3...6.12.3.1) + +### Community contributions + +Thank you to all the contributors who helped make this NuGet release awesome! -This version of NuGet is in preview and these release notes will be updated when it is released. +* [SimonCropp](https://github.com/NuGet/NuGet.Client/pull/6185) + * [6185](https://github.com/NuGet/NuGet.Client/pull/6185) reduce memory in ManifestMetadata + * [6168](https://github.com/NuGet/NuGet.Client/pull/6168) remove duplicate dictionary lookups + * [6166](https://github.com/NuGet/NuGet.Client/pull/6166) remove redundant Count() in GlobalPackageFolderRepositories + * [6165](https://github.com/NuGet/NuGet.Client/pull/6165) avoid Any call in GetCommandAttribute + * [6167](https://github.com/NuGet/NuGet.Client/pull/6167) remove redundant casts +* [baronfel](https://github.com/NuGet/NuGet.Client/pull/6124) + * [6124](https://github.com/NuGet/NuGet.Client/pull/6124) Expand Locale parser to support three-character language codes + * [6018](https://github.com/NuGet/NuGet.Client/pull/6018) Update _WalkEachTargetPerFramework to walk TFMs in parallel +* [ToddGrun](https://github.com/NuGet/NuGet.Client/pull/6098) + * [6098](https://github.com/NuGet/NuGet.Client/pull/6098) Modify ContentItemCollection.PopulateItemGroups to use pooling for highly allocated temporary data structures + * [5930](https://github.com/NuGet/NuGet.Client/pull/5930) Attempt to move several data structures to be immutable +* [mthalman](https://github.com/NuGet/NuGet.Client/pull/6212) + * [6212](https://github.com/NuGet/NuGet.Client/pull/6212) Fix formatting in GraphOperations +* [kasperk81](https://github.com/NuGet/NuGet.Client/pull/6072) + * [6072](https://github.com/NuGet/NuGet.Client/pull/6072) add SpecialFolder.UserProfile fallback +* [MichaelSimons](https://github.com/NuGet/NuGet.Client/pull/6102) + * [6102](https://github.com/NuGet/NuGet.Client/pull/6102) Update source-build team references +* [akoeplinger](https://github.com/NuGet/NuGet.Client/pull/6025) + * [6025](https://github.com/NuGet/NuGet.Client/pull/6025) Fix typo in EnhancedHttpRetryHelper.cs +* [jimmylewis](https://github.com/NuGet/NuGet.Client/pull/6027) + * [6027](https://github.com/NuGet/NuGet.Client/pull/6027) Refactor calls to EnsureVisualStudioHost() to a base [TestInitialize] method + \ No newline at end of file diff --git a/docs/release-notes/NuGet-6.14.md b/docs/release-notes/NuGet-6.14.md new file mode 100644 index 000000000..2b950855d --- /dev/null +++ b/docs/release-notes/NuGet-6.14.md @@ -0,0 +1,28 @@ +--- +title: NuGet 6.14 Release Notes +description: Release notes for NuGet 6.14 including new features, bug fixes, and DCRs. +author: zivkan +ms.topic: conceptual +--- +# NuGet 6.14 Release Notes + + + +NuGet distribution vehicles: + +| NuGet version | Available in Visual Studio version | Available in .NET SDK(s) | +|:---|:---|:---| +| [**6.14**](https://nuget.org/downloads) | [Visual Studio 2022 version 17.14](https://visualstudio.microsoft.com/downloads/) | [9.0.2xx](https://dotnet.microsoft.com/download/dotnet/9.0)1 | + +1 Installed with Visual Studio 2022 with any .NET workload + +## Not yet released + +This version of NuGet is in preview and these release notes will be updated when it is released.