With the release of .NET 8.0, the NuGet team has proudly unveiled NuGet 6.8 as part of the Visual Studio 2022 suite. This release emphasizes security, introducing critical features that aim to safeguard .NET developers’ work.
NuGetAudit is a new feature that alerts developers to known vulnerabilities in their packages. With configurable severity thresholds, the tool warns about potential risks in both direct and transitive packages, bringing security concerns to immediate attention within the Visual Studio environment.
Addressing community feedback, NuGet 6.8 allows developers to opt-out of HTTPS Everywhere warnings. The nuget.config file now includes an allowInsecureConnections property, granting developers the flexibility to bypass these warnings according to their security preferences.
Building on the innovations introduced in .NET 6, Package Source Mapping in NuGet 6.8 now integrates with the Visual Studio UI. This enhancement simplifies managing package sources during installations or updates, directly affecting the developer’s workflow.
Conditional package management is now more intuitive in multi-framework projects, thanks to improvements in the update logic. The update process within Visual Studio has been refined to avoid common issues and streamline package management.
In response to user requests, the ProtocolVersion argument has been added to the nuget source add command, offering greater control over package source configurations and enhancing command-line functionality.
This version also introduces some breaking changes in the NuGet SDK: