Skip to content

Commit f86c052

Browse files
zivkanzivkan
authored
Update audit docs for .net 10 (#3476)
1 parent 29ebe47 commit f86c052

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

docs/concepts/Auditing-Packages.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: How to audit package dependencies for security vulnerabilities and
44
author: JonDouglas
55
ms.author: jodou
66
ms.topic: conceptual
7-
ms.date: 05/05/2025
7+
ms.date: 10/01/2025
88
---
99

1010
# Auditing package dependencies for security vulnerabilities
@@ -27,6 +27,7 @@ We also have a [blog post](https://devblogs.microsoft.com/nuget/nugetaudit-2-0-e
2727
| [6.10](../release-notes/NuGet-6.10.md) | N/A | Visual Studio 2022 17.10 | [NuGetAudit](#running-a-security-audit-with-restore) for packages.config|
2828
| [6.11](../release-notes/NuGet-6.11.md) | .NET 8 SDK (8.0.400) | Visual Studio 2022 17.11 | [NuGetAuditSuppress](#excluding-advisories) for PackageReference |
2929
| [6.12](../release-notes/NuGet-6.12.md) | .NET 9 SDK (9.0.100) | Visual Studio 2022 17.12 | [Audit sources](#audit-sources). [NuGetAuditSuppress](#excluding-advisories) for packages.config. |
30+
| [7.0](../release-notes/NuGet-7.0.md) | .NET 10 SDK (10.0.100) | Visual Studio 2026 | [NuGetAuditMode default changes for .NET 10](#configuring-nuget-audit). [`dotnet package update --vulnerable`](#security-vulnerabilities-found-with-updates) |
3031

3132
## Running a security audit with `restore`
3233

@@ -157,7 +158,8 @@ If security vulnerabilities are found and updates are available for the package,
157158

158159
- Edit the `.csproj` or other package version location (`Directory.Packages.props`) with a newer version containing a security fix.
159160
- Use the NuGet package manager user interface in Visual Studio to update the individual package.
160-
- Run the `dotnet add package` command with the respective package ID to update to the latest version.
161+
- Run the `dotnet package update --vulnerable` command to update all vulnerable packages in a project to the first version without known vulnerabilities.
162+
- Run the `dotnet package update` or `dotnet package add` commands with the respective package ID to update to the latest version. Use [`dotnet add package` when using .NET 9 or earlier](/dotnet/core/whats-new/dotnet-10/sdk#more-consistent-command-order).
161163

162164
#### Transitive Packages
163165

0 commit comments

Comments
 (0)