NuGet · jgonz120 · Jan 21, 2025 · Dec 10, 2024 · Dec 10, 2024 · Jan 7, 2025
@@ -116,9 +116,10 @@ When referring to package dependencies, NuGet supports using interval notation f
 | [1.0,2.0) | 1.0 ≤ x < 2.0 | Mixed inclusive minimum and exclusive maximum version |
 | (1.0)    | invalid | invalid |
 
-### Examples
+### Best Practice
 
-Always specify a version or version range for package dependencies in project files, `packages.config` files, and `.nuspec` files. Without a version or version range, NuGet 2.8.x and earlier chooses the latest available package version when resolving a dependency, whereas NuGet 3.x and later chooses the lowest package version. Specifying a version or version range avoids this uncertainty.
+Always specify a version or version range for package dependencies in project files, `packages.config` files, and `.nuspec` files. Without a version or version range, when resolving a dependency, consistent restore results are not guaranteed.
+Avoid specifying an upper bound to version ranges to packages you don't own unless you know of a compatibility problem.  Upper bounds to version ranges harm adoption, discourage consumers from getting valuable updates to dependencies, and in some cases may lead them to use unsupported versions of dependencies.
 
 #### References in project files (PackageReference)
 

@@ -8,14 +8,47 @@ f1_keywords:
   - "NU1302"
 ---
 
-# NuGet Warning NU1302
+# NuGet Error NU1302
 
 > You are running the 'restore' operation with an 'HTTP' source: myHttpSource. NuGet requires HTTPS sources. To use an HTTP source, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. Please refer to https://aka.ms/nuget-https-everywhere for more information.
 
 ### Issue
 
-`myHttpSource` is an insecure HTTP source. We recommend using HTTPS sources instead.
+`myHttpSource` is an insecure HTTP source. We recommend using an HTTPS source instead.
 
 ### Solution
 
-This can be fixed either by removing the HTTP source or disabling HTTP Errors for the specific source by using `allowInsecureConnections` option in your [NuGet config file](../../reference/nuget-config-file.md).
+#### Option 1: Update the Source to Use HTTPS
+
+If possible, update the package source to use `https://` instead of `http://`:
+
+```xml
+<configuration>
+  <packageSources>
+    <add key="SecureSource" value="https://example.com/nuget/" />
+  </packageSources>
+</configuration>
+```
+
+#### Option 2: Allow Insecure Connections (If Necessary)
+
+If the source must remain HTTP, explicitly allow insecure connections by adding the `AllowInsecureConnections` flag in the `NuGet.Config`:
+
+```xml
+<configuration>
+  <packageSources>
+    <add key="InsecureSource" value="http://example.com/nuget/" allowInsecureConnections="true" />
+  </packageSources>
+</configuration>
+```
+
+#### Option 3: Consult SDK Analysis Level
+
+The [`SdkAnalysisLevel`](/dotnet/core/project-sdk/msbuild-props#sdkanalysislevel) property in your project can serve as a temporary workaround for managing HTTP sources.
+If additional time is needed to resolve the HTTP error, you can lower the `SdkAnalysisLevel` to suppress errors temporarily. 
+Here's how it functions:
+
+- For SDK Analysis Level value **below 9.0.100**, using HTTP sources triggers a warning ([NU1803](NU1803.md)).
+- Starting with SDK Analysis Level **9.0.100 or higher**, HTTP sources result in an error (NU1302) unless `AllowInsecureConnections` is explicitly enabled.
+
+
@@ -24,6 +24,14 @@ NuGet distribution vehicles:
 * VS PM UI shows warning icon about package vulnerability even after upgrade [#13866](https://github.com/NuGet/Home/issues/13866)
 * dotnet nuget why reports missing argument, even though it ran [#13908](https://github.com/NuGet/Home/issues/13908)
 
+## Summary: What's New in 6.12.3
+
+NuGet 6.12.3 is available in Visual Studio 17.12.4.
+
+### Issues fixed in this release
+
+* Small Solution PM UI size can cause a System.ArgumentException SolutionView.ListView_SizeChanged - [#13928](https://github.com/NuGet/Home/issues/13928)
+
 ## Summary: What's New in 6.12.1
 
 NuGet 6.12.1 is available in Visual Studio 17.12.0 and the .NET 9.0.101 SDK.

@@ -179,3 +179,12 @@ sections:
           If the `target` has been modified manually, NuGet might not be able to detect that it needs removed when migrating.
 
           If your project is `PackageReference` and you still have this target in project file, it should be safe to remove.
+
+      - question: |
+          There is no README in Visual Studio NuGet Package Manager for the selected package.
+        answer: |
+          If you see the message "There is no README available for the selected package version" in Visual Studio NuGet Package Manager, that means that the selected version of the NuGet package does not have an embedded README file.
+          - If this is not the latest version of the package, consider checking the latest version.
+          - If the latest version doesn't have the README file embedded either, and you are not the maintainer of this package, consider filing an issue or contacting the maintainer to request a README.
+          - If you are the maintainer of the package, here is the guide on [how to embed the README in your package](https://aka.ms/nuget/readme). Please note that if you have added the README file on NuGet.org but didn't embed it in your package, the README will not be shown in Visual Studio. 
+