Search code examples
visual-studionuget

Why does NuGet not show all updates?

The below is a screenshot for the NuGet for a project. The Updates tab lists no packages.

But this Installed shows this package that is 2 major versions out of date. I have seen this happen before.

Is there a way to have Update show all libraries that can be updated?

enter image description here

Solution

  • As @zivkan said, Updates tab only shows directly referenced packages, not transitive packages. I guess it could be by-design. From looking at this Introducing Transitive Dependencies in Visual Studio, we can know that Transitive Packages in Installed tab is a new feature in VS17.3. It seems that Transitive Packages is not supported in Updates tab now.

    You can run get-package -updates in PM command to verify it: Only Top-level packages are detected for update.

    As for a workaround, you can promote this transitive dependency to a top-level dependency. This will override a resolved version to an unaffected version of a library that has a known vulnerability until a patch has been released. After that, you could see this packages in Updates tab.

    Right click this transitive package->select a new version->Install enter image description here enter image description here

    Besides, you can also raise a feature request from here:

    https://developercommunity.visualstudio.com/VisualStudio/suggest

    That will allow you to directly interact with the appropriate product group, and make it more convenient for the product group to collect and categorize your suggestions.