NuGet 6.8 is included in Visual Studio 2022 and .NET 8.0 out of the box. You can also download NuGet 6.8 for Windows, macOS, and Linux as a standalone executable.Maintaining and understanding security status in your projects is now easier than ever in NuGet 6.8.The post Announcing NuGet 6.8 – Maintaining Security with Ease appeared first on The NuGet Blog.
Mistakes were madeWhen we first published the plan for the effort of HTTPS everywhere, we wanted to get developer community feedback on the various HTTP and HTTPS scenarios that we don’t have much everyday visibility of. After we published that blog,The post HTTPS Everywhere Update appeared first on The NuGet Blog.
NuGet 6.7 is included in Visual Studio 2022 and .NET 7.0 out of the box. You can also download NuGet 6.7 for Windows, macOS, and Linux as a standalone executable.Security is a chain; it’s only as strong as its weakest link.The post Announcing NuGet 6.7 – Keeping You Secure appeared first on The NuGet Blog.
Action required: If you validate that packages are author-signed by Microsoft using a NuGet client policy or the NuGet.exe verify command, please follow these steps by August 14th, 2023 to avoid potential disruptions when installing new Microsoft packages. If you are unsure,The post The Microsoft author-signing certificate will be updated as soon as August 14th, 2023 appeared first on The NuGet Blog.
There are many let's encrypt automatic tools for azure but I also wanted to see if I could use certbot in wsl to generate a wildcard certificate for the azure Friday website and then upload the resulting certificates to azure app service. Azure app service ultimately needs a specific format called dot PFX that includes the full certificate path and all intermediates. Per the docs, App Service private certificates must meet the following requirements: Exported as a password-protected PFX file, encrypted using triple DES. Contains private key at least 2048 bits long Contains all intermediate certificates and the root certificate in the certificate chain. If you have a PFX that doesn't meet all these requirements you can have Windows reencrypt the file. I use WSL and certbot to create the cert, then I import/export in Windows and upload the resulting PFX. Within WSL, install certbot:sudo apt updatesudo apt install python3 python3-venv libaugeas0sudo python3 -m venv /opt/certbot/sudo /opt/certbot/bin/pip install --upgrade pipThen I generate the cert. You'll get a nice text UI from certbot and update your DNS as a verification challenge. Change this to make sure it's two lines, and your domains and subdomains are correct and your paths are correct.sudo certbot certonly --manual --preferred-challenges=dns --email YOUR@EMAIL.COM --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --manual-public-ip-logging-ok -d "azurefriday.com" -d "*.azurefriday.com"sudo openssl pkcs12 -export -out AzureFriday2023.pfx -inkey /etc/letsencrypt/live/azurefriday.com/privkey.pem -in /etc/letsencrypt/live/azurefriday.com/fullchain.pemI then copy the resulting file to my desktop (check your desktop path) so it's now in the Windows world.sudo cp AzureFriday2023.pfx /mnt/c/Users/Scott/OneDrive/DesktopNow from Windows, import the PFX, note the thumbnail and export that cert.Import-PfxCertificate -FilePath "AzureFriday2023.pfx" -CertStoreLocation Cert:LocalMachineMy -Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Force) -ExportableExport-PfxCertificate -Cert Microsoft.PowerShell.SecurityCertificate::LocalMachineMy597THISISTHETHUMBNAILCF1157B8CEBB7CA1 -FilePath 'AzureFriday2023-fixed.pfx' -Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Force) Then upload the cert to the Certificates section of your App Service, under Bring Your Own Cert. Then under Custom Domains, click Update Binding and select the new cert (with the latest expiration date).Next step is to make this even more automatic or select a more automated solution but for now, I'll worry about this in September and it solved my expensive Wildcard Domain issue.© 2021 Scott Hanselman. All rights reserved.
GitHub Next has this cool project that is basically Copilot for the CLI (command line interface). You can sign up for their waitlist at the Copilot for CLI site. Copilot for CLI provides three shell commands: ??, git? and gh? This is cool and all, but I use PowerShell. Turns out these ?? commands are just router commands to a larger EXE called github-copilot-cli. So if you go "?? something" you're really going "github-copilot-cli what-the-shell something." So this means I should be able to to do the same/similar aliases for my PowerShell prompt AND change the injected prompt (look at me I'm a prompt engineer) to add 'use powershell to.' Now it's not perfect, but hopefully it will make the point to the Copilot CLI team that PowerShell needs love also. Here are my aliases. Feel free to suggest if these suck. Note the addition of "user powershell to" for the ?? one. I may make a ?? and a p? where one does bash and one does PowerShell. I could also have it use wsl.exe and shell out to bash. Lots of possibilities.function ?? { $TmpFile = New-TemporaryFile github-copilot-cli what-the-shell ('use powershell to ' + $args) --shellout $TmpFile if ([System.IO.File]::Exists($TmpFile)) { $TmpFileContents = Get-Content $TmpFile if ($TmpFileContents -ne $nill) { Invoke-Expression $TmpFileContents Remove-Item $TmpFile } }}function git? { $TmpFile = New-TemporaryFile github-copilot-cli git-assist $args --shellout $TmpFile if ([System.IO.File]::Exists($TmpFile)) { $TmpFileContents = Get-Content $TmpFile if ($TmpFileContents -ne $nill) { Invoke-Expression $TmpFileContents Remove-Item $TmpFile } }}function gh? { $TmpFile = New-TemporaryFile github-copilot-cli gh-assist $args --shellout $TmpFile if ([System.IO.File]::Exists($TmpFile)) { $TmpFileContents = Get-Content $TmpFile if ($TmpFileContents -ne $nill) { Invoke-Expression $TmpFileContents Remove-Item $TmpFile } }} It also then offers to run the command. Very smooth. Hope you like it. Lots of fun stuff happening in this space.© 2021 Scott Hanselman. All rights reserved.
In recent years, the .NET open source community and NuGet package registry have become increasingly important for sharing code. However, with the growth of these platforms, there has also been a rise in unexpected behavior and hate speech, which can be harmful and intimidating to many users.The post NuGet.org Terms of Service Update on Unexpected Behavior and Hate Speech appeared first on The NuGet Blog.
Based on our recent customer interviews and surveys, one of the top problems that package consumers face is insufficient package documentation, such as README, changelog, examples, and API reference. On the other hand, package authors may struggle with best practices for creating a clear and concise README.The post Write a high-quality README for NuGet packages appeared first on The NuGet Blog.
