diff --git a/src/arcade/Arcade.slnx b/src/arcade/Arcade.slnx
index cc381104afc..a4c51eaafd6 100644
--- a/src/arcade/Arcade.slnx
+++ b/src/arcade/Arcade.slnx
@@ -45,6 +45,7 @@
   <Project Path="src/Microsoft.DotNet.Arcade.Sdk/Microsoft.DotNet.Arcade.Sdk.csproj" />
   <Project Path="src/Microsoft.DotNet.ArcadeAzureIntegration/Microsoft.DotNet.ArcadeAzureIntegration.csproj" />
   <Project Path="src/Microsoft.DotNet.ArcadeLogging/Microsoft.DotNet.ArcadeLogging.csproj" />
+  <Project Path="src/Microsoft.DotNet.Baselines.Tasks/Microsoft.DotNet.Baselines.Tasks.csproj" />
   <Project Path="src/Microsoft.DotNet.Build.Manifest/Microsoft.DotNet.Build.Manifest.csproj" />
   <Project Path="src/Microsoft.DotNet.Build.Tasks.Archives/Microsoft.DotNet.Build.Tasks.Archives.csproj" />
   <Project Path="src/Microsoft.DotNet.Build.Tasks.Feed/Microsoft.DotNet.Build.Tasks.Feed.csproj" />
@@ -71,7 +72,6 @@
   <Project Path="src/Microsoft.DotNet.SourceBuild/tasks/Microsoft.DotNet.SourceBuild.Tasks.csproj" />
   <Project Path="src/Microsoft.DotNet.StrongName/Microsoft.DotNet.StrongName.csproj" />
   <Project Path="src/Microsoft.DotNet.Tar/Microsoft.DotNet.Tar.csproj" />
-  <Project Path="src/Microsoft.DotNet.Baselines.Tasks/Microsoft.DotNet.Baselines.Tasks.csproj" />
   <Project Path="src/Microsoft.DotNet.XliffTasks/Microsoft.DotNet.XliffTasks.csproj" />
   <Project Path="src/Microsoft.DotNet.XUnitAssert/src/Microsoft.DotNet.XUnitAssert.csproj" />
   <Project Path="src/Microsoft.DotNet.XUnitConsoleRunner/src/Microsoft.DotNet.XUnitConsoleRunner.csproj" />
diff --git a/src/arcade/eng/Version.Details.props b/src/arcade/eng/Version.Details.props
index 39ca5e519b3..74f32236a9c 100644
--- a/src/arcade/eng/Version.Details.props
+++ b/src/arcade/eng/Version.Details.props
@@ -14,8 +14,8 @@ This file should be imported by eng/Versions.props
     <!-- dotnet/templating dependencies -->
     <MicrosoftTemplateEngineAuthoringTasksPackageVersion>10.0.100-preview.4.25220.1</MicrosoftTemplateEngineAuthoringTasksPackageVersion>
     <!-- dotnet/arcade dependencies -->
-    <MicrosoftDotNetArcadeSdkPackageVersion>10.0.0-beta.25469.2</MicrosoftDotNetArcadeSdkPackageVersion>
-    <MicrosoftDotNetHelixSdkPackageVersion>10.0.0-beta.25469.2</MicrosoftDotNetHelixSdkPackageVersion>
+    <MicrosoftDotNetArcadeSdkPackageVersion>10.0.0-beta.25507.1</MicrosoftDotNetArcadeSdkPackageVersion>
+    <MicrosoftDotNetHelixSdkPackageVersion>10.0.0-beta.25507.1</MicrosoftDotNetHelixSdkPackageVersion>
     <!-- dotnet/arcade-services dependencies -->
     <MicrosoftDotNetDarcLibPackageVersion>1.1.0-beta.25424.1</MicrosoftDotNetDarcLibPackageVersion>
     <MicrosoftDotNetProductConstructionServiceClientPackageVersion>1.1.0-beta.25424.1</MicrosoftDotNetProductConstructionServiceClientPackageVersion>
diff --git a/src/arcade/eng/Version.Details.xml b/src/arcade/eng/Version.Details.xml
index b108dd09482..8e4ff3e2e9b 100644
--- a/src/arcade/eng/Version.Details.xml
+++ b/src/arcade/eng/Version.Details.xml
@@ -20,13 +20,13 @@
       <Uri>https://github.com/dotnet/templating</Uri>
       <Sha>43b5827697e501c442eb75ffff832cd4df2514fe</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="10.0.0-beta.25469.2">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="10.0.0-beta.25507.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>6275af47ebda0d394d4a5a401b77bc6f2304204a</Sha>
+      <Sha>4eaa220ea860cee9fa61df42411bbf79394edd23</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="10.0.0-beta.25469.2">
+    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="10.0.0-beta.25507.1">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>6275af47ebda0d394d4a5a401b77bc6f2304204a</Sha>
+      <Sha>4eaa220ea860cee9fa61df42411bbf79394edd23</Sha>
     </Dependency>
     <Dependency Name="Microsoft.DotNet.ProductConstructionService.Client" Version="1.1.0-beta.25424.1">
       <Uri>https://github.com/dotnet/arcade-services</Uri>
diff --git a/src/arcade/global.json b/src/arcade/global.json
index a90a1ab74f6..b8b866ce354 100644
--- a/src/arcade/global.json
+++ b/src/arcade/global.json
@@ -12,8 +12,8 @@
     "dotnet": "10.0.100-rc.1.25451.107"
   },
   "msbuild-sdks": {
-    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.25469.2",
-    "Microsoft.DotNet.Helix.Sdk": "10.0.0-beta.25469.2",
+    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.25507.1",
+    "Microsoft.DotNet.Helix.Sdk": "10.0.0-beta.25507.1",
     "Microsoft.Build.NoTargets": "3.7.0"
   }
 }
diff --git a/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/bundle/bundle.wxs b/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/bundle/bundle.wxs
index b7fb42ee99b..1c5db2ade1d 100644
--- a/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/bundle/bundle.wxs
+++ b/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/bundle/bundle.wxs
@@ -61,7 +61,15 @@
       </BootstrapperApplication>
     <?endif?>
 
-    <SoftwareTag Regid="microsoft.com" InstallPath="[ProgramFiles6432Folder]dotnet" />
+    <?if $(var.Platform)=x64?>
+      <SoftwareTag Regid="microsoft.com" InstallPath="[ProgramFiles64Folder]dotnet" />
+    <?endif?>
+    <?if $(var.Platform)=arm64?>
+      <SoftwareTag Regid="microsoft.com" InstallPath="[ProgramFiles64Folder]dotnet" />
+    <?endif?>
+    <?if $(var.Platform)=x86?>
+      <SoftwareTag Regid="microsoft.com" InstallPath="[ProgramFilesFolder]dotnet" />
+    <?endif?>
 
     <!-- Variables used solely for localization. -->
     <Variable Name="BUNDLEMONIKER" Type="string" Value="$(var.ProductMoniker) ($(var.TargetArchitectureDescription))" bal:Overridable="no" />
diff --git a/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/wix.targets b/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/wix.targets
index 8632bcf50af..742bf80955f 100644
--- a/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/wix.targets
+++ b/src/arcade/src/Microsoft.DotNet.Build.Tasks.Installers/build/wix5/wix.targets
@@ -340,7 +340,7 @@
       <CandleVariables Include="BuildVersion" Value="$(MsiVersionString)" />
       <CandleVariables Include="NugetVersion" Value="$(Version)" />
       <CandleVariables Include="InstallerPlatform" Value="$(MsiArch)" />
-      <CandleVariables Include="Platform" Value="$(MsiArch)" />
+      <CandleVariables Include="Platform" Value="$(InstallerTargetArchitecture)" />
       <CandleVariables Include="TargetArchitectureDescription" Value="$(InstallerTargetArchitecture)$(CrossArchContentsBuildPart)" />
       <CandleVariables Include="UpgradeCode" Value="$(UpgradeCode)" />
       <CandleVariables Include="MajorUpgradeSchedule" Value="$(MajorUpgradeSchedule)" Condition="'$(MajorUpgradeSchedule)' != ''" />
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool.Tests/Resources/InnerZipFile.zip b/src/arcade/src/Microsoft.DotNet.SignTool.Tests/Resources/InnerZipFile.zip
new file mode 100644
index 00000000000..333b5199c4e
Binary files /dev/null and b/src/arcade/src/Microsoft.DotNet.SignTool.Tests/Resources/InnerZipFile.zip differ
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs b/src/arcade/src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs
index cacd084dab3..3b4cd8581ea 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool.Tests/SignToolTests.cs
@@ -1281,6 +1281,93 @@ public void SignZipFile()
             });
         }
 
+        [Fact]
+        public void SignArchivesUsingDetachedSignature()
+        {
+            // List of files to be considered for signing
+            var itemsToSign = new List<ItemToSign>()
+            {
+                new ItemToSign(GetResourcePath("test.zip")),
+                new ItemToSign(GetResourcePath("test.tgz")),
+                new ItemToSign(GetResourcePath("NestedZip.zip")),
+                new ItemToSign(GetResourcePath("InnerZipFile.zip"))
+            };
+
+            var strongNameSignInfo = new Dictionary<string, List<SignInfo>>();
+
+            // Overriding information
+            var explicitCertKeys = new Dictionary<ExplicitCertificateKey, string>()
+            {
+                { new ExplicitCertificateKey("test.zip"), "ArchiveCert" },
+                { new ExplicitCertificateKey("test.tgz"), "ArchiveCert" },
+                { new ExplicitCertificateKey("InnerZipFile.zip"), "ArchiveCert" }
+            };
+
+            var additionalCertificateInfo = new Dictionary<string, List<AdditionalCertificateInformation>>()
+            {
+                {  "ArchiveCert",
+                    new List<AdditionalCertificateInformation>() {
+                        new AdditionalCertificateInformation() { GeneratesDetachedSignature = true }
+                    }
+                }
+            };
+
+            ValidateFileSignInfos(itemsToSign, strongNameSignInfo, explicitCertKeys, s_fileExtensionSignInfo, new[]
+            {
+                "File 'NativeLibrary.dll' Certificate='Microsoft400'",
+                "File 'SOS.NETCore.dll' TargetFramework='.NETCoreApp,Version=v1.0' Certificate='Microsoft400'",
+                "File 'Nested.NativeLibrary.dll' Certificate='Microsoft400'",
+                "File 'Nested.SOS.NETCore.dll' TargetFramework='.NETCoreApp,Version=v1.0' Certificate='Microsoft400'",
+                "File 'test.zip' Certificate='ArchiveCert'",
+                "File 'test.tgz' Certificate='ArchiveCert'",
+                "File 'InnerZipFile.zip' Certificate='ArchiveCert'",
+                "File 'Mid.SOS.NETCore.dll' TargetFramework='.NETCoreApp,Version=v1.0' Certificate='Microsoft400'",
+                "File 'MidNativeLibrary.dll' Certificate='Microsoft400'",
+                "File 'NestedZip.zip'",
+            },
+            additionalCertificateInfo: additionalCertificateInfo,
+            expectedCopyFiles: new[]
+            {
+                $"{Path.Combine(_tmpDir, "ContainerSigning", "6", "InnerZipFile.zip")} -> {Path.Combine(_tmpDir, "InnerZipFile.zip")}",
+                $"{Path.Combine(_tmpDir, "ContainerSigning", "6", "InnerZipFile.zip.sig")} -> {Path.Combine(_tmpDir, "InnerZipFile.zip.sig")}"
+            });
+
+            ValidateGeneratedProject(itemsToSign, strongNameSignInfo, explicitCertKeys, s_fileExtensionSignInfo, new[]
+            {
+$@"
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "ContainerSigning", "0", "NativeLibrary.dll"))}"">
+  <Authenticode>Microsoft400</Authenticode>
+</FilesToSign>
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "ContainerSigning", "1", "SOS.NETCore.dll"))}"">
+  <Authenticode>Microsoft400</Authenticode>
+</FilesToSign>
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "ContainerSigning", "2", "this_is_a_big_folder_name_look/this_is_an_even_more_longer_folder_name/but_this_one_is_ever_longer_than_the_previous_other_two/Nested.NativeLibrary.dll"))}"">
+  <Authenticode>Microsoft400</Authenticode>
+</FilesToSign>
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "ContainerSigning", "3", "this_is_a_big_folder_name_look/this_is_an_even_more_longer_folder_name/but_this_one_is_ever_longer_than_the_previous_other_two/Nested.SOS.NETCore.dll"))}"">
+  <Authenticode>Microsoft400</Authenticode>
+</FilesToSign>
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "ContainerSigning", "7", "Mid.SOS.NETCore.dll"))}"">
+  <Authenticode>Microsoft400</Authenticode>
+</FilesToSign>
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "ContainerSigning", "8", "MidNativeLibrary.dll"))}"">
+  <Authenticode>Microsoft400</Authenticode>
+</FilesToSign>
+",
+$@"
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "test.zip"))}"">
+  <Authenticode>ArchiveCert</Authenticode>
+</FilesToSign>
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "test.tgz"))}"">
+  <Authenticode>ArchiveCert</Authenticode>
+</FilesToSign>
+<FilesToSign Include=""{Uri.EscapeDataString(Path.Combine(_tmpDir, "ContainerSigning", "6", "InnerZipFile.zip"))}"">
+  <Authenticode>ArchiveCert</Authenticode>
+</FilesToSign>
+"
+            }, additionalCertificateInfo: additionalCertificateInfo);
+        }
+
         /// <summary>
         /// Verifies that signing of pkgs can be done on Windows, even though
         /// we will not unpack or repack them.
@@ -2590,6 +2677,11 @@ public void ValidateSignToolTaskParsing()
                 }),
                 // Signed pe file
                 new TaskItem(GetResourcePath("SignedLibrary.dll"), new Dictionary<string, string>
+                {
+                    { SignToolConstants.CollisionPriorityId, "123" }
+                }),
+                // Sign a test.zip
+                new TaskItem(GetResourcePath("test.zip"), new Dictionary<string, string>
                 {
                     { SignToolConstants.CollisionPriorityId, "123" }
                 })
@@ -2621,6 +2713,11 @@ public void ValidateSignToolTaskParsing()
                     { "CertificateName", "DualSignCertificate" },
                     { "PublicKeyToken", "31bf3856ad364e35" },
                     { "CollisionPriorityId", "123" }
+                }),
+                new TaskItem("test.zip", new Dictionary<string, string>
+                {
+                    { "CertificateName", "DetachedArchiveCert" },
+                    { "CollisionPriorityId", "123" }
                 })
             };
 
@@ -2637,7 +2734,11 @@ public void ValidateSignToolTaskParsing()
                     { "MacCertificate", "MacDeveloperHarden" },
                     { "MacNotarizationAppName", "com.microsoft.dotnet" },
                     { "CollisionPriorityId", "123" }
-                })
+                }),
+                new TaskItem("DetachedArchiveCert", new Dictionary<string, string>
+                {
+                    { "DetachedSignature", "true" }
+                }),
             };
 
             var task = new SignToolTask
@@ -2670,7 +2771,11 @@ public void ValidateSignToolTaskParsing()
                 "File 'ProjectOne.dll' TargetFramework='.NETCoreApp,Version=v2.1' Certificate='3PartySHA2' StrongName='ArcadeStrongTest'",
                 "File 'ProjectOne.dll' TargetFramework='.NETStandard,Version=v2.0' Certificate='OverrideCertificateName' StrongName='ArcadeStrongTest'",
                 "File 'ContainerOne.1.0.0.nupkg' Certificate='NuGet'",
-                "File 'SignedLibrary.dll' TargetFramework='.NETCoreApp,Version=v2.0' Certificate='DualSignCertificate'"
+                "File 'SignedLibrary.dll' TargetFramework='.NETCoreApp,Version=v2.0' Certificate='DualSignCertificate'",
+                "File 'SOS.NETCore.dll' TargetFramework='.NETCoreApp,Version=v1.0' Certificate='Microsoft400'",
+                "File 'Nested.NativeLibrary.dll' Certificate='Microsoft400'",
+                "File 'Nested.SOS.NETCore.dll' TargetFramework='.NETCoreApp,Version=v1.0' Certificate='Microsoft400'",
+                "File 'test.zip' Certificate='DetachedArchiveCert'"
             };
             task.ParsedSigningInput.FilesToSign.Select(f => f.ToString()).Should().BeEquivalentTo(expected);
         }
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/AdditionalCertificateInformation.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/AdditionalCertificateInformation.cs
index e7e2ed2f4a2..06f87035dee 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/AdditionalCertificateInformation.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/AdditionalCertificateInformation.cs
@@ -21,6 +21,10 @@ public class AdditionalCertificateInformation
         /// If the certificate name represents a sign+notarize operation, this is the name of the notarize operation.
         /// </summary>
         public string MacNotarizationAppName { get; set; }
+        /// <summary>
+        /// If true, this certificate should generate detached signatures instead of in-place signing.
+        /// </summary>
+        public bool GeneratesDetachedSignature { get; set; }
         public string CollisionPriorityId { get; set; }
     }
 }
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/BatchSignUtil.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/BatchSignUtil.cs
index 1eaca00b273..ecd63cf0009 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/BatchSignUtil.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/BatchSignUtil.cs
@@ -554,9 +554,10 @@ private void VerifyCertificates(TaskLoggingHelper log)
                 }
                 else if (fileName.IsZip())
                 {
-                    if (fileName.SignInfo.Certificate != null)
+                    // Zip files can't be signed without a detached signature. If a certificate is provided but the signature is not detached.
+                    if (!fileName.SignInfo.GeneratesDetachedSignature && fileName.SignInfo.Certificate != null)
                     {
-                        log.LogError($"Zip {fileName} should not be signed with this certificate: {fileName.SignInfo.Certificate}");
+                        log.LogError($"'{fileName}' may only be signed with a detached signature. '{fileName.SignInfo.Certificate}' does not produce a detached signature");
                     }
 
                     if (fileName.SignInfo.StrongName != null)
@@ -564,6 +565,19 @@ private void VerifyCertificates(TaskLoggingHelper log)
                         log.LogError($"Zip {fileName} cannot be strong name signed.");
                     }
                 }
+                else if (fileName.IsTarGZip())
+                {
+                    // Tar.gz files can't be signed without a detached signature. If a certificate is provided but the signature is not detached.
+                    if (!fileName.SignInfo.GeneratesDetachedSignature && fileName.SignInfo.Certificate != null)
+                    {
+                        log.LogError($"'{fileName}' may only be signed with a detached signature. '{fileName.SignInfo.Certificate}' does not produce a detached signature");
+                    }
+                    
+                    if (fileName.SignInfo.StrongName != null)
+                    {
+                        log.LogError($"TarGZip {fileName} cannot be strong name signed.");
+                    }
+                }
                 if (fileName.IsExecutableWixContainer())
                 {
                     if (isInvalidEmptyCertificate)
@@ -589,7 +603,28 @@ private void VerifyAfterSign(TaskLoggingHelper log, FileSignInfo file)
             // No need to check if the file should not have been signed.
             if (file.SignInfo.ShouldSign)
             {
-                if (file.IsPEFile())
+                // For files with detached signatures, verify the .sig file exists
+                if (file.SignInfo.GeneratesDetachedSignature)
+                {
+                    string sigFilePath = file.DetachedSignatureFullPath;
+                    if (!File.Exists(sigFilePath))
+                    {
+                        _log.LogError($"Detached signature file {sigFilePath} does not exist for {file.FullPath}");
+                    }
+                    else
+                    {
+                        var fileInfo = new FileInfo(sigFilePath);
+                        if (fileInfo.Length == 0)
+                        {
+                            _log.LogError($"Detached signature file {sigFilePath} is empty.");
+                        }
+                        else
+                        {
+                            _log.LogMessage(MessageImportance.Low, $"Detached signature file {sigFilePath} exists and is non-empty.");
+                        }
+                    }
+                }
+                else if (file.IsPEFile())
                 {
                     using (var stream = File.OpenRead(file.FullPath))
                     {
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/Configuration.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/Configuration.cs
index 8a48211bb31..1eb5b38408c 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/Configuration.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/Configuration.cs
@@ -224,6 +224,14 @@ private FileSignInfo TrackFile(PathWithHash file, PathWithHash parentContainer,
 
                 // Copy the signed content to the destination path.
                 _filesToCopy.Add(new KeyValuePair<string, string>(existingSignInfo.FullPath, file.FullPath));
+
+                // If this is a top-level file that uses detached signatures, also copy the detached signature file
+                if (existingSignInfo.SignInfo.GeneratesDetachedSignature)
+                {
+                    _filesToCopy.Add(new KeyValuePair<string, string>(existingSignInfo.DetachedSignatureFullPath, fileSignInfo.DetachedSignatureFullPath));
+                    _log.LogMessage(MessageImportance.Low, $"Will copy detached signature from '{existingSignInfo.DetachedSignatureFullPath}' to '{fileSignInfo.DetachedSignatureFullPath}'");
+                }
+                
                 return fileSignInfo;
             }
 
@@ -262,7 +270,7 @@ private FileSignInfo TrackFile(PathWithHash file, PathWithHash parentContainer,
                 // Only sign containers if the file itself is unsigned, or 
                 // an item in the container is unsigned.
                 hasSignableParts = _zipDataMap[fileSignInfo.FileContentKey].NestedParts.Values.Any(b => b.FileSignInfo.SignInfo.ShouldSign || b.FileSignInfo.HasSignableParts);
-                if(hasSignableParts)
+                if (hasSignableParts)
                 {
                     // If the file has contents that need to be signed, then re-evaluate the signing info
                     fileSignInfo = fileSignInfo.WithSignableParts();
@@ -529,6 +537,12 @@ private FileSignInfo ExtractSignInfo(
 
                 Check3rdPartyMicrosoftSignatureMismatch(file, peInfo, signInfo);
 
+                // Check if this cert should use detached signatures instead of in-place signing
+                if (ShouldUseDetachedSignature(file, signInfo))
+                {
+                    signInfo = signInfo.WithDetachedSignature(signInfo.Certificate);
+                }
+
                 return new FileSignInfo(file, signInfo, (peInfo != null && peInfo.TargetFramework != "") ? peInfo.TargetFramework : null, wixContentFilePath: wixContentFilePath);
             }
 
@@ -864,5 +878,27 @@ private bool ShouldSkip3rdPartyCheck(string fileName)
         {
             return _itemsToSkip3rdPartyCheck != null && _itemsToSkip3rdPartyCheck.Contains(Path.GetFileName(fileName));
         }
+
+        /// <summary>
+        /// Determines if a file should use detached signatures based on certificate configuration.
+        /// </summary>
+        /// <param name="file">The file to check</param>
+        /// <returns>True if the file should use detached signatures</returns>
+        private bool ShouldUseDetachedSignature(PathWithHash file, SignInfo signInfo)
+        {
+            // Check if the certificate is configured for detached signatures
+            if (signInfo.Certificate != null && _additionalCertificateInformation.TryGetValue(signInfo.Certificate, out var additionalInfo))
+            {
+                var additionalCertInfo = additionalInfo.FirstOrDefault(a => string.IsNullOrEmpty(a.CollisionPriorityId) ||
+                                                                   a.CollisionPriorityId == signInfo.CollisionPriorityId);
+                if (additionalCertInfo != null && additionalCertInfo.GeneratesDetachedSignature)
+                {
+                    _log.LogMessage(MessageImportance.Low, $"File {file.FileName} will use detached signatures based on certificate configuration");
+                    return true;
+                }
+            }
+            
+            return false;
+        }
     }
 }
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/ExplicitCertificateKey.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/ExplicitCertificateKey.cs
index b8c775ddb36..14f4531cbcf 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/ExplicitCertificateKey.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/ExplicitCertificateKey.cs
@@ -25,20 +25,6 @@ public ExplicitCertificateKey(string fileName, string publicKeyToken = null, str
             ExecutableType = executableType;
         }
 
-        private static ExecutableType ParseExecutableType(string executableType)
-        {
-            if (string.IsNullOrEmpty(executableType))
-                return ExecutableType.None;
-
-            return executableType switch
-            {
-                "PE" => ExecutableType.PE,
-                "MachO" => ExecutableType.MachO,
-                "ELF" => ExecutableType.ELF,
-                _ => ExecutableType.None
-            };
-        }
-
         public override bool Equals(object obj)
             => obj is ExplicitCertificateKey key && Equals(key);
 
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/FileSignInfo.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/FileSignInfo.cs
index 62e5c8636f6..47062c119c6 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/FileSignInfo.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/FileSignInfo.cs
@@ -17,6 +17,9 @@ internal readonly struct FileSignInfo
         internal readonly SignInfo SignInfo;
         internal ImmutableArray<byte> ContentHash => File.ContentHash;
         internal readonly string WixContentFilePath;
+        internal string DetachedSignatureFilePath => $"{FileName}.sig";
+        internal string DetachedSignatureFullPath => $"{FullPath}.sig";
+
         internal readonly PathWithHash File;
 
         // optional file information that allows to disambiguate among multiple files with the same name:
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/SignInfo.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/SignInfo.cs
index a6bb1087218..2f618337432 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/SignInfo.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/SignInfo.cs
@@ -18,6 +18,11 @@ internal readonly struct SignInfo
         /// </summary>
         public static readonly SignInfo AlreadySigned = new SignInfo(ignoreThisFile: false, alreadySigned: true, isAlreadyStrongNamed: false);
 
+        /// <summary>
+        /// Used to flag that the file should generate a detached signature.
+        /// </summary>
+        public static readonly SignInfo DetachedSignature = new SignInfo(ignoreThisFile: false, alreadySigned: false, isAlreadyStrongNamed: false, generatesDetachedSignature: true);
+
         /// <summary>
         /// The authenticode certificate which should be used to sign the binary. This can be null
         /// in cases where we have a zip container where the contents are signed but not the actual
@@ -42,6 +47,11 @@ internal readonly struct SignInfo
 
         internal bool IsAlreadySigned { get; }
 
+        /// <summary>
+        /// True if this file should generate a detached signature rather than being signed in-place.
+        /// </summary>
+        internal bool GeneratesDetachedSignature { get; }
+
         /// <summary>
         /// This is used to decide what SignInfos to use in the case of a collision. In case of a collision
         /// we'll use the lower value since it would map a lower node in the graph and has precedence
@@ -57,7 +67,7 @@ internal readonly struct SignInfo
 
         public bool ShouldNotarize => !string.IsNullOrEmpty(NotarizationAppName) && !ShouldIgnore;
 
-        public SignInfo(string certificate, string strongName, string notarizationAppName, string collisionPriorityId, bool shouldIgnore, bool isAlreadySigned, bool isAlreadyStrongNamed)
+        private SignInfo(string certificate, string strongName, string notarizationAppName, string collisionPriorityId, bool shouldIgnore, bool isAlreadySigned, bool isAlreadyStrongNamed, bool generatesDetachedSignature = false)
         {
             ShouldIgnore = shouldIgnore;
             IsAlreadySigned = isAlreadySigned;
@@ -66,10 +76,11 @@ public SignInfo(string certificate, string strongName, string notarizationAppNam
             CollisionPriorityId = collisionPriorityId;
             IsAlreadyStrongNamed = isAlreadyStrongNamed;
             NotarizationAppName = notarizationAppName;
+            GeneratesDetachedSignature = generatesDetachedSignature;
         }
 
-        private SignInfo(bool ignoreThisFile, bool alreadySigned, bool isAlreadyStrongNamed)
-            : this(certificate: null, strongName: null, notarizationAppName: null, collisionPriorityId: null, ignoreThisFile, alreadySigned, isAlreadyStrongNamed)
+        private SignInfo(bool ignoreThisFile, bool alreadySigned, bool isAlreadyStrongNamed, bool generatesDetachedSignature = false)
+            : this(certificate: null, strongName: null, notarizationAppName: null, collisionPriorityId: null, ignoreThisFile, alreadySigned, isAlreadyStrongNamed, generatesDetachedSignature)
         {
         }
 
@@ -79,20 +90,23 @@ internal SignInfo(string certificate, string strongName = null, string notarizat
         }
 
         internal SignInfo WithCertificateName(string value, string collisionPriorityId)
-            => new SignInfo(value, StrongName, NotarizationAppName, collisionPriorityId, false, false, IsAlreadyStrongNamed);
+            => new SignInfo(value, StrongName, NotarizationAppName, collisionPriorityId, false, false, IsAlreadyStrongNamed, GeneratesDetachedSignature);
 
         internal SignInfo WithNotarization(string appName, string collisionPriorityId)
-            => new SignInfo(Certificate, StrongName, appName, collisionPriorityId, false, false, IsAlreadyStrongNamed);
+            => new SignInfo(Certificate, StrongName, appName, collisionPriorityId, false, false, IsAlreadyStrongNamed, GeneratesDetachedSignature);
 
         internal SignInfo WithCollisionPriorityId(string collisionPriorityId)
-            => new SignInfo(Certificate, StrongName, NotarizationAppName, collisionPriorityId, ShouldIgnore, IsAlreadySigned, IsAlreadyStrongNamed);
+            => new SignInfo(Certificate, StrongName, NotarizationAppName, collisionPriorityId, ShouldIgnore, IsAlreadySigned, IsAlreadyStrongNamed, GeneratesDetachedSignature);
 
         internal SignInfo WithIsAlreadySigned(bool value = false)
             => Certificate != null ? 
-              new SignInfo(Certificate, StrongName, NotarizationAppName, CollisionPriorityId, value, value, IsAlreadyStrongNamed) :
-              new SignInfo(Certificate, StrongName, NotarizationAppName, CollisionPriorityId, true, value, IsAlreadyStrongNamed);
+              new SignInfo(Certificate, StrongName, NotarizationAppName, CollisionPriorityId, value, value, IsAlreadyStrongNamed, GeneratesDetachedSignature) :
+              new SignInfo(Certificate, StrongName, NotarizationAppName, CollisionPriorityId, true, value, IsAlreadyStrongNamed, GeneratesDetachedSignature);
 
         internal SignInfo WithIsAlreadyStrongNamed(bool value = false) =>
-              new SignInfo(Certificate, StrongName, NotarizationAppName, CollisionPriorityId, ShouldIgnore, IsAlreadySigned, value);
+              new SignInfo(Certificate, StrongName, NotarizationAppName, CollisionPriorityId, ShouldIgnore, IsAlreadySigned, value, GeneratesDetachedSignature);
+
+        internal SignInfo WithDetachedSignature(string certificate)
+            => new SignInfo(certificate, StrongName, NotarizationAppName, CollisionPriorityId, false, false, IsAlreadyStrongNamed, true);
     }
 }
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/SignTool.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/SignTool.cs
index 6aa74d2ccc1..6b88e6d156b 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/SignTool.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/SignTool.cs
@@ -13,6 +13,7 @@
 using Microsoft.Build.Utilities;
 using NuGet.Packaging;
 using Microsoft.DotNet.StrongName;
+using System.ComponentModel;
 
 namespace Microsoft.DotNet.SignTool
 {
@@ -148,15 +149,37 @@ private bool AuthenticodeSignAndNotarize(IBuildEngine buildEngine, int round, IE
             
             var zippedPaths = ZipMacFiles(filesToSign);
 
-            // First the signing pass
-            var signProjectPath = Path.Combine(dir, $"Round{round}-Sign.proj");
-            File.WriteAllText(signProjectPath, GenerateBuildFileContent(filesToSign, zippedPaths, false));
-            string signingLogName = $"SigningRound{round}";
-            status = RunMSBuild(buildEngine, signProjectPath, Path.Combine(_args.LogDir, $"{signingLogName}.binlog"), Path.Combine(_args.LogDir, $"{signingLogName}.log"), Path.Combine(_args.LogDir, $"{signingLogName}.error.log"));
+            // Identify files that need detached signatures
+            var detachedSignatureFiles = filesToSign.Where(f => f.SignInfo.GeneratesDetachedSignature).ToList();
+            var originalFileBackups = new Dictionary<string, string>();
 
-            if (!status)
+            try
             {
-                return false;
+                PrepareDetachedSignatureFiles(detachedSignatureFiles, originalFileBackups);
+
+                var signProjectPath = Path.Combine(dir, $"Round{round}-Sign.proj");
+                File.WriteAllText(signProjectPath, GenerateBuildFileContent(filesToSign, zippedPaths, false));
+                string signingLogName = $"SigningRound{round}";
+                status = RunMSBuild(buildEngine, signProjectPath, Path.Combine(_args.LogDir, $"{signingLogName}.binlog"), Path.Combine(_args.LogDir, $"{signingLogName}.log"), Path.Combine(_args.LogDir, $"{signingLogName}.error.log"));
+
+                if (!status)
+                {
+                    return false;
+                }
+
+                // After signing, handle detached signatures
+                CompleteDetachedSignatures(detachedSignatureFiles, originalFileBackups);
+            }
+            finally
+            {
+                // Delete any original detached signature files
+                foreach (var backupPath in originalFileBackups.Values)
+                {
+                    if (File.Exists(backupPath))
+                    {
+                        File.Delete(backupPath);
+                    }
+                }
             }
 
             // Now unzip. Notarization does not expect zipped packages.
@@ -175,6 +198,47 @@ private bool AuthenticodeSignAndNotarize(IBuildEngine buildEngine, int round, IE
             return status;
         }
 
+        /// <summary>
+        /// Copies the signed content to the .sig file and restores the original file.
+        /// </summary>
+        /// <param name="detachedSignatureFiles"></param>
+        /// <param name="originalFileBackups"></param>
+        private void CompleteDetachedSignatures(List<FileSignInfo> detachedSignatureFiles, Dictionary<string, string> originalFileBackups)
+        {
+            foreach (var fileInfo in detachedSignatureFiles)
+            {
+                // Copy the signed content to .sig file
+                File.Copy(fileInfo.FullPath, fileInfo.DetachedSignatureFullPath);
+                _log.LogMessage($"Created detached signature file: {fileInfo.DetachedSignatureFullPath}");
+
+                // Restore the original file
+                string backupPath = originalFileBackups[fileInfo.FullPath];
+                File.Copy(backupPath, fileInfo.FullPath, overwrite: true);
+                _log.LogMessage($"Restored original file: {fileInfo.FullPath}");
+            }
+        }
+
+        /// <summary>
+        /// Creates backup copies of the specified files to prepare for detached signature operations.
+        /// </summary>
+        /// <remarks>Each file is backed up by copying it to a new file with the ".original" extension
+        /// appended to its path. The method updates the provided dictionary to allow later restoration of the original
+        /// files if needed.</remarks>
+        /// <param name="detachedSignatureFiles">A list of file information objects representing the files for which detached signature backups will be
+        /// created. Each file in the list will be copied to a backup location.</param>
+        /// <param name="originalFileBackups">A dictionary that will be populated with mappings from the original file paths to their corresponding backup
+        /// file paths. The dictionary is updated in place.</param>
+        private void PrepareDetachedSignatureFiles(List<FileSignInfo> detachedSignatureFiles, Dictionary<string, string> originalFileBackups)
+        {
+            foreach (var fileInfo in detachedSignatureFiles)
+            {
+                string backupPath = fileInfo.FullPath + ".original";
+                File.Copy(fileInfo.FullPath, backupPath);
+                originalFileBackups[fileInfo.FullPath] = backupPath;
+                _log.LogMessage($"Backed up original file for detached signature: {fileInfo.FullPath} -> {backupPath}");
+            }
+        }
+
         private string GenerateBuildFileContent(IEnumerable<FileSignInfo> filesToSign, Dictionary<string, string> zippedPaths, bool notarize)
         {
             var builder = new StringBuilder();
diff --git a/src/arcade/src/Microsoft.DotNet.SignTool/src/SignToolTask.cs b/src/arcade/src/Microsoft.DotNet.SignTool/src/SignToolTask.cs
index b999bbd6502..14d65f5bf0f 100644
--- a/src/arcade/src/Microsoft.DotNet.SignTool/src/SignToolTask.cs
+++ b/src/arcade/src/Microsoft.DotNet.SignTool/src/SignToolTask.cs
@@ -336,6 +336,8 @@ private Dictionary<string, List<AdditionalCertificateInformation>> ParseAddition
                     var macSigningOperation = certificateSignInfo.GetMetadata("MacCertificate");
                     var macNotarizationAppName = certificateSignInfo.GetMetadata("MacNotarizationAppName");
                     var collisionPriorityId = certificateSignInfo.GetMetadata(SignToolConstants.CollisionPriorityId);
+                    var detachedSignatureCertificate = certificateSignInfo.GetMetadata("DetachedSignature");
+                    bool detachedSignatureCertificateValue = false;
 
                     if (string.IsNullOrEmpty(macSigningOperation) != string.IsNullOrEmpty(macNotarizationAppName))
                     {
@@ -348,11 +350,18 @@ private Dictionary<string, List<AdditionalCertificateInformation>> ParseAddition
                         continue;
                     }
 
+                    if (!string.IsNullOrEmpty(detachedSignatureCertificate) && !bool.TryParse(detachedSignatureCertificate, out detachedSignatureCertificateValue))
+                    {
+                        Log.LogError($"DetachedSignature must be 'true' or 'false");
+                        continue;
+                    }
+
                     var additionalCertInfo = new AdditionalCertificateInformation
                     {
                         DualSigningAllowed = dualSignAllowedValue,
                         MacSigningOperation = macSigningOperation,
                         MacNotarizationAppName = macNotarizationAppName,
+                        GeneratesDetachedSignature = detachedSignatureCertificateValue,
                         CollisionPriorityId = collisionPriorityId
                     };
 
diff --git a/src/nuget-client/build/DotNetSdkTestVersions.txt b/src/nuget-client/build/DotNetSdkTestVersions.txt
index 041f89b91b4..d4a2109c8e2 100644
--- a/src/nuget-client/build/DotNetSdkTestVersions.txt
+++ b/src/nuget-client/build/DotNetSdkTestVersions.txt
@@ -2,4 +2,4 @@
 # To make sure that the right version of dotnet.exe (and maybe other files) is used, always install from lowest version to highest version
 -Channel 8.0 -Runtime dotnet
 -Channel 9.0 -Runtime dotnet
--Channel 10.0.1xx -Version 10.0.100-rc.2.25465.104
+-Channel 10.0.1xx -Quality daily
diff --git a/src/nuget-client/build/common.project.props b/src/nuget-client/build/common.project.props
index 5f7af2d3650..ab90d04409a 100644
--- a/src/nuget-client/build/common.project.props
+++ b/src/nuget-client/build/common.project.props
@@ -142,8 +142,6 @@
   </PropertyGroup>
 
   <PropertyGroup>
-    <AssemblyVersion>$(SemanticVersion).$(PreReleaseVersion)</AssemblyVersion>
-    <AssemblyVersion Condition="'$(TargetFramework)' == '$(NETCoreTargetFramework)'">$(SemanticVersion).0</AssemblyVersion>
     <FileVersion>$(SemanticVersion).$(PreReleaseVersion)</FileVersion>
     <InformationalVersion Condition="'$(BUILD_SOURCEVERSION)' == ''">$(SemanticVersion)$(PreReleaseInformationVersion)</InformationalVersion>
     <InformationalVersion Condition="'$(BUILD_SOURCEVERSION)' != ''">$(SemanticVersion)$(PreReleaseInformationVersion)+$(BUILD_SOURCEVERSION)</InformationalVersion>
diff --git a/src/nuget-client/build/common.targets b/src/nuget-client/build/common.targets
index b0ea719307b..14934090e62 100644
--- a/src/nuget-client/build/common.targets
+++ b/src/nuget-client/build/common.targets
@@ -2,7 +2,7 @@
 <Project ToolsVersion="15.0">
 
   <!-- Set AssemblyVersion in targets as it is TFM dependent. -->
-  <PropertyGroup Condition="'$(AssemblyVersion)' == '' and '$(SemanticVersion)' != ''">
+  <PropertyGroup Condition="'$(AssemblyVersion)' == ''">
     <AssemblyVersion Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework'">$(SemanticVersion).$(PreReleaseVersion)</AssemblyVersion>
     <AssemblyVersion Condition="'$(TargetFrameworkIdentifier)' == '.NETCoreApp'">$(SemanticVersion).0</AssemblyVersion>
   </PropertyGroup>
diff --git a/src/nuget-client/build/config.props b/src/nuget-client/build/config.props
index 83fcdc328ce..26e1ba81e9b 100644
--- a/src/nuget-client/build/config.props
+++ b/src/nuget-client/build/config.props
@@ -22,7 +22,7 @@
     <!-- Preview 3 is typically the last "main branch" preview, so we start using rc at this time -->
     <ReleaseLabel Condition=" '$(ReleaseLabel)' == '' ">rc</ReleaseLabel>
 
-    <IsEscrowMode Condition="'$(IsEscrowMode)' == ''">false</IsEscrowMode>
+    <IsEscrowMode Condition="'$(IsEscrowMode)' == ''">true</IsEscrowMode>
 
     <!-- Visual Studio Insertion Logic -->
     <VsTargetMajorVersion Condition="'$(VsTargetMajorVersion)' == ''">$([MSBuild]::Add(11, $(MajorNuGetVersion)))</VsTargetMajorVersion>
diff --git a/src/nuget-client/eng/Version.Details.props b/src/nuget-client/eng/Version.Details.props
index 02eb28a0001..1092349c1de 100644
--- a/src/nuget-client/eng/Version.Details.props
+++ b/src/nuget-client/eng/Version.Details.props
@@ -21,8 +21,8 @@ This file should be imported by eng/Versions.props
     <!-- dotnet/corefx dependencies -->
     <SystemComponentModelCompositionPackageVersion>4.5.0</SystemComponentModelCompositionPackageVersion>
     <!-- dotnet/dotnet dependencies -->
-    <MicrosoftDotNetArcadeSdkPackageVersion>10.0.0-beta.25420.109</MicrosoftDotNetArcadeSdkPackageVersion>
-    <MicrosoftDotNetXliffTasksPackageVersion>10.0.0-beta.25420.109</MicrosoftDotNetXliffTasksPackageVersion>
+    <MicrosoftDotNetArcadeSdkPackageVersion>10.0.0-beta.25468.104</MicrosoftDotNetArcadeSdkPackageVersion>
+    <MicrosoftDotNetXliffTasksPackageVersion>10.0.0-beta.25468.104</MicrosoftDotNetXliffTasksPackageVersion>
   </PropertyGroup>
   <!--Property group for alternate package version names-->
   <PropertyGroup>
diff --git a/src/nuget-client/eng/Version.Details.xml b/src/nuget-client/eng/Version.Details.xml
index 90dcf3571a7..328e46c38da 100644
--- a/src/nuget-client/eng/Version.Details.xml
+++ b/src/nuget-client/eng/Version.Details.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Dependencies>
-  <Source Uri="https://github.com/dotnet/dotnet" Mapping="nuget-client" Sha="619d5633513d1b31c528db4360833fce52f51829" BarId="280198" />
+  <Source Uri="https://github.com/dotnet/dotnet" Mapping="nuget-client" Sha="2dea164f01d307c409cfe0d0ee5cb8a0691e3c94" BarId="283828" />
   <!--
     Currently this file is required to publish builds to .NET build asset registry.
     See https://github.com/dotnet/arcade/issues/2396 for details.
@@ -56,13 +56,13 @@
     </Dependency>
   </ProductDependencies>
   <ToolsetDependencies>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="10.0.0-beta.25420.109">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="10.0.0-beta.25468.104">
       <Uri>https://github.com/dotnet/dotnet</Uri>
-      <Sha>619d5633513d1b31c528db4360833fce52f51829</Sha>
+      <Sha>2dea164f01d307c409cfe0d0ee5cb8a0691e3c94</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.XliffTasks" Version="10.0.0-beta.25420.109">
+    <Dependency Name="Microsoft.DotNet.XliffTasks" Version="10.0.0-beta.25468.104">
       <Uri>https://github.com/dotnet/dotnet</Uri>
-      <Sha>619d5633513d1b31c528db4360833fce52f51829</Sha>
+      <Sha>2dea164f01d307c409cfe0d0ee5cb8a0691e3c94</Sha>
     </Dependency>
   </ToolsetDependencies>
 </Dependencies>
diff --git a/src/nuget-client/eng/common/SetupNugetSources.ps1 b/src/nuget-client/eng/common/SetupNugetSources.ps1
index 792b60b49d4..9445c314325 100644
--- a/src/nuget-client/eng/common/SetupNugetSources.ps1
+++ b/src/nuget-client/eng/common/SetupNugetSources.ps1
@@ -157,7 +157,7 @@ if ($dotnet31Source -ne $null) {
     AddPackageSource -Sources $sources -SourceName "dotnet3.1-internal-transport" -SourceEndPoint "https://pkgs.dev.azure.com/dnceng/_packaging/dotnet3.1-internal-transport/nuget/v2" -Creds $creds -Username $userName -pwd $Password
 }
 
-$dotnetVersions = @('5','6','7','8','9')
+$dotnetVersions = @('5','6','7','8','9','10')
 
 foreach ($dotnetVersion in $dotnetVersions) {
     $feedPrefix = "dotnet" + $dotnetVersion;
diff --git a/src/nuget-client/eng/common/SetupNugetSources.sh b/src/nuget-client/eng/common/SetupNugetSources.sh
index facb415ca6f..ddf4efc81a4 100755
--- a/src/nuget-client/eng/common/SetupNugetSources.sh
+++ b/src/nuget-client/eng/common/SetupNugetSources.sh
@@ -99,7 +99,7 @@ if [ "$?" == "0" ]; then
     PackageSources+=('dotnet3.1-internal-transport')
 fi
 
-DotNetVersions=('5' '6' '7' '8' '9')
+DotNetVersions=('5' '6' '7' '8' '9' '10')
 
 for DotNetVersion in ${DotNetVersions[@]} ; do
     FeedPrefix="dotnet${DotNetVersion}";
diff --git a/src/nuget-client/eng/common/core-templates/job/publish-build-assets.yml b/src/nuget-client/eng/common/core-templates/job/publish-build-assets.yml
index 348cd16376f..37dff559fc1 100644
--- a/src/nuget-client/eng/common/core-templates/job/publish-build-assets.yml
+++ b/src/nuget-client/eng/common/core-templates/job/publish-build-assets.yml
@@ -40,6 +40,8 @@ parameters:
 
   repositoryAlias: self
 
+  officialBuildId: ''
+
 jobs:
 - job: Asset_Registry_Publish
 
@@ -62,6 +64,11 @@ jobs:
       value: false
     # unconditional - needed for logs publishing (redactor tool version)
     - template: /eng/common/core-templates/post-build/common-variables.yml
+  - name: OfficialBuildId
+    ${{ if ne(parameters.officialBuildId, '') }}:
+      value: ${{ parameters.officialBuildId }}
+    ${{ else }}:
+      value: $(Build.BuildNumber)
 
   pool:
     # We don't use the collection uri here because it might vary (.visualstudio.com vs. dev.azure.com)
@@ -124,7 +131,7 @@ jobs:
           /p:ManifestsPath='$(Build.StagingDirectory)/AssetManifests'
           /p:IsAssetlessBuild=${{ parameters.isAssetlessBuild }}
           /p:MaestroApiEndpoint=https://maestro.dot.net
-          /p:OfficialBuildId=$(Build.BuildNumber)
+          /p:OfficialBuildId=$(OfficialBuildId)
       condition: ${{ parameters.condition }}
       continueOnError: ${{ parameters.continueOnError }}
     
diff --git a/src/nuget-client/eng/common/core-templates/jobs/jobs.yml b/src/nuget-client/eng/common/core-templates/jobs/jobs.yml
index b637cb6e948..01ada747665 100644
--- a/src/nuget-client/eng/common/core-templates/jobs/jobs.yml
+++ b/src/nuget-client/eng/common/core-templates/jobs/jobs.yml
@@ -44,6 +44,7 @@ parameters:
   artifacts: {}
   is1ESPipeline: ''
   repositoryAlias: self
+  officialBuildId: ''
 
 # Internal resources (telemetry, microbuild) can only be accessed from non-public projects,
 # and some (Microbuild) should only be applied to non-PR cases for internal builds.
@@ -116,3 +117,4 @@ jobs:
         artifactsPublishingAdditionalParameters: ${{ parameters.artifactsPublishingAdditionalParameters }}
         signingValidationAdditionalParameters: ${{ parameters.signingValidationAdditionalParameters }}
         repositoryAlias: ${{ parameters.repositoryAlias }}
+        officialBuildId: ${{ parameters.officialBuildId }}
diff --git a/src/nuget-client/eng/common/core-templates/steps/source-index-stage1-publish.yml b/src/nuget-client/eng/common/core-templates/steps/source-index-stage1-publish.yml
index 75600735f17..e9a694afa58 100644
--- a/src/nuget-client/eng/common/core-templates/steps/source-index-stage1-publish.yml
+++ b/src/nuget-client/eng/common/core-templates/steps/source-index-stage1-publish.yml
@@ -1,6 +1,6 @@
 parameters:
-  sourceIndexUploadPackageVersion: 2.0.0-20250425.2
-  sourceIndexProcessBinlogPackageVersion: 1.0.1-20250515.1
+  sourceIndexUploadPackageVersion: 2.0.0-20250818.1
+  sourceIndexProcessBinlogPackageVersion: 1.0.1-20250818.1
   sourceIndexPackageSource: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json
   binlogPath: artifacts/log/Debug/Build.binlog
 
diff --git a/src/nuget-client/eng/common/post-build/nuget-verification.ps1 b/src/nuget-client/eng/common/post-build/nuget-verification.ps1
index a365194a938..ac5c69ffcac 100644
--- a/src/nuget-client/eng/common/post-build/nuget-verification.ps1
+++ b/src/nuget-client/eng/common/post-build/nuget-verification.ps1
@@ -30,7 +30,7 @@
 [CmdletBinding(PositionalBinding = $false)]
 param(
    [string]$NuGetExePath,
-   [string]$PackageSource = "https://api.nuget.org/v3/index.json",
+   [string]$PackageSource = "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json",
    [string]$DownloadPath,
    [Parameter(ValueFromRemainingArguments = $true)]
    [string[]]$args
diff --git a/src/nuget-client/eng/common/sdk-task.ps1 b/src/nuget-client/eng/common/sdk-task.ps1
index a9d2a2d2699..b62e132d32a 100644
--- a/src/nuget-client/eng/common/sdk-task.ps1
+++ b/src/nuget-client/eng/common/sdk-task.ps1
@@ -7,13 +7,14 @@ Param(
   [switch] $restore,
   [switch] $prepareMachine,
   [switch][Alias('nobl')]$excludeCIBinaryLog,
+  [switch]$noWarnAsError,
   [switch] $help,
   [Parameter(ValueFromRemainingArguments=$true)][String[]]$properties
 )
 
 $ci = $true
 $binaryLog = if ($excludeCIBinaryLog) { $false } else { $true }
-$warnAsError = $true
+$warnAsError = if ($noWarnAsError) { $false } else { $true }
 
 . $PSScriptRoot\tools.ps1
 
diff --git a/src/nuget-client/eng/common/sdk-task.sh b/src/nuget-client/eng/common/sdk-task.sh
index 2f83adc0269..3270f83fa9a 100755
--- a/src/nuget-client/eng/common/sdk-task.sh
+++ b/src/nuget-client/eng/common/sdk-task.sh
@@ -10,6 +10,7 @@ show_usage() {
 
     echo "Advanced settings:"
     echo "  --excludeCIBinarylog     Don't output binary log (short: -nobl)"
+    echo "  --noWarnAsError          Do not warn as error"
     echo ""
     echo "Command line arguments not listed above are passed thru to msbuild."
 }
@@ -52,6 +53,7 @@ exclude_ci_binary_log=false
 restore=false
 help=false
 properties=''
+warnAsError=true
 
 while (($# > 0)); do
   lowerI="$(echo $1 | tr "[:upper:]" "[:lower:]")"
@@ -73,6 +75,10 @@ while (($# > 0)); do
       exclude_ci_binary_log=true
       shift 1
       ;;
+    --noWarnAsError)
+      warnAsError=false
+      shift 1
+      ;;
     --help)
       help=true
       shift 1
@@ -85,7 +91,6 @@ while (($# > 0)); do
 done
 
 ci=true
-warnAsError=true
 
 if $help; then
   show_usage
diff --git a/src/nuget-client/eng/common/tools.ps1 b/src/nuget-client/eng/common/tools.ps1
index 4920464cc4a..06b44de7870 100644
--- a/src/nuget-client/eng/common/tools.ps1
+++ b/src/nuget-client/eng/common/tools.ps1
@@ -553,7 +553,7 @@ function LocateVisualStudio([object]$vsRequirements = $null){
 
   if (!(Test-Path $vsWhereExe)) {
     Create-Directory $vsWhereDir
-    Write-Host 'Downloading vswhere $vswhereVersion'
+    Write-Host "Downloading vswhere $vswhereVersion"
     $ProgressPreference = 'SilentlyContinue' # Don't display the console progress UI - it's a huge perf hit
     Retry({
       Invoke-WebRequest "https://netcorenativeassets.blob.core.windows.net/resource-packages/external/windows/vswhere/$vswhereVersion/vswhere.exe" -OutFile $vswhereExe
diff --git a/src/nuget-client/eng/pipelines/optprof.yml b/src/nuget-client/eng/pipelines/optprof.yml
index c6ee0431358..914fd77d4f6 100644
--- a/src/nuget-client/eng/pipelines/optprof.yml
+++ b/src/nuget-client/eng/pipelines/optprof.yml
@@ -11,6 +11,7 @@ resources:
         include:
         - dev
         - release-*
+        - release/*
         exclude:
         - release-6.0.x
         - release-6.3.x
diff --git a/src/nuget-client/eng/pipelines/templates/pipeline.yml b/src/nuget-client/eng/pipelines/templates/pipeline.yml
index 87fb7aaca2f..7eb9b4145ac 100644
--- a/src/nuget-client/eng/pipelines/templates/pipeline.yml
+++ b/src/nuget-client/eng/pipelines/templates/pipeline.yml
@@ -217,7 +217,7 @@ stages:
       - output: pipelineArtifact
         displayName: 'LocValidation: Publish Logs as an artifact'
         condition: "succeededOrFailed()"
-        artifactName: LocValidationLogs
+        artifactName: LocValidationLogs - Attempt $(System.JobAttempt)
         targetPath: "$(Build.Repository.LocalPath)\\logs\\BuildValidatorLogs"
         sbomEnabled: true
 
diff --git a/src/nuget-client/global.json b/src/nuget-client/global.json
index 904a389422f..cbef793cad8 100644
--- a/src/nuget-client/global.json
+++ b/src/nuget-client/global.json
@@ -9,7 +9,7 @@
     "pinned": true
   },
   "msbuild-sdks": {
-    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.25420.109",
+    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.25468.104",
     "Microsoft.Build.NoTargets": "3.7.0"
   }
 }
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailControlModel.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailControlModel.cs
index df121b73364..3d73b09b499 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailControlModel.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailControlModel.cs
@@ -271,7 +271,8 @@ public async virtual Task SetCurrentPackageAsync(
                     packageSearchMetadata,
                     packageDeprecationMetadata,
                     searchResultPackage.KnownOwnerViewModels,
-                    searchResultPackage.DownloadCount);
+                    searchResultPackage.DownloadCount,
+                    PackageVulnerabilities);
 
                 _metadataDict[detailedPackageMetadata.Version] = detailedPackageMetadata;
 
@@ -649,7 +650,8 @@ private async ValueTask SelectedVersionChangedAsync(PackageItemViewModel package
                     packageSearchMetadata,
                     packageDeprecationMetadata,
                     packageItemViewModel.KnownOwnerViewModels,
-                    packageItemViewModel.DownloadCount);
+                    packageItemViewModel.DownloadCount,
+                    packageItemViewModel.Vulnerabilities);
             }
             else
             {
@@ -669,7 +671,8 @@ private async ValueTask SelectedVersionChangedAsync(PackageItemViewModel package
                         searchMetadata,
                         deprecationData,
                         knownOwnerViewModels: null,
-                        searchMetadata.DownloadCount);
+                        searchMetadata.DownloadCount,
+                        PackageVulnerabilities);
 
                     _metadataDict[detailedPackageMetadata.Version] = detailedPackageMetadata;
 
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailedPackageMetadata.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailedPackageMetadata.cs
index d685df31f76..bfec3f6035d 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailedPackageMetadata.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/DetailedPackageMetadata.cs
@@ -21,7 +21,7 @@ internal DetailedPackageMetadata()
             Id = string.Empty;
         }
 
-        public DetailedPackageMetadata(PackageSearchMetadataContextInfo serverData, PackageDeprecationMetadataContextInfo deprecationMetadata, ImmutableList<KnownOwnerViewModel>? knownOwnerViewModels, long? downloadCount)
+        public DetailedPackageMetadata(PackageSearchMetadataContextInfo serverData, PackageDeprecationMetadataContextInfo deprecationMetadata, ImmutableList<KnownOwnerViewModel>? knownOwnerViewModels, long? downloadCount, IReadOnlyCollection<PackageVulnerabilityMetadataContextInfo>? packageVulnerabilities)
         {
             Id = serverData.Identity?.Id ?? string.Empty;
             Version = serverData.Identity?.Version;
@@ -55,7 +55,7 @@ public DetailedPackageMetadata(PackageSearchMetadataContextInfo serverData, Pack
             PrefixReserved = serverData.PrefixReserved;
             LicenseMetadata = serverData.LicenseMetadata;
             DeprecationMetadata = deprecationMetadata;
-            Vulnerabilities = serverData.Vulnerabilities;
+            Vulnerabilities = packageVulnerabilities ?? serverData.Vulnerabilities;
             PackagePath = serverData.PackagePath;
 
             // Determine the package details URL and text.
@@ -120,7 +120,7 @@ public DetailedPackageMetadata(PackageSearchMetadataContextInfo serverData, Pack
 
         public PackageDeprecationMetadataContextInfo? DeprecationMetadata { get; set; }
 
-        public IEnumerable<PackageVulnerabilityMetadataContextInfo>? Vulnerabilities { get; set; }
+        public IReadOnlyCollection<PackageVulnerabilityMetadataContextInfo>? Vulnerabilities { get; set; }
 
         public IReadOnlyList<IText>? LicenseLinks => PackageLicenseUtilities.GenerateLicenseLinks(this);
 
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/Package/PackageModelFactory.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/Package/PackageModelFactory.cs
index ac45aadf63c..b18dc284d44 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/Package/PackageModelFactory.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Models/Package/PackageModelFactory.cs
@@ -32,18 +32,17 @@ public PackageModel Create(PackageSearchMetadataContextInfo metadata, ContractIt
             }
 
             EmbeddedResourcesCapability embeddedResources = new EmbeddedResourcesCapability(_packageFileService, metadata.Identity!, metadata.ReadmeUrl);
+            IVulnerableCapable vulnerableCapability = new VulnerableDatabaseCapability(_packageVulnerabilityService, metadata.Identity!);
 
             if (metadata.TransitiveOrigins != null)
             {
-                IVulnerableCapable vulnerableDatabaseCapability = new VulnerableDatabaseCapability(_packageVulnerabilityService, metadata.Identity!);
-                return CreateTransitivelyReferencedPackageModel(metadata, vulnerableDatabaseCapability, embeddedResources);
+                return CreateTransitivelyReferencedPackageModel(metadata, vulnerableCapability, embeddedResources);
             }
             else
             {
                 if (metadata.PackagePath != null)
                 {
                     PackageMetadataRetrievalAdapter packageMetadataRetrievalAdapter = new PackageMetadataRetrievalAdapter(_searchService, metadata.Identity!, _packageSources, _includePrerelease);
-                    IVulnerableCapable vulnerableCapability = new VulnerablePackageMetadataCapability(packageMetadataRetrievalAdapter);
 
                     if (itemFilter.Equals(ContractItemFilter.All))
                     {
@@ -57,7 +56,6 @@ public PackageModel Create(PackageSearchMetadataContextInfo metadata, ContractIt
                 {
                     PackageMetadataRetrievalAdapter packageMetadataRetrievalAdapter = new PackageMetadataRetrievalAdapter(_searchService, metadata.Identity!, _packageSources, _includePrerelease);
                     IDeprecationCapable deprecationCapable = new DeprecationPackageMetadataCapability(packageMetadataRetrievalAdapter);
-                    VulnerablePackageMetadataCapability vulnerableCapability = new VulnerablePackageMetadataCapability(packageMetadataRetrievalAdapter);
 
                     if (metadata.IsRecommended)
                     {
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/UserInterfaceService/NuGetSourcesServiceWrapper.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/UserInterfaceService/NuGetSourcesServiceWrapper.cs
index 57b842ead01..f2432c85baa 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/UserInterfaceService/NuGetSourcesServiceWrapper.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/UserInterfaceService/NuGetSourcesServiceWrapper.cs
@@ -7,6 +7,7 @@
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
+using NuGet.Protocol.Core.Types;
 using NuGet.VisualStudio.Internal.Contracts;
 
 namespace NuGet.PackageManagement.UI
@@ -78,6 +79,11 @@ public ValueTask SavePackageSourceContextInfosAsync(IReadOnlyList<PackageSourceC
             return Service.GetActivePackageSourceNameAsync(cancellationToken);
         }
 
+        public IReadOnlyList<SourceRepository> GetEnabledAuditSources()
+        {
+            return Service.GetEnabledAuditSources();
+        }
+
         private sealed class NullNuGetSourcesService : INuGetSourcesService
         {
             public event EventHandler<IReadOnlyList<PackageSourceContextInfo>>? PackageSourcesChanged { add { } remove { } }
@@ -91,6 +97,8 @@ public void Dispose() { }
             public ValueTask SavePackageSourceContextInfosAsync(IReadOnlyList<PackageSourceContextInfo> sources, CancellationToken cancellationToken) => new ValueTask();
 
             public ValueTask<string?> GetActivePackageSourceNameAsync(CancellationToken cancellationToken) => new ValueTask<string?>();
+
+            public IReadOnlyList<SourceRepository> GetEnabledAuditSources() => Array.Empty<SourceRepository>();
         }
     }
 }
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/ViewModels/PackageItemViewModel.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/ViewModels/PackageItemViewModel.cs
index f6004fa20bf..e8301b6384e 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/ViewModels/PackageItemViewModel.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/ViewModels/PackageItemViewModel.cs
@@ -524,7 +524,7 @@ public async Task<IReadOnlyCollection<VersionInfoContextInfo>> GetVersionsAsync(
 
         public AlternatePackageMetadataContextInfo AlternatePackage => (_packageModel as IDeprecationCapable)?.AlternatePackage;
 
-        public IEnumerable<PackageVulnerabilityMetadataContextInfo> Vulnerabilities => (_packageModel as IVulnerableCapable)?.Vulnerabilities ?? [];
+        public IReadOnlyCollection<PackageVulnerabilityMetadataContextInfo> Vulnerabilities => (_packageModel as IVulnerableCapable)?.Vulnerabilities ?? [];
 
         public void UpdateTransitiveInfo(PackageSearchMetadataContextInfo metadataContextInfo)
         {
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Xamls/PackageManagerControl.xaml.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Xamls/PackageManagerControl.xaml.cs
index 48fc91674cb..fdf17772618 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Xamls/PackageManagerControl.xaml.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.UI/Xamls/PackageManagerControl.xaml.cs
@@ -197,8 +197,10 @@ private async ValueTask InitializeAsync(PackageManagerModel model, INuGetUILogge
                 controller.PackageManagerControl = this;
             }
 
-            var sourceRepositories = sourceRepositoryProvider.GetRepositories();
-            _packageVulnerabilityService = new PackageVulnerabilityService(sourceRepositories, _uiLogger);
+            List<SourceRepository> sourceRepositories = sourceRepositoryProvider.GetRepositories().ToList();
+
+            var auditSourceRepositories = Model.Context.SourceService.GetEnabledAuditSources();
+            _packageVulnerabilityService = new PackageVulnerabilityService(sourceRepositories, auditSourceRepositories, _uiLogger);
 
             var solutionManager = Model.Context.SolutionManagerService;
             solutionManager.ProjectAdded += OnProjectChanged;
@@ -1074,6 +1076,14 @@ private async ValueTask RefreshInstalledAndUpdatesTabsAsync()
                 {
                     vulnerablePackagesCount++;
                 }
+                else // Fallback to checking audit sources.
+                {
+                    List<PackageVulnerabilityMetadataContextInfo> auditSourceVulnerabilityContextInfo = await _packageVulnerabilityService.GetVulnerabilityInfoAsync(s.Identity, token);
+                    if (auditSourceVulnerabilityContextInfo.Count > 0)
+                    {
+                        vulnerablePackagesCount++;
+                    }
+                }
                 if (d != null)
                 {
                     deprecatedPackagesCount++;
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/NuGetSourcesService.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/NuGetSourcesService.cs
index 18e0acbff14..920bb1a8fc5 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/NuGetSourcesService.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/NuGetSourcesService.cs
@@ -12,6 +12,8 @@
 using Microsoft.ServiceHub.Framework;
 using Microsoft.ServiceHub.Framework.Services;
 using NuGet.Configuration;
+using NuGet.Protocol;
+using NuGet.Protocol.Core.Types;
 using NuGet.VisualStudio.Internal.Contracts;
 
 namespace NuGet.PackageManagement.VisualStudio
@@ -51,6 +53,24 @@ public ValueTask<IReadOnlyList<PackageSourceContextInfo>> GetPackageSourcesAsync
                 .ToList());
         }
 
+        public IReadOnlyList<SourceRepository> GetEnabledAuditSources()
+        {
+            IReadOnlyList<PackageSource> auditSources = _packageSourceProvider.LoadAuditSources();
+
+            List<SourceRepository> auditRepositories = new List<SourceRepository>(auditSources.Count);
+            for (int i = 0; i < auditSources.Count; i++)
+            {
+                PackageSource auditSource = auditSources[i];
+                if (auditSource.IsEnabled)
+                {
+                    SourceRepository repository = Repository.Factory.GetCoreV3(auditSource);
+                    auditRepositories.Add(repository);
+                }
+            }
+
+            return auditRepositories;
+        }
+
         public ValueTask SavePackageSourceContextInfosAsync(IReadOnlyList<PackageSourceContextInfo> sources, CancellationToken cancellationToken)
         {
             IEnumerable<PackageSource> packageSources = GetPackageSourcesToUpdate(sources);
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/PackageVulnerabilityService.cs b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/PackageVulnerabilityService.cs
index 11984b9c8d0..e2c17d4ad82 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/PackageVulnerabilityService.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/PackageVulnerabilityService.cs
@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+#nullable enable
+
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -16,18 +18,23 @@ namespace NuGet.PackageManagement.VisualStudio
 {
     public class PackageVulnerabilityService : IPackageVulnerabilityService
     {
-        private readonly IEnumerable<SourceRepository> _sourceRepositories;
-        private Task<GetVulnerabilityInfoResult> _vulnerabilitiesTask;
+        private readonly IReadOnlyList<SourceRepository> _sourceRepositories;
+        private readonly IReadOnlyList<SourceRepository> _auditSourceRepositories;
+        private Task<GetVulnerabilityInfoResult?>? _vulnerabilitiesTask;
         private INuGetUILogger _logger;
         private readonly object _lock = new();
 
-        public PackageVulnerabilityService(IEnumerable<SourceRepository> sourceRepositories, INuGetUILogger logger)
+        public PackageVulnerabilityService(
+            IReadOnlyList<SourceRepository> sourceRepositories,
+            IReadOnlyList<SourceRepository> auditSourceRepositories,
+            INuGetUILogger logger)
         {
             _sourceRepositories = sourceRepositories ?? throw new ArgumentNullException(nameof(sourceRepositories));
+            _auditSourceRepositories = auditSourceRepositories ?? throw new ArgumentNullException(nameof(auditSourceRepositories));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
-        public async Task<List<PackageVulnerabilityMetadataContextInfo>> GetVulnerabilityInfoAsync(PackageIdentity packageId, CancellationToken cancellationToken)
+        public async Task<List<PackageVulnerabilityMetadataContextInfo>?> GetVulnerabilityInfoAsync(PackageIdentity packageId, CancellationToken cancellationToken)
         {
             if (_vulnerabilitiesTask == null)
             {
@@ -37,16 +44,16 @@ public async Task<List<PackageVulnerabilityMetadataContextInfo>> GetVulnerabilit
                 }
             }
 
-            GetVulnerabilityInfoResult vulnerabilities = await _vulnerabilitiesTask;
+            GetVulnerabilityInfoResult? vulnerabilities = await _vulnerabilitiesTask;
 
-            IEnumerable<PackageVulnerabilityInfo> packageVulnerabilities = Enumerable.Empty<PackageVulnerabilityInfo>();
+            IEnumerable<PackageVulnerabilityInfo>? packageVulnerabilities = Enumerable.Empty<PackageVulnerabilityInfo>();
 
             if (vulnerabilities?.Exceptions is not null)
             {
                 ReplayErrors(vulnerabilities.Exceptions);
             }
 
-            IReadOnlyList<IReadOnlyDictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>> allVulnerabilities = vulnerabilities?.KnownVulnerabilities;
+            IReadOnlyList<IReadOnlyDictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>>? allVulnerabilities = vulnerabilities?.KnownVulnerabilities;
             if (allVulnerabilities is not null && allVulnerabilities.Any())
             {
                 packageVulnerabilities = GetKnownVulnerabilities(packageId.Id, packageId.Version, allVulnerabilities);
@@ -64,22 +71,46 @@ public void ResetVulnerabilityData()
         }
 
         // Copied and adapted from NuGet.Commands.Restore.Utility.AuditUtility.GetAllVulnerabilityDataAsync
-        private async Task<GetVulnerabilityInfoResult> GetAllVulnerabilityDataAsync(CancellationToken cancellationToken)
+        private async Task<GetVulnerabilityInfoResult?> GetAllVulnerabilityDataAsync(CancellationToken cancellationToken)
         {
-            List<Task<GetVulnerabilityInfoResult>> results = _sourceRepositories.Select(sr => sr.GetVulnerabilityInfoAsync(cancellationToken)).ToList();
-            await Task.WhenAll(results);
+            using SourceCacheContext sourceCacheContext = new();
+            List<Task<GetVulnerabilityInfoResult?>> results;
+            IReadOnlyList<SourceRepository> vulnerabilitySources;
+            if (_auditSourceRepositories.Count > 0)
+            {
+                results = new(capacity: _auditSourceRepositories.Count);
+                vulnerabilitySources = _auditSourceRepositories;
+            }
+            else
+            {
+                results = new(capacity: _sourceRepositories.Count);
+                vulnerabilitySources = _sourceRepositories;
+            }
 
+            for (int i = 0; i < vulnerabilitySources.Count; i++)
+            {
+                SourceRepository source = vulnerabilitySources[i];
+                Task<GetVulnerabilityInfoResult?> getVulnerabilityInfoResult = source.GetVulnerabilityInfoAsync(cancellationToken);
+                results.Add(getVulnerabilityInfoResult);
+            }
+
+            await Task.WhenAll(results);
             if (cancellationToken.IsCancellationRequested)
             {
                 cancellationToken.ThrowIfCancellationRequested();
             }
 
-            List<Exception> errors = null;
-            List<IReadOnlyDictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>> knownVulnerabilities = null;
-            foreach (var resultTask in results)
+            List<Exception>? errors = null;
+            List<IReadOnlyDictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>>? knownVulnerabilities = null;
+            for (int i = 0; i < results.Count; i++)
             {
-                GetVulnerabilityInfoResult result = await resultTask;
-                if (result is null) continue;
+                Task<GetVulnerabilityInfoResult?> resultTask = results[i];
+                GetVulnerabilityInfoResult? result = await resultTask;
+
+                if (result is null)
+                {
+                    continue;
+                }
 
                 if (result.KnownVulnerabilities != null)
                 {
@@ -98,7 +129,7 @@ private async Task<GetVulnerabilityInfoResult> GetAllVulnerabilityDataAsync(Canc
                 }
             }
 
-            GetVulnerabilityInfoResult final =
+            GetVulnerabilityInfoResult? final =
                 knownVulnerabilities != null || errors != null
                 ? new(knownVulnerabilities, errors != null ? new AggregateException(errors) : null)
                 : null;
@@ -106,12 +137,12 @@ private async Task<GetVulnerabilityInfoResult> GetAllVulnerabilityDataAsync(Canc
         }
 
         // Copied from NuGet.Commands.Restore.Utility.AuditUtility.GetKnownVulnerabilities
-        private static List<PackageVulnerabilityInfo> GetKnownVulnerabilities(
+        private static List<PackageVulnerabilityInfo>? GetKnownVulnerabilities(
             string name,
             NuGetVersion version,
             IReadOnlyList<IReadOnlyDictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>> knownVulnerabilities)
         {
-            HashSet<PackageVulnerabilityInfo> vulnerabilities = null;
+            HashSet<PackageVulnerabilityInfo>? vulnerabilities = null;
 
             if (knownVulnerabilities == null) return null;
 
@@ -136,7 +167,7 @@ private static List<PackageVulnerabilityInfo> GetKnownVulnerabilities(
             return vulnerabilities != null ? vulnerabilities.ToList() : null;
         }
 
-        private List<PackageVulnerabilityMetadataContextInfo> ConvertToPackageVulnerabilityMetadataContextInfo(IEnumerable<PackageVulnerabilityInfo> packageVulnerabilities)
+        private List<PackageVulnerabilityMetadataContextInfo>? ConvertToPackageVulnerabilityMetadataContextInfo(IEnumerable<PackageVulnerabilityInfo>? packageVulnerabilities)
         {
             if (packageVulnerabilities == null || !packageVulnerabilities.Any())
             {
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Client/mcp.json b/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Client/mcp.json
index 28919f208b1..34525b1f3b6 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Client/mcp.json
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Client/mcp.json
@@ -4,7 +4,7 @@
       "type": "stdio",
       "command": "dnx",
       "args": [
-        "NuGet.Mcp.Server@0.1.4-preview",
+        "NuGet.Mcp.Server@1.0.0",
         "--source",
         "https://api.nuget.org/v3/index.json",
         "--yes"
diff --git a/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Internal.Contracts/INuGetSourcesService.cs b/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Internal.Contracts/INuGetSourcesService.cs
index 119efe388e0..72dd018c394 100644
--- a/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Internal.Contracts/INuGetSourcesService.cs
+++ b/src/nuget-client/src/NuGet.Clients/NuGet.VisualStudio.Internal.Contracts/INuGetSourcesService.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
+using NuGet.Protocol.Core.Types;
 
 namespace NuGet.VisualStudio.Internal.Contracts
 {
@@ -20,5 +21,7 @@ public interface INuGetSourcesService : IDisposable
         ValueTask SavePackageSourceContextInfosAsync(IReadOnlyList<PackageSourceContextInfo> sources, CancellationToken cancellationToken);
 
         ValueTask<IReadOnlyList<PackageSourceContextInfo>> GetPackageSourcesAsync(CancellationToken cancellationToken);
+
+        public IReadOnlyList<SourceRepository> GetEnabledAuditSources();
     }
 }
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateCommandRunner.cs b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateCommandRunner.cs
index a24b38fb7a4..06015380454 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateCommandRunner.cs
+++ b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateCommandRunner.cs
@@ -81,9 +81,7 @@ internal static async Task<int> Run(PackageUpdateArgs args, ILoggerWithColor log
             return ExitCodes.Error;
         }
 
-        PackageSpec projectSpec = dgSpec.Projects.Count == 1
-            ? dgSpec.Projects[0]
-            : dgSpec.GetProjectSpec(dgSpec.Restore[0]);
+        PackageSpec projectSpec = dgSpec.GetProjectSpec(dgSpec.Restore[0]);
 
         // 2. Find suitable version of package(s) to update
         // Source provider will be needed to find the package version and to restore, so create it here.
@@ -141,7 +139,7 @@ internal static async Task<int> Run(PackageUpdateArgs args, ILoggerWithColor log
             }
         }
 
-        var projectName = Path.GetFileNameWithoutExtension(dgSpec.Projects[0].FilePath);
+        var projectName = Path.GetFileNameWithoutExtension(projectSpec.FilePath);
         logger.LogInformation($"  {projectName}:");
 
         foreach (var packageResult in packagesToUpdateResult)
@@ -154,7 +152,7 @@ internal static async Task<int> Run(PackageUpdateArgs args, ILoggerWithColor log
 
         // 3. Preview restore to validate changes
         logger.LogDebug(Strings.PackageUpdate_PreviewRestore);
-        var updatedDgSpec = GetUpdatedDependencyGraphSpec(dgSpec, packagesToUpdateResult);
+        var updatedDgSpec = GetUpdatedDependencyGraphSpec(projectSpec, dgSpec, packagesToUpdateResult);
         var restorePreviewResult = await packageUpdateIO.PreviewUpdatePackageReferenceAsync(updatedDgSpec, logger, cancellationToken);
 
         if (!restorePreviewResult.Success)
@@ -165,7 +163,7 @@ internal static async Task<int> Run(PackageUpdateArgs args, ILoggerWithColor log
 
         // 4. Update MSBuild files
 
-        var updatedPackageSpec = updatedDgSpec.Projects[0];
+        var updatedPackageSpec = updatedDgSpec.GetProjectSpec(projectSpec.FilePath);
         int updatedCount = 0;
 
         foreach (var packageResult in packagesToUpdateResult)
@@ -248,7 +246,7 @@ internal static async Task<int> Run(PackageUpdateArgs args, ILoggerWithColor log
                         {
                             Id = packageIdentity.Id,
                             CurrentVersion = new VersionRange(packageIdentity.Version),
-                            NewVersion = new VersionRange(nonVulnerableVersion)
+                            NewVersion = VersionRange.Parse(nonVulnerableVersion.OriginalVersion!)
                         },
                         TargetFrameworkAliases = tfmAliases
                     });
@@ -341,7 +339,7 @@ internal static async Task<List<PackageUpdateResult>> SelectPackagesToUpdateAsyn
                     continue;
                 }
 
-                upgradeVersion = new VersionRange(latestVersion);
+                upgradeVersion = VersionRange.Parse(latestVersion.OriginalVersion!);
                 if (upgradeVersion == existingVersion)
                 {
                     logger.LogMinimal(Messages.Warning_AlreadyHighestVersion(package.Id, latestVersion.OriginalVersion, project.FilePath), ConsoleColor.Yellow);
@@ -478,7 +476,7 @@ private static (VersionRange? version, List<string> targetFrameworks)
                 continue;
             }
 
-            var upgradeVersion = new VersionRange(latestVersion);
+            var upgradeVersion = VersionRange.Parse(latestVersion.OriginalVersion!);
             if (upgradeVersion.ToString() == package.identity.VersionRange.ToString())
             {
                 // Already using the highest version.
@@ -555,9 +553,9 @@ private static (VersionRange? version, List<string> targetFrameworks)
         return result;
     }
 
-    private static DependencyGraphSpec GetUpdatedDependencyGraphSpec(DependencyGraphSpec currentDgSpec, List<PackageUpdateResult> packagesToUpdate)
+    private static DependencyGraphSpec GetUpdatedDependencyGraphSpec(PackageSpec projectSpec, DependencyGraphSpec currentDgSpec, List<PackageUpdateResult> packagesToUpdate)
     {
-        var updatedPackageSpec = currentDgSpec.Projects[0].Clone();
+        var updatedPackageSpec = projectSpec.Clone();
 
         foreach (var packageResult in packagesToUpdate)
         {
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateIO.cs b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateIO.cs
index 3a306034b2a..5523322f7d5 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateIO.cs
+++ b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/Package/Update/PackageUpdateIO.cs
@@ -191,11 +191,14 @@ public void UpdatePackageReference(PackageSpec updatedPackageSpec, IPackageUpdat
             packageDependency,
             resolvedVersion);
 
+        // MSBuildUtility only updated CPM Directory.Packages.props when "noVersion" is false.
+        const bool noVersion = false;
+
         // Determine whether to add package reference conditionally or unconditionally
         if (packageTfms.Count == updatedPackageSpec.TargetFrameworks.Count)
         {
             // package is used by all project TFMs (no condition)
-            _msbuildUtility.AddPackageReference(updatedPackageSpec.FilePath, libraryDependency, true);
+            _msbuildUtility.AddPackageReference(updatedPackageSpec.FilePath, libraryDependency, noVersion);
         }
         else
         {
@@ -203,7 +206,7 @@ public void UpdatePackageReference(PackageSpec updatedPackageSpec, IPackageUpdat
                 .Select(e => AddPackageReferenceCommandRunner.GetAliasForFramework(updatedPackageSpec, e))
                 .Where(originalFramework => originalFramework != null);
 
-            _msbuildUtility.AddPackageReferencePerTFM(updatedPackageSpec.FilePath, libraryDependency, frameworkAliases, true);
+            _msbuildUtility.AddPackageReferencePerTFM(updatedPackageSpec.FilePath, libraryDependency, frameworkAliases, noVersion);
         }
     }
 
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Shipped.txt
index 7767b73cb59..994453ba251 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Shipped.txt
@@ -2,4 +2,7 @@ NuGet.CommandLine.XPlat.Commands.DocumentedCommand
 NuGet.CommandLine.XPlat.Commands.DocumentedCommand.DocumentedCommand(string name, string description, string helpUrl) -> void
 NuGet.CommandLine.XPlat.Commands.DocumentedCommand.HelpUrl.get -> string
 NuGet.CommandLine.XPlat.Commands.Why.WhyCommand
+NuGet.CommandLine.XPlat.NuGetCommands
 static NuGet.CommandLine.XPlat.Commands.Why.WhyCommand.GetWhyCommand(System.CommandLine.Command rootCommand) -> void
+static NuGet.CommandLine.XPlat.NuGetCommands.Add(System.CommandLine.RootCommand rootCommand) -> void
+static NuGet.CommandLine.XPlat.NuGetCommands.Add(System.CommandLine.RootCommand rootCommand, System.CommandLine.Option<bool> interactiveOption) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Unshipped.txt
index 8abedd74e52..e69de29bb2d 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/PublicAPI.Unshipped.txt
@@ -1,3 +0,0 @@
-NuGet.CommandLine.XPlat.NuGetCommands
-static NuGet.CommandLine.XPlat.NuGetCommands.Add(System.CommandLine.RootCommand rootCommand) -> void
-static NuGet.CommandLine.XPlat.NuGetCommands.Add(System.CommandLine.RootCommand rootCommand, System.CommandLine.Option<bool> interactiveOption) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Shipped.txt
index 6405aa9d083..5f40c84b413 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Shipped.txt
@@ -451,6 +451,18 @@ NuGet.Commands.ResolverRequest
 ~NuGet.Commands.ResolverRequest.Request.get -> NuGet.LibraryModel.LibraryRange
 ~NuGet.Commands.ResolverRequest.Requestor.get -> NuGet.LibraryModel.LibraryIdentity
 ~NuGet.Commands.ResolverRequest.ResolverRequest(NuGet.LibraryModel.LibraryIdentity requestor, NuGet.LibraryModel.LibraryRange request) -> void
+NuGet.Commands.Restore.IItem
+NuGet.Commands.Restore.IItem.GetMetadata(string! name) -> string!
+NuGet.Commands.Restore.IItem.Identity.get -> string!
+NuGet.Commands.Restore.IProject
+NuGet.Commands.Restore.IProject.Directory.get -> string!
+NuGet.Commands.Restore.IProject.FullPath.get -> string!
+NuGet.Commands.Restore.IProject.OuterBuild.get -> NuGet.Commands.Restore.ITargetFramework!
+NuGet.Commands.Restore.IProject.TargetFrameworks.get -> System.Collections.Generic.IReadOnlyDictionary<string!, NuGet.Commands.Restore.ITargetFramework!>!
+NuGet.Commands.Restore.ITargetFramework
+NuGet.Commands.Restore.ITargetFramework.GetItems(string! itemType) -> System.Collections.Generic.IReadOnlyList<NuGet.Commands.Restore.IItem!>!
+NuGet.Commands.Restore.ITargetFramework.GetProperty(string! propertyName) -> string!
+NuGet.Commands.Restore.Utility.PackageSpecFactory
 NuGet.Commands.RestoreArgs
 ~NuGet.Commands.RestoreArgs.AdditionalMessages.get -> System.Collections.Generic.IReadOnlyList<NuGet.ProjectModel.IAssetsLogMessage>
 ~NuGet.Commands.RestoreArgs.AdditionalMessages.set -> void
@@ -938,6 +950,7 @@ override NuGet.Commands.WarningPropertiesCollection.GetHashCode() -> int
 ~static NuGet.Commands.MSBuildRestoreUtility.GetLibraryDependencyIncludeFlags(string includeAssets, string excludeAssets, string privateAssets) -> (NuGet.LibraryModel.LibraryIncludeFlags includeType, NuGet.LibraryModel.LibraryIncludeFlags suppressParent)
 ~static NuGet.Commands.MSBuildRestoreUtility.GetMessageForUnsupportedProject(string path) -> NuGet.Common.RestoreLogMessage
 ~static NuGet.Commands.MSBuildRestoreUtility.GetPackageSpec(System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> items) -> NuGet.ProjectModel.PackageSpec
+~static NuGet.Commands.MSBuildRestoreUtility.GetRestoreAuditProperties(NuGet.Commands.IMSBuildItem specItem, System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> allItems, System.Collections.Generic.HashSet<string> suppressionItems) -> NuGet.ProjectModel.RestoreAuditProperties
 ~static NuGet.Commands.MSBuildRestoreUtility.GetSdkAnalysisLevel(string sdkAnalysisLevel) -> NuGet.Versioning.NuGetVersion
 ~static NuGet.Commands.MSBuildRestoreUtility.GetUsingMicrosoftNETSdk(string usingMicrosoftNETSdk) -> bool
 ~static NuGet.Commands.MSBuildRestoreUtility.GetWarningForUnsupportedProject(string path) -> NuGet.Common.RestoreLogMessage
@@ -962,17 +975,20 @@ override NuGet.Commands.WarningPropertiesCollection.GetHashCode() -> int
 ~static NuGet.Commands.PackageSourceProviderExtensions.ResolveSource(System.Collections.Generic.IEnumerable<NuGet.Configuration.PackageSource> availableSources, string source) -> NuGet.Configuration.PackageSource
 ~static NuGet.Commands.PackageSpecificWarningProperties.CreatePackageSpecificWarningProperties(NuGet.ProjectModel.PackageSpec packageSpec) -> NuGet.Commands.PackageSpecificWarningProperties
 ~static NuGet.Commands.PackageSpecificWarningProperties.CreatePackageSpecificWarningProperties(NuGet.ProjectModel.PackageSpec packageSpec, NuGet.Frameworks.NuGetFramework framework) -> NuGet.Commands.PackageSpecificWarningProperties
+~static NuGet.Commands.PushRunner.Run(NuGet.Configuration.ISettings settings, NuGet.Configuration.IPackageSourceProvider sourceProvider, System.Collections.Generic.IList<string> packagePaths, string source, string apiKey, string symbolSource, string symbolApiKey, int timeoutSeconds, bool disableBuffering, bool noSymbols, bool noServiceEndpoint, bool skipDuplicate, bool allowInsecureConnections, NuGet.Common.ILogger logger) -> System.Threading.Tasks.Task
 ~static NuGet.Commands.RemoveClientCertRunner.Run(NuGet.Commands.RemoveClientCertArgs args, System.Func<NuGet.Common.ILogger> getLogger) -> void
 ~static NuGet.Commands.RemoveSourceRunner.Run(NuGet.Commands.RemoveSourceArgs args, System.Func<NuGet.Common.ILogger> getLogger) -> void
 ~static NuGet.Commands.RequestRuntimeUtility.GetDefaultRestoreRuntimes(string os, string runtimeOsName) -> System.Collections.Generic.IEnumerable<string>
 static NuGet.Commands.ResolvedDependencyKey.operator !=(NuGet.Commands.ResolvedDependencyKey left, NuGet.Commands.ResolvedDependencyKey right) -> bool
 static NuGet.Commands.ResolvedDependencyKey.operator ==(NuGet.Commands.ResolvedDependencyKey left, NuGet.Commands.ResolvedDependencyKey right) -> bool
+static NuGet.Commands.Restore.Utility.PackageSpecFactory.GetPackageSpec(NuGet.Commands.Restore.IProject! project, NuGet.Configuration.ISettings! settings) -> NuGet.ProjectModel.PackageSpec?
 ~static NuGet.Commands.RestoreRunner.CommitAsync(NuGet.Commands.RestoreResultPair restoreResult, System.Threading.CancellationToken token) -> System.Threading.Tasks.Task<NuGet.Commands.RestoreSummary>
 ~static NuGet.Commands.RestoreRunner.GetInvalidInputErrorMessage(string input) -> string
 ~static NuGet.Commands.RestoreRunner.GetRequests(NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummaryRequest>>
 ~static NuGet.Commands.RestoreRunner.RunAsync(NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary>>
 ~static NuGet.Commands.RestoreRunner.RunAsync(NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken token) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary>>
 ~static NuGet.Commands.RestoreRunner.RunWithoutCommit(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
+~static NuGet.Commands.RestoreRunner.RunWithoutCommitAsync(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
 ~static NuGet.Commands.RestoreSpecException.Create(string message, System.Collections.Generic.IEnumerable<string> files) -> NuGet.Commands.RestoreSpecException
 ~static NuGet.Commands.RestoreSpecException.Create(string message, System.Collections.Generic.IEnumerable<string> files, System.Exception innerException) -> NuGet.Commands.RestoreSpecException
 ~static NuGet.Commands.RestoreSummary.Log(NuGet.Common.ILogger logger, System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary> restoreSummaries, bool logErrors = false) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Unshipped.txt
index 6440dae894d..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net472/PublicAPI.Unshipped.txt
@@ -1,17 +1 @@
 #nullable enable
-NuGet.Commands.Restore.IItem
-NuGet.Commands.Restore.IItem.GetMetadata(string! name) -> string!
-NuGet.Commands.Restore.IItem.Identity.get -> string!
-NuGet.Commands.Restore.IProject
-NuGet.Commands.Restore.IProject.Directory.get -> string!
-NuGet.Commands.Restore.IProject.FullPath.get -> string!
-NuGet.Commands.Restore.IProject.OuterBuild.get -> NuGet.Commands.Restore.ITargetFramework!
-NuGet.Commands.Restore.IProject.TargetFrameworks.get -> System.Collections.Generic.IReadOnlyDictionary<string!, NuGet.Commands.Restore.ITargetFramework!>!
-NuGet.Commands.Restore.ITargetFramework
-NuGet.Commands.Restore.ITargetFramework.GetItems(string! itemType) -> System.Collections.Generic.IReadOnlyList<NuGet.Commands.Restore.IItem!>!
-NuGet.Commands.Restore.ITargetFramework.GetProperty(string! propertyName) -> string!
-NuGet.Commands.Restore.Utility.PackageSpecFactory
-static NuGet.Commands.Restore.Utility.PackageSpecFactory.GetPackageSpec(NuGet.Commands.Restore.IProject! project, NuGet.Configuration.ISettings! settings) -> NuGet.ProjectModel.PackageSpec?
-~static NuGet.Commands.MSBuildRestoreUtility.GetRestoreAuditProperties(NuGet.Commands.IMSBuildItem specItem, System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> allItems, System.Collections.Generic.HashSet<string> suppressionItems) -> NuGet.ProjectModel.RestoreAuditProperties
-~static NuGet.Commands.PushRunner.Run(NuGet.Configuration.ISettings settings, NuGet.Configuration.IPackageSourceProvider sourceProvider, System.Collections.Generic.IList<string> packagePaths, string source, string apiKey, string symbolSource, string symbolApiKey, int timeoutSeconds, bool disableBuffering, bool noSymbols, bool noServiceEndpoint, bool skipDuplicate, bool allowInsecureConnections, NuGet.Common.ILogger logger) -> System.Threading.Tasks.Task
-~static NuGet.Commands.RestoreRunner.RunWithoutCommitAsync(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Shipped.txt
index 6bda528d21c..cfbf696fbef 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Shipped.txt
@@ -451,6 +451,18 @@ NuGet.Commands.ResolverRequest
 ~NuGet.Commands.ResolverRequest.Request.get -> NuGet.LibraryModel.LibraryRange
 ~NuGet.Commands.ResolverRequest.Requestor.get -> NuGet.LibraryModel.LibraryIdentity
 ~NuGet.Commands.ResolverRequest.ResolverRequest(NuGet.LibraryModel.LibraryIdentity requestor, NuGet.LibraryModel.LibraryRange request) -> void
+NuGet.Commands.Restore.IItem
+NuGet.Commands.Restore.IItem.GetMetadata(string! name) -> string!
+NuGet.Commands.Restore.IItem.Identity.get -> string!
+NuGet.Commands.Restore.IProject
+NuGet.Commands.Restore.IProject.Directory.get -> string!
+NuGet.Commands.Restore.IProject.FullPath.get -> string!
+NuGet.Commands.Restore.IProject.OuterBuild.get -> NuGet.Commands.Restore.ITargetFramework!
+NuGet.Commands.Restore.IProject.TargetFrameworks.get -> System.Collections.Generic.IReadOnlyDictionary<string!, NuGet.Commands.Restore.ITargetFramework!>!
+NuGet.Commands.Restore.ITargetFramework
+NuGet.Commands.Restore.ITargetFramework.GetItems(string! itemType) -> System.Collections.Generic.IReadOnlyList<NuGet.Commands.Restore.IItem!>!
+NuGet.Commands.Restore.ITargetFramework.GetProperty(string! propertyName) -> string!
+NuGet.Commands.Restore.Utility.PackageSpecFactory
 NuGet.Commands.RestoreArgs
 ~NuGet.Commands.RestoreArgs.AdditionalMessages.get -> System.Collections.Generic.IReadOnlyList<NuGet.ProjectModel.IAssetsLogMessage>
 ~NuGet.Commands.RestoreArgs.AdditionalMessages.set -> void
@@ -937,6 +949,7 @@ override NuGet.Commands.WarningPropertiesCollection.GetHashCode() -> int
 ~static NuGet.Commands.MSBuildRestoreUtility.GetLibraryDependencyIncludeFlags(string includeAssets, string excludeAssets, string privateAssets) -> (NuGet.LibraryModel.LibraryIncludeFlags includeType, NuGet.LibraryModel.LibraryIncludeFlags suppressParent)
 ~static NuGet.Commands.MSBuildRestoreUtility.GetMessageForUnsupportedProject(string path) -> NuGet.Common.RestoreLogMessage
 ~static NuGet.Commands.MSBuildRestoreUtility.GetPackageSpec(System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> items) -> NuGet.ProjectModel.PackageSpec
+~static NuGet.Commands.MSBuildRestoreUtility.GetRestoreAuditProperties(NuGet.Commands.IMSBuildItem specItem, System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> allItems, System.Collections.Generic.HashSet<string> suppressionItems) -> NuGet.ProjectModel.RestoreAuditProperties
 ~static NuGet.Commands.MSBuildRestoreUtility.GetSdkAnalysisLevel(string sdkAnalysisLevel) -> NuGet.Versioning.NuGetVersion
 ~static NuGet.Commands.MSBuildRestoreUtility.GetUsingMicrosoftNETSdk(string usingMicrosoftNETSdk) -> bool
 ~static NuGet.Commands.MSBuildRestoreUtility.GetWarningForUnsupportedProject(string path) -> NuGet.Common.RestoreLogMessage
@@ -961,17 +974,20 @@ override NuGet.Commands.WarningPropertiesCollection.GetHashCode() -> int
 ~static NuGet.Commands.PackageSourceProviderExtensions.ResolveSource(System.Collections.Generic.IEnumerable<NuGet.Configuration.PackageSource> availableSources, string source) -> NuGet.Configuration.PackageSource
 ~static NuGet.Commands.PackageSpecificWarningProperties.CreatePackageSpecificWarningProperties(NuGet.ProjectModel.PackageSpec packageSpec) -> NuGet.Commands.PackageSpecificWarningProperties
 ~static NuGet.Commands.PackageSpecificWarningProperties.CreatePackageSpecificWarningProperties(NuGet.ProjectModel.PackageSpec packageSpec, NuGet.Frameworks.NuGetFramework framework) -> NuGet.Commands.PackageSpecificWarningProperties
+~static NuGet.Commands.PushRunner.Run(NuGet.Configuration.ISettings settings, NuGet.Configuration.IPackageSourceProvider sourceProvider, System.Collections.Generic.IList<string> packagePaths, string source, string apiKey, string symbolSource, string symbolApiKey, int timeoutSeconds, bool disableBuffering, bool noSymbols, bool noServiceEndpoint, bool skipDuplicate, bool allowInsecureConnections, NuGet.Common.ILogger logger) -> System.Threading.Tasks.Task
 ~static NuGet.Commands.RemoveClientCertRunner.Run(NuGet.Commands.RemoveClientCertArgs args, System.Func<NuGet.Common.ILogger> getLogger) -> void
 ~static NuGet.Commands.RemoveSourceRunner.Run(NuGet.Commands.RemoveSourceArgs args, System.Func<NuGet.Common.ILogger> getLogger) -> void
 ~static NuGet.Commands.RequestRuntimeUtility.GetDefaultRestoreRuntimes(string os, string runtimeOsName) -> System.Collections.Generic.IEnumerable<string>
 static NuGet.Commands.ResolvedDependencyKey.operator !=(NuGet.Commands.ResolvedDependencyKey left, NuGet.Commands.ResolvedDependencyKey right) -> bool
 static NuGet.Commands.ResolvedDependencyKey.operator ==(NuGet.Commands.ResolvedDependencyKey left, NuGet.Commands.ResolvedDependencyKey right) -> bool
+static NuGet.Commands.Restore.Utility.PackageSpecFactory.GetPackageSpec(NuGet.Commands.Restore.IProject! project, NuGet.Configuration.ISettings! settings) -> NuGet.ProjectModel.PackageSpec?
 ~static NuGet.Commands.RestoreRunner.CommitAsync(NuGet.Commands.RestoreResultPair restoreResult, System.Threading.CancellationToken token) -> System.Threading.Tasks.Task<NuGet.Commands.RestoreSummary>
 ~static NuGet.Commands.RestoreRunner.GetInvalidInputErrorMessage(string input) -> string
 ~static NuGet.Commands.RestoreRunner.GetRequests(NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummaryRequest>>
 ~static NuGet.Commands.RestoreRunner.RunAsync(NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary>>
 ~static NuGet.Commands.RestoreRunner.RunAsync(NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken token) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary>>
 ~static NuGet.Commands.RestoreRunner.RunWithoutCommit(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
+~static NuGet.Commands.RestoreRunner.RunWithoutCommitAsync(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
 ~static NuGet.Commands.RestoreSpecException.Create(string message, System.Collections.Generic.IEnumerable<string> files) -> NuGet.Commands.RestoreSpecException
 ~static NuGet.Commands.RestoreSpecException.Create(string message, System.Collections.Generic.IEnumerable<string> files, System.Exception innerException) -> NuGet.Commands.RestoreSpecException
 ~static NuGet.Commands.RestoreSummary.Log(NuGet.Common.ILogger logger, System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary> restoreSummaries, bool logErrors = false) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Unshipped.txt
index 6440dae894d..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/net8.0/PublicAPI.Unshipped.txt
@@ -1,17 +1 @@
 #nullable enable
-NuGet.Commands.Restore.IItem
-NuGet.Commands.Restore.IItem.GetMetadata(string! name) -> string!
-NuGet.Commands.Restore.IItem.Identity.get -> string!
-NuGet.Commands.Restore.IProject
-NuGet.Commands.Restore.IProject.Directory.get -> string!
-NuGet.Commands.Restore.IProject.FullPath.get -> string!
-NuGet.Commands.Restore.IProject.OuterBuild.get -> NuGet.Commands.Restore.ITargetFramework!
-NuGet.Commands.Restore.IProject.TargetFrameworks.get -> System.Collections.Generic.IReadOnlyDictionary<string!, NuGet.Commands.Restore.ITargetFramework!>!
-NuGet.Commands.Restore.ITargetFramework
-NuGet.Commands.Restore.ITargetFramework.GetItems(string! itemType) -> System.Collections.Generic.IReadOnlyList<NuGet.Commands.Restore.IItem!>!
-NuGet.Commands.Restore.ITargetFramework.GetProperty(string! propertyName) -> string!
-NuGet.Commands.Restore.Utility.PackageSpecFactory
-static NuGet.Commands.Restore.Utility.PackageSpecFactory.GetPackageSpec(NuGet.Commands.Restore.IProject! project, NuGet.Configuration.ISettings! settings) -> NuGet.ProjectModel.PackageSpec?
-~static NuGet.Commands.MSBuildRestoreUtility.GetRestoreAuditProperties(NuGet.Commands.IMSBuildItem specItem, System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> allItems, System.Collections.Generic.HashSet<string> suppressionItems) -> NuGet.ProjectModel.RestoreAuditProperties
-~static NuGet.Commands.PushRunner.Run(NuGet.Configuration.ISettings settings, NuGet.Configuration.IPackageSourceProvider sourceProvider, System.Collections.Generic.IList<string> packagePaths, string source, string apiKey, string symbolSource, string symbolApiKey, int timeoutSeconds, bool disableBuffering, bool noSymbols, bool noServiceEndpoint, bool skipDuplicate, bool allowInsecureConnections, NuGet.Common.ILogger logger) -> System.Threading.Tasks.Task
-~static NuGet.Commands.RestoreRunner.RunWithoutCommitAsync(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt
index f65c6f59dec..cd685144e40 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt
@@ -452,6 +452,18 @@ NuGet.Commands.ResolverRequest
 ~NuGet.Commands.ResolverRequest.Request.get -> NuGet.LibraryModel.LibraryRange
 ~NuGet.Commands.ResolverRequest.Requestor.get -> NuGet.LibraryModel.LibraryIdentity
 ~NuGet.Commands.ResolverRequest.ResolverRequest(NuGet.LibraryModel.LibraryIdentity requestor, NuGet.LibraryModel.LibraryRange request) -> void
+NuGet.Commands.Restore.IItem
+NuGet.Commands.Restore.IItem.GetMetadata(string! name) -> string!
+NuGet.Commands.Restore.IItem.Identity.get -> string!
+NuGet.Commands.Restore.IProject
+NuGet.Commands.Restore.IProject.Directory.get -> string!
+NuGet.Commands.Restore.IProject.FullPath.get -> string!
+NuGet.Commands.Restore.IProject.OuterBuild.get -> NuGet.Commands.Restore.ITargetFramework!
+NuGet.Commands.Restore.IProject.TargetFrameworks.get -> System.Collections.Generic.IReadOnlyDictionary<string!, NuGet.Commands.Restore.ITargetFramework!>!
+NuGet.Commands.Restore.ITargetFramework
+NuGet.Commands.Restore.ITargetFramework.GetItems(string! itemType) -> System.Collections.Generic.IReadOnlyList<NuGet.Commands.Restore.IItem!>!
+NuGet.Commands.Restore.ITargetFramework.GetProperty(string! propertyName) -> string!
+NuGet.Commands.Restore.Utility.PackageSpecFactory
 NuGet.Commands.RestoreArgs
 ~NuGet.Commands.RestoreArgs.AdditionalMessages.get -> System.Collections.Generic.IReadOnlyList<NuGet.ProjectModel.IAssetsLogMessage>
 ~NuGet.Commands.RestoreArgs.AdditionalMessages.set -> void
@@ -942,6 +954,7 @@ override NuGet.Commands.WarningPropertiesCollection.GetHashCode() -> int
 ~static NuGet.Commands.MSBuildRestoreUtility.GetLibraryDependencyIncludeFlags(string includeAssets, string excludeAssets, string privateAssets) -> (NuGet.LibraryModel.LibraryIncludeFlags includeType, NuGet.LibraryModel.LibraryIncludeFlags suppressParent)
 ~static NuGet.Commands.MSBuildRestoreUtility.GetMessageForUnsupportedProject(string path) -> NuGet.Common.RestoreLogMessage
 ~static NuGet.Commands.MSBuildRestoreUtility.GetPackageSpec(System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> items) -> NuGet.ProjectModel.PackageSpec
+~static NuGet.Commands.MSBuildRestoreUtility.GetRestoreAuditProperties(NuGet.Commands.IMSBuildItem specItem, System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> allItems, System.Collections.Generic.HashSet<string> suppressionItems) -> NuGet.ProjectModel.RestoreAuditProperties
 ~static NuGet.Commands.MSBuildRestoreUtility.GetSdkAnalysisLevel(string sdkAnalysisLevel) -> NuGet.Versioning.NuGetVersion
 ~static NuGet.Commands.MSBuildRestoreUtility.GetUsingMicrosoftNETSdk(string usingMicrosoftNETSdk) -> bool
 ~static NuGet.Commands.MSBuildRestoreUtility.GetWarningForUnsupportedProject(string path) -> NuGet.Common.RestoreLogMessage
@@ -966,17 +979,20 @@ override NuGet.Commands.WarningPropertiesCollection.GetHashCode() -> int
 ~static NuGet.Commands.PackageSourceProviderExtensions.ResolveSource(System.Collections.Generic.IEnumerable<NuGet.Configuration.PackageSource> availableSources, string source) -> NuGet.Configuration.PackageSource
 ~static NuGet.Commands.PackageSpecificWarningProperties.CreatePackageSpecificWarningProperties(NuGet.ProjectModel.PackageSpec packageSpec) -> NuGet.Commands.PackageSpecificWarningProperties
 ~static NuGet.Commands.PackageSpecificWarningProperties.CreatePackageSpecificWarningProperties(NuGet.ProjectModel.PackageSpec packageSpec, NuGet.Frameworks.NuGetFramework framework) -> NuGet.Commands.PackageSpecificWarningProperties
+~static NuGet.Commands.PushRunner.Run(NuGet.Configuration.ISettings settings, NuGet.Configuration.IPackageSourceProvider sourceProvider, System.Collections.Generic.IList<string> packagePaths, string source, string apiKey, string symbolSource, string symbolApiKey, int timeoutSeconds, bool disableBuffering, bool noSymbols, bool noServiceEndpoint, bool skipDuplicate, bool allowInsecureConnections, NuGet.Common.ILogger logger) -> System.Threading.Tasks.Task
 ~static NuGet.Commands.RemoveClientCertRunner.Run(NuGet.Commands.RemoveClientCertArgs args, System.Func<NuGet.Common.ILogger> getLogger) -> void
 ~static NuGet.Commands.RemoveSourceRunner.Run(NuGet.Commands.RemoveSourceArgs args, System.Func<NuGet.Common.ILogger> getLogger) -> void
 ~static NuGet.Commands.RequestRuntimeUtility.GetDefaultRestoreRuntimes(string os, string runtimeOsName) -> System.Collections.Generic.IEnumerable<string>
 static NuGet.Commands.ResolvedDependencyKey.operator !=(NuGet.Commands.ResolvedDependencyKey left, NuGet.Commands.ResolvedDependencyKey right) -> bool
 static NuGet.Commands.ResolvedDependencyKey.operator ==(NuGet.Commands.ResolvedDependencyKey left, NuGet.Commands.ResolvedDependencyKey right) -> bool
+static NuGet.Commands.Restore.Utility.PackageSpecFactory.GetPackageSpec(NuGet.Commands.Restore.IProject! project, NuGet.Configuration.ISettings! settings) -> NuGet.ProjectModel.PackageSpec?
 ~static NuGet.Commands.RestoreRunner.CommitAsync(NuGet.Commands.RestoreResultPair restoreResult, System.Threading.CancellationToken token) -> System.Threading.Tasks.Task<NuGet.Commands.RestoreSummary>
 ~static NuGet.Commands.RestoreRunner.GetInvalidInputErrorMessage(string input) -> string
 ~static NuGet.Commands.RestoreRunner.GetRequests(NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummaryRequest>>
 ~static NuGet.Commands.RestoreRunner.RunAsync(NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary>>
 ~static NuGet.Commands.RestoreRunner.RunAsync(NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken token) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary>>
 ~static NuGet.Commands.RestoreRunner.RunWithoutCommit(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
+~static NuGet.Commands.RestoreRunner.RunWithoutCommitAsync(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
 ~static NuGet.Commands.RestoreSpecException.Create(string message, System.Collections.Generic.IEnumerable<string> files) -> NuGet.Commands.RestoreSpecException
 ~static NuGet.Commands.RestoreSpecException.Create(string message, System.Collections.Generic.IEnumerable<string> files, System.Exception innerException) -> NuGet.Commands.RestoreSpecException
 ~static NuGet.Commands.RestoreSummary.Log(NuGet.Common.ILogger logger, System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreSummary> restoreSummaries, bool logErrors = false) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
index 6440dae894d..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Commands/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
@@ -1,17 +1 @@
 #nullable enable
-NuGet.Commands.Restore.IItem
-NuGet.Commands.Restore.IItem.GetMetadata(string! name) -> string!
-NuGet.Commands.Restore.IItem.Identity.get -> string!
-NuGet.Commands.Restore.IProject
-NuGet.Commands.Restore.IProject.Directory.get -> string!
-NuGet.Commands.Restore.IProject.FullPath.get -> string!
-NuGet.Commands.Restore.IProject.OuterBuild.get -> NuGet.Commands.Restore.ITargetFramework!
-NuGet.Commands.Restore.IProject.TargetFrameworks.get -> System.Collections.Generic.IReadOnlyDictionary<string!, NuGet.Commands.Restore.ITargetFramework!>!
-NuGet.Commands.Restore.ITargetFramework
-NuGet.Commands.Restore.ITargetFramework.GetItems(string! itemType) -> System.Collections.Generic.IReadOnlyList<NuGet.Commands.Restore.IItem!>!
-NuGet.Commands.Restore.ITargetFramework.GetProperty(string! propertyName) -> string!
-NuGet.Commands.Restore.Utility.PackageSpecFactory
-static NuGet.Commands.Restore.Utility.PackageSpecFactory.GetPackageSpec(NuGet.Commands.Restore.IProject! project, NuGet.Configuration.ISettings! settings) -> NuGet.ProjectModel.PackageSpec?
-~static NuGet.Commands.MSBuildRestoreUtility.GetRestoreAuditProperties(NuGet.Commands.IMSBuildItem specItem, System.Collections.Generic.IEnumerable<NuGet.Commands.IMSBuildItem> allItems, System.Collections.Generic.HashSet<string> suppressionItems) -> NuGet.ProjectModel.RestoreAuditProperties
-~static NuGet.Commands.PushRunner.Run(NuGet.Configuration.ISettings settings, NuGet.Configuration.IPackageSourceProvider sourceProvider, System.Collections.Generic.IList<string> packagePaths, string source, string apiKey, string symbolSource, string symbolApiKey, int timeoutSeconds, bool disableBuffering, bool noSymbols, bool noServiceEndpoint, bool skipDuplicate, bool allowInsecureConnections, NuGet.Common.ILogger logger) -> System.Threading.Tasks.Task
-~static NuGet.Commands.RestoreRunner.RunWithoutCommitAsync(System.Collections.Generic.IEnumerable<NuGet.Commands.RestoreSummaryRequest> restoreRequests, NuGet.Commands.RestoreArgs restoreContext, System.Threading.CancellationToken cancellationToken) -> System.Threading.Tasks.Task<System.Collections.Generic.IReadOnlyList<NuGet.Commands.RestoreResultPair>>
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Shipped.txt
index a757873b67a..dfc2b738b03 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Shipped.txt
@@ -179,6 +179,9 @@ NuGet.Common.NuGetLogCode.NU1011 = 1011 -> NuGet.Common.NuGetLogCode
 NuGet.Common.NuGetLogCode.NU1012 = 1012 -> NuGet.Common.NuGetLogCode
 NuGet.Common.NuGetLogCode.NU1013 = 1013 -> NuGet.Common.NuGetLogCode
 NuGet.Common.NuGetLogCode.NU1014 = 1014 -> NuGet.Common.NuGetLogCode
+NuGet.Common.NuGetLogCode.NU1015 = 1015 -> NuGet.Common.NuGetLogCode
+NuGet.Common.NuGetLogCode.NU1016 = 1016 -> NuGet.Common.NuGetLogCode
+NuGet.Common.NuGetLogCode.NU1017 = 1017 -> NuGet.Common.NuGetLogCode
 NuGet.Common.NuGetLogCode.NU1100 = 1100 -> NuGet.Common.NuGetLogCode
 NuGet.Common.NuGetLogCode.NU1101 = 1101 -> NuGet.Common.NuGetLogCode
 NuGet.Common.NuGetLogCode.NU1102 = 1102 -> NuGet.Common.NuGetLogCode
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Unshipped.txt
index ebce19734ad..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Common/PublicAPI.Unshipped.txt
@@ -1,4 +1 @@
 #nullable enable
-NuGet.Common.NuGetLogCode.NU1015 = 1015 -> NuGet.Common.NuGetLogCode
-NuGet.Common.NuGetLogCode.NU1016 = 1016 -> NuGet.Common.NuGetLogCode
-NuGet.Common.NuGetLogCode.NU1017 = 1017 -> NuGet.Common.NuGetLogCode
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Shipped.txt
index 90de0e574bb..52958a3d0ec 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Shipped.txt
@@ -704,6 +704,7 @@ NuGet.ProjectManagement.XmlUtility
 ~const NuGet.ProjectManagement.ProjectBuildProperties.RestoreEnablePackagePruning = "RestoreEnablePackagePruning" -> string
 ~const NuGet.ProjectManagement.ProjectBuildProperties.RestoreFallbackFolders = "RestoreFallbackFolders" -> string
 ~const NuGet.ProjectManagement.ProjectBuildProperties.RestoreLockedMode = "RestoreLockedMode" -> string
+~const NuGet.ProjectManagement.ProjectBuildProperties.RestorePackagePruningDefault = "RestorePackagePruningDefault" -> string
 ~const NuGet.ProjectManagement.ProjectBuildProperties.RestorePackagesPath = "RestorePackagesPath" -> string
 ~const NuGet.ProjectManagement.ProjectBuildProperties.RestorePackagesWithLockFile = "RestorePackagesWithLockFile" -> string
 ~const NuGet.ProjectManagement.ProjectBuildProperties.RestoreProjectStyle = "RestoreProjectStyle" -> string
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Unshipped.txt
index b25c3701d90..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.PackageManagement/PublicAPI.Unshipped.txt
@@ -1,2 +1 @@
 #nullable enable
-~const NuGet.ProjectManagement.ProjectBuildProperties.RestorePackagePruningDefault = "RestorePackagePruningDefault" -> string
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Shipped.txt
index 55f3e93a0a9..b8e9cd62eb7 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Shipped.txt
@@ -324,6 +324,8 @@ NuGet.Packaging.IPackageResolver
 ~NuGet.Packaging.IPackageResolver.Resolve(System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity> targets, System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageDependencyInfo> availablePackages, System.Threading.CancellationToken token) -> System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity>
 ~NuGet.Packaging.IPackageResolver.Resolve(System.Collections.Generic.IEnumerable<string> targets, System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageDependencyInfo> availablePackages, System.Collections.Generic.IEnumerable<NuGet.Packaging.PackageReference> installedPackages, System.Threading.CancellationToken token) -> System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity>
 ~NuGet.Packaging.IPackageResolver.Resolve(System.Collections.Generic.IEnumerable<string> targets, System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageDependencyInfo> availablePackages, System.Threading.CancellationToken token) -> System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity>
+NuGet.Packaging.InvalidPackageIdException
+~NuGet.Packaging.InvalidPackageIdException.InvalidPackageIdException(string message) -> void
 NuGet.Packaging.LicenseMetadata
 ~NuGet.Packaging.LicenseMetadata.Equals(NuGet.Packaging.LicenseMetadata other) -> bool
 ~NuGet.Packaging.LicenseMetadata.License.get -> string
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Unshipped.txt
index 0a00b8a99d4..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net472/PublicAPI.Unshipped.txt
@@ -1,3 +1 @@
 #nullable enable
-NuGet.Packaging.InvalidPackageIdException
-~NuGet.Packaging.InvalidPackageIdException.InvalidPackageIdException(string message) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Shipped.txt
index d316aaa5c16..b37b765ae34 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Shipped.txt
@@ -324,6 +324,8 @@ NuGet.Packaging.IPackageResolver
 ~NuGet.Packaging.IPackageResolver.Resolve(System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity> targets, System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageDependencyInfo> availablePackages, System.Threading.CancellationToken token) -> System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity>
 ~NuGet.Packaging.IPackageResolver.Resolve(System.Collections.Generic.IEnumerable<string> targets, System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageDependencyInfo> availablePackages, System.Collections.Generic.IEnumerable<NuGet.Packaging.PackageReference> installedPackages, System.Threading.CancellationToken token) -> System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity>
 ~NuGet.Packaging.IPackageResolver.Resolve(System.Collections.Generic.IEnumerable<string> targets, System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageDependencyInfo> availablePackages, System.Threading.CancellationToken token) -> System.Collections.Generic.IEnumerable<NuGet.Packaging.Core.PackageIdentity>
+NuGet.Packaging.InvalidPackageIdException
+~NuGet.Packaging.InvalidPackageIdException.InvalidPackageIdException(string message) -> void
 NuGet.Packaging.LicenseMetadata
 ~NuGet.Packaging.LicenseMetadata.Equals(NuGet.Packaging.LicenseMetadata other) -> bool
 ~NuGet.Packaging.LicenseMetadata.License.get -> string
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Unshipped.txt
index 0a00b8a99d4..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Packaging/PublicAPI/net8.0/PublicAPI.Unshipped.txt
@@ -1,3 +1 @@
 #nullable enable
-NuGet.Packaging.InvalidPackageIdException
-~NuGet.Packaging.InvalidPackageIdException.InvalidPackageIdException(string message) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Shipped.txt
index 8d36e1eedd2..ab1dfe71684 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Shipped.txt
@@ -10,7 +10,6 @@ NuGet.ProjectModel.AssetsLogMessage.EndLineNumber.set -> void
 ~NuGet.ProjectModel.AssetsLogMessage.Equals(NuGet.ProjectModel.IAssetsLogMessage other) -> bool
 ~NuGet.ProjectModel.AssetsLogMessage.FilePath.get -> string
 ~NuGet.ProjectModel.AssetsLogMessage.FilePath.set -> void
-NuGet.ProjectModel.PackageSpec.IsDefaultVersion.get -> bool
 NuGet.ProjectModel.AssetsLogMessage.Level.get -> NuGet.Common.LogLevel
 ~NuGet.ProjectModel.AssetsLogMessage.LibraryId.get -> string
 ~NuGet.ProjectModel.AssetsLogMessage.LibraryId.set -> void
@@ -200,14 +199,23 @@ NuGet.ProjectModel.LockFileItem
 NuGet.ProjectModel.LockFileLibrary
 ~NuGet.ProjectModel.LockFileLibrary.Equals(NuGet.ProjectModel.LockFileLibrary other) -> bool
 ~NuGet.ProjectModel.LockFileLibrary.Files.get -> System.Collections.Generic.IList<string>
+~NuGet.ProjectModel.LockFileLibrary.Files.init -> void
 NuGet.ProjectModel.LockFileLibrary.HasTools.get -> bool
+NuGet.ProjectModel.LockFileLibrary.HasTools.init -> void
 NuGet.ProjectModel.LockFileLibrary.IsServiceable.get -> bool
+NuGet.ProjectModel.LockFileLibrary.IsServiceable.init -> void
 ~NuGet.ProjectModel.LockFileLibrary.MSBuildProject.get -> string
+~NuGet.ProjectModel.LockFileLibrary.MSBuildProject.init -> void
 ~NuGet.ProjectModel.LockFileLibrary.Name.get -> string
+~NuGet.ProjectModel.LockFileLibrary.Name.init -> void
 ~NuGet.ProjectModel.LockFileLibrary.Path.get -> string
+~NuGet.ProjectModel.LockFileLibrary.Path.init -> void
 ~NuGet.ProjectModel.LockFileLibrary.Sha512.get -> string
+~NuGet.ProjectModel.LockFileLibrary.Sha512.init -> void
 ~NuGet.ProjectModel.LockFileLibrary.Type.get -> string
+~NuGet.ProjectModel.LockFileLibrary.Type.init -> void
 ~NuGet.ProjectModel.LockFileLibrary.Version.get -> NuGet.Versioning.NuGetVersion
+~NuGet.ProjectModel.LockFileLibrary.Version.init -> void
 NuGet.ProjectModel.LockFileReadFlags
 NuGet.ProjectModel.LockFileReadFlags.All = NuGet.ProjectModel.LockFileReadFlags.Libraries | NuGet.ProjectModel.LockFileReadFlags.Targets | NuGet.ProjectModel.LockFileReadFlags.ProjectFileDependencyGroups | NuGet.ProjectModel.LockFileReadFlags.PackageFolders | NuGet.ProjectModel.LockFileReadFlags.PackageSpec | NuGet.ProjectModel.LockFileReadFlags.CentralTransitiveDependencyGroups | NuGet.ProjectModel.LockFileReadFlags.LogMessages -> NuGet.ProjectModel.LockFileReadFlags
 NuGet.ProjectModel.LockFileReadFlags.CentralTransitiveDependencyGroups = 32 -> NuGet.ProjectModel.LockFileReadFlags
@@ -292,6 +300,7 @@ NuGet.ProjectModel.PackageSpec
 ~NuGet.ProjectModel.PackageSpec.Equals(NuGet.ProjectModel.PackageSpec other) -> bool
 ~NuGet.ProjectModel.PackageSpec.FilePath.get -> string
 ~NuGet.ProjectModel.PackageSpec.FilePath.set -> void
+NuGet.ProjectModel.PackageSpec.IsDefaultVersion.get -> bool
 ~NuGet.ProjectModel.PackageSpec.Name.get -> string
 ~NuGet.ProjectModel.PackageSpec.Name.set -> void
 NuGet.ProjectModel.PackageSpec.PackageSpec() -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Unshipped.txt
index f947a3e8805..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.ProjectModel/PublicAPI.Unshipped.txt
@@ -1,10 +1 @@
 #nullable enable
-NuGet.ProjectModel.LockFileLibrary.HasTools.init -> void
-NuGet.ProjectModel.LockFileLibrary.IsServiceable.init -> void
-~NuGet.ProjectModel.LockFileLibrary.Files.init -> void
-~NuGet.ProjectModel.LockFileLibrary.MSBuildProject.init -> void
-~NuGet.ProjectModel.LockFileLibrary.Name.init -> void
-~NuGet.ProjectModel.LockFileLibrary.Path.init -> void
-~NuGet.ProjectModel.LockFileLibrary.Sha512.init -> void
-~NuGet.ProjectModel.LockFileLibrary.Type.init -> void
-~NuGet.ProjectModel.LockFileLibrary.Version.init -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Shipped.txt
index 4df8872c355..69660adee11 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Shipped.txt
@@ -531,6 +531,9 @@ NuGet.Protocol.HttpSourceCredentials
 NuGet.Protocol.HttpSourceCredentials.HttpSourceCredentials() -> void
 ~NuGet.Protocol.HttpSourceCredentials.HttpSourceCredentials(System.Net.ICredentials credentials = null) -> void
 NuGet.Protocol.HttpSourceCredentials.Version.get -> System.Guid
+NuGet.Protocol.HttpSourceException
+~NuGet.Protocol.HttpSourceException.HttpSourceException(string message) -> void
+~NuGet.Protocol.HttpSourceException.HttpSourceException(string message, System.Exception innerException) -> void
 NuGet.Protocol.HttpSourceRequest
 NuGet.Protocol.HttpSourceRequest.DownloadTimeout.get -> System.TimeSpan
 NuGet.Protocol.HttpSourceRequest.DownloadTimeout.set -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Unshipped.txt
index 7d0eac755a3..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net472/PublicAPI.Unshipped.txt
@@ -1,4 +1 @@
 #nullable enable
-NuGet.Protocol.HttpSourceException
-~NuGet.Protocol.HttpSourceException.HttpSourceException(string message) -> void
-~NuGet.Protocol.HttpSourceException.HttpSourceException(string message, System.Exception innerException) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Shipped.txt
index 7fd5836dbaa..20da4e8693b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Shipped.txt
@@ -531,6 +531,9 @@ NuGet.Protocol.HttpSourceCredentials
 NuGet.Protocol.HttpSourceCredentials.HttpSourceCredentials() -> void
 ~NuGet.Protocol.HttpSourceCredentials.HttpSourceCredentials(System.Net.ICredentials credentials = null) -> void
 NuGet.Protocol.HttpSourceCredentials.Version.get -> System.Guid
+NuGet.Protocol.HttpSourceException
+~NuGet.Protocol.HttpSourceException.HttpSourceException(string message) -> void
+~NuGet.Protocol.HttpSourceException.HttpSourceException(string message, System.Exception innerException) -> void
 NuGet.Protocol.HttpSourceRequest
 NuGet.Protocol.HttpSourceRequest.DownloadTimeout.get -> System.TimeSpan
 NuGet.Protocol.HttpSourceRequest.DownloadTimeout.set -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Unshipped.txt
index 7d0eac755a3..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/net8.0/PublicAPI.Unshipped.txt
@@ -1,4 +1 @@
 #nullable enable
-NuGet.Protocol.HttpSourceException
-~NuGet.Protocol.HttpSourceException.HttpSourceException(string message) -> void
-~NuGet.Protocol.HttpSourceException.HttpSourceException(string message, System.Exception innerException) -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt
index 7fd5836dbaa..20da4e8693b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt
@@ -531,6 +531,9 @@ NuGet.Protocol.HttpSourceCredentials
 NuGet.Protocol.HttpSourceCredentials.HttpSourceCredentials() -> void
 ~NuGet.Protocol.HttpSourceCredentials.HttpSourceCredentials(System.Net.ICredentials credentials = null) -> void
 NuGet.Protocol.HttpSourceCredentials.Version.get -> System.Guid
+NuGet.Protocol.HttpSourceException
+~NuGet.Protocol.HttpSourceException.HttpSourceException(string message) -> void
+~NuGet.Protocol.HttpSourceException.HttpSourceException(string message, System.Exception innerException) -> void
 NuGet.Protocol.HttpSourceRequest
 NuGet.Protocol.HttpSourceRequest.DownloadTimeout.get -> System.TimeSpan
 NuGet.Protocol.HttpSourceRequest.DownloadTimeout.set -> void
diff --git a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
index 7d0eac755a3..7dc5c58110b 100644
--- a/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
+++ b/src/nuget-client/src/NuGet.Core/NuGet.Protocol/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt
@@ -1,4 +1 @@
 #nullable enable
-NuGet.Protocol.HttpSourceException
-~NuGet.Protocol.HttpSourceException.HttpSourceException(string message) -> void
-~NuGet.Protocol.HttpSourceException.HttpSourceException(string message, System.Exception innerException) -> void
diff --git a/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/Models/DetailedPackageMetadataTests.cs b/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/Models/DetailedPackageMetadataTests.cs
index cfe0084d78a..6c6dc0876a8 100644
--- a/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/Models/DetailedPackageMetadataTests.cs
+++ b/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/Models/DetailedPackageMetadataTests.cs
@@ -41,7 +41,7 @@ public void RemovesWwwSubdomainFromPackageDetailsText(string url, string expecte
 
             var packageSearchMetadataContextInfo = PackageSearchMetadataContextInfo.Create(packageSearchMetadata);
 
-            var target = new DetailedPackageMetadata(packageSearchMetadataContextInfo, deprecationMetadata: null, knownOwnerViewModels: null, downloadCount: null);
+            var target = new DetailedPackageMetadata(packageSearchMetadataContextInfo, deprecationMetadata: null, knownOwnerViewModels: null, downloadCount: null, packageVulnerabilities: null);
 
             Assert.Equal(expected, target.PackageDetailsText);
         }
diff --git a/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/NuGetSourcesServiceWrapperTests.cs b/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/NuGetSourcesServiceWrapperTests.cs
index 19d7dbbaff4..840a32a640b 100644
--- a/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/NuGetSourcesServiceWrapperTests.cs
+++ b/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.UI.Test/NuGetSourcesServiceWrapperTests.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
+using NuGet.Protocol.Core.Types;
 using NuGet.VisualStudio.Internal.Contracts;
 using Xunit;
 
@@ -129,6 +130,11 @@ public ValueTask<IReadOnlyList<PackageSourceContextInfo>> GetPackageSourcesAsync
             {
                 return new ValueTask<IReadOnlyList<PackageSourceContextInfo>>(PackageSources);
             }
+
+            public IReadOnlyList<SourceRepository> GetEnabledAuditSources()
+            {
+                throw new NotImplementedException();
+            }
         }
     }
 }
diff --git a/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.VisualStudio.Test/Services/PackageVulnerabilityServiceTests.cs b/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.VisualStudio.Test/Services/PackageVulnerabilityServiceTests.cs
index e4e69348dd7..e461dc0edc1 100644
--- a/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.VisualStudio.Test/Services/PackageVulnerabilityServiceTests.cs
+++ b/src/nuget-client/test/NuGet.Clients.Tests/NuGet.PackageManagement.VisualStudio.Test/Services/PackageVulnerabilityServiceTests.cs
@@ -58,12 +58,59 @@ public async Task GetVulnerabilityInfoAsync_ValidPackageId_ReturnsVulnerabilityI
             var providers = new List<INuGetResourceProvider> { new VulnerabilityInfoResourceProvider(vulnerabilityResults) };
 
             var sourceRepository = new SourceRepository(source, providers);
-            PackageVulnerabilityService packageVulnerabilityService = new PackageVulnerabilityService(new List<SourceRepository> { sourceRepository }, _testLogger);
+            IReadOnlyList<SourceRepository> auditSourceRepositories = new List<SourceRepository>().AsReadOnly();
+            PackageVulnerabilityService packageVulnerabilityService = new PackageVulnerabilityService(new List<SourceRepository> { sourceRepository }, auditSourceRepositories, _testLogger);
 
             // Act
-            List<PackageVulnerabilityMetadataContextInfo> vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            List<PackageVulnerabilityMetadataContextInfo>? vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
 
             // Assert
+            Assert.NotNull(vulnerabilities);
+            Assert.Equal(1, vulnerabilities.Count);
+        }
+
+        [Fact]
+        public async Task GetVulnerabilityInfoAsync_FromAuditSource_ReturnsVulnerabilityInfo()
+        {
+            // Arrange
+            PackageSource source = new PackageSource("https://contoso.test/v3/index.json");
+            PackageSource auditSource = new PackageSource("https://contoso.test/vulnerability/v3/index.json");
+            List<IReadOnlyDictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>> knownVulnerabilities = new List<IReadOnlyDictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>>()
+            {
+                new Dictionary<string, IReadOnlyList<PackageVulnerabilityInfo>>
+                {
+                    {
+                        "Package1",
+                        new PackageVulnerabilityInfo[] {
+                            new PackageVulnerabilityInfo(new Uri("https://vulnerability1"), PackageVulnerabilitySeverity.Low, VersionRange.Parse("[1.0.0,2.0.0)"))
+                        }
+                    }
+                }
+            };
+
+            Dictionary<string, GetVulnerabilityInfoResult> vulnerabilityResults = new()
+            {
+                { auditSource.Name, new GetVulnerabilityInfoResult(knownVulnerabilities, exceptions: null) }
+            };
+
+            var providers = new List<INuGetResourceProvider>();
+            var auditSourceProviders = new List<INuGetResourceProvider> { new VulnerabilityInfoResourceProvider(vulnerabilityResults) };
+
+            var sourceRepository = new SourceRepository(source, providers);
+            var auditSourceRepository = new SourceRepository(auditSource, auditSourceProviders);
+
+            IReadOnlyList<SourceRepository> auditSourceRepositories = new List<SourceRepository>(capacity: 1)
+            {
+                auditSourceRepository
+            };
+
+            PackageVulnerabilityService packageVulnerabilityService = new PackageVulnerabilityService(new List<SourceRepository> { sourceRepository }, auditSourceRepositories, _testLogger);
+
+            // Act
+            List<PackageVulnerabilityMetadataContextInfo>? vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+
+            // Assert
+            Assert.NotNull(vulnerabilities);
             Assert.Equal(1, vulnerabilities.Count);
         }
 
@@ -102,16 +149,20 @@ public async Task GetVulnerabilityInfoAsync_MultipleTimes_LoadsVulnerabilityData
             sourceRepository.Setup(s => s.GetResourceAsync<IVulnerabilityInfoResource>(CancellationToken.None))
                 .ReturnsAsync(vulnerabilityResource.Object);
 
-            PackageVulnerabilityService packageVulnerabilityService = new PackageVulnerabilityService(new List<SourceRepository> { sourceRepository.Object }, _testLogger);
+            IReadOnlyList<SourceRepository> auditSourceRepositories = new List<SourceRepository>().AsReadOnly();
+            PackageVulnerabilityService packageVulnerabilityService = new PackageVulnerabilityService(new List<SourceRepository> { sourceRepository.Object }, auditSourceRepositories, _testLogger);
 
             // Act & Assert
-            List<PackageVulnerabilityMetadataContextInfo> vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            List<PackageVulnerabilityMetadataContextInfo>? vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            Assert.NotNull(vulnerabilities);
             Assert.Equal(1, vulnerabilities.Count);
             Assert.Equal(1, getVulnerabilityCallCount);
             vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            Assert.NotNull(vulnerabilities);
             Assert.Equal(1, vulnerabilities.Count);
             Assert.Equal(1, getVulnerabilityCallCount);
             vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            Assert.NotNull(vulnerabilities);
             Assert.Equal(1, vulnerabilities.Count);
             Assert.Equal(1, getVulnerabilityCallCount);
         }
@@ -151,20 +202,24 @@ public async Task GetVulnerabilityInfoAsync_ResetVulnerabilityData_ResetsVulnera
             sourceRepository.Setup(s => s.GetResourceAsync<IVulnerabilityInfoResource>(CancellationToken.None))
                 .ReturnsAsync(vulnerabilityResource.Object);
 
-            PackageVulnerabilityService packageVulnerabilityService = new PackageVulnerabilityService(new List<SourceRepository> { sourceRepository.Object }, _testLogger);
+            IReadOnlyList<SourceRepository> auditSourceRepositories = new List<SourceRepository>().AsReadOnly();
+            PackageVulnerabilityService packageVulnerabilityService = new PackageVulnerabilityService(new List<SourceRepository> { sourceRepository.Object }, auditSourceRepositories, _testLogger);
 
             // Act & Assert
-            List<PackageVulnerabilityMetadataContextInfo> vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            List<PackageVulnerabilityMetadataContextInfo>? vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            Assert.NotNull(vulnerabilities);
             Assert.Equal(1, vulnerabilities.Count);
             Assert.Equal(1, getVulnerabilityCallCount);
             // Reset the vulnerability data
             packageVulnerabilityService.ResetVulnerabilityData();
             vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            Assert.NotNull(vulnerabilities);
             Assert.Equal(1, vulnerabilities.Count);
             Assert.Equal(2, getVulnerabilityCallCount);
             // Reset the vulnerability data again
             packageVulnerabilityService.ResetVulnerabilityData();
             vulnerabilities = await packageVulnerabilityService.GetVulnerabilityInfoAsync(new PackageIdentity("Package1", new NuGetVersion("1.0.0")), CancellationToken.None);
+            Assert.NotNull(vulnerabilities);
             Assert.Equal(1, vulnerabilities.Count);
             Assert.Equal(3, getVulnerabilityCallCount);
         }
diff --git a/src/nuget-client/test/NuGet.Core.FuncTests/Dotnet.Integration.Test/DotnetPackageUpdateTests.cs b/src/nuget-client/test/NuGet.Core.FuncTests/Dotnet.Integration.Test/DotnetPackageUpdateTests.cs
index ca7413114bb..f27561b4b93 100644
--- a/src/nuget-client/test/NuGet.Core.FuncTests/Dotnet.Integration.Test/DotnetPackageUpdateTests.cs
+++ b/src/nuget-client/test/NuGet.Core.FuncTests/Dotnet.Integration.Test/DotnetPackageUpdateTests.cs
@@ -93,6 +93,66 @@ public async Task SingleTfmProject_PackageVersionUpdated()
             packageReferenceA[0].Attribute("Version").Value.Should().Be("2.0.0");
         }
 
+        [Fact]
+        public async Task SingleTfmCpmProject_PackageVersionUpdated()
+        {
+            // Arrange
+            using var testContext = new SimpleTestPathContext();
+            File.WriteAllText(testContext.NuGetConfig, string.Format(NugetConfigFormat, testContext.PackageSource));
+
+            var a1 = new SimpleTestPackageContext("NuGet.Internal.Test.a", "1.0.0");
+            var a2 = new SimpleTestPackageContext("NuGet.Internal.Test.a", "2.0.0");
+
+            SimpleTestPackageContext[] packages = [a1, a2];
+            await SimpleTestPackageUtility.CreatePackagesAsync(testContext.PackageSource, packages);
+
+            var csprojContents = """
+                <Project Sdk="Microsoft.NET.Sdk">
+                    <PropertyGroup>
+                        <TargetFramework>net9.0</TargetFramework>
+                    </PropertyGroup>
+                    <ItemGroup>
+                        <PackageReference Include="NuGet.Internal.Test.a" />
+                    </ItemGroup>
+                </Project>
+                """;
+            var csprojPath = Path.Combine(testContext.SolutionRoot, "my.csproj");
+            File.WriteAllText(csprojPath, csprojContents);
+
+            var packagesPropsContents = """
+                <Project>
+                    <PropertyGroup>
+                        <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
+                    </PropertyGroup>
+                    <ItemGroup>
+                        <PackageVersion Include="NuGet.Internal.Test.a" Version="1.0.0" />
+                    </ItemGroup>
+                </Project>
+                """;
+            var packagesPropsPath = Path.Combine(testContext.SolutionRoot, "Directory.Packages.props");
+            File.WriteAllText(packagesPropsPath, packagesPropsContents);
+
+            // Act
+            var result = _testFixture.RunDotnetExpectSuccess(
+                workingDirectory: testContext.SolutionRoot,
+                args: $"package update NuGet.Internal.Test.a",
+                testOutputHelper: _testOutputHelper,
+                environmentVariables: _envVars);
+
+            // Assert
+            result.ExitCode.Should().Be(0);
+
+            XDocument csproj = XDocument.Load(csprojPath);
+            var packageReferenceA = csproj.XPathSelectElements("//PackageReference[@Include='NuGet.Internal.Test.a']").ToList();
+            packageReferenceA.Count.Should().Be(1);
+            packageReferenceA[0].Attribute("Version").Should().BeNull();
+
+            XDocument packagesProps = XDocument.Load(packagesPropsPath);
+            var packageVersionA = packagesProps.XPathSelectElements("//PackageVersion[@Include='NuGet.Internal.Test.a']").ToList();
+            packageVersionA.Count.Should().Be(1);
+            packageVersionA[0].Attribute("Version").Value.Should().Be("2.0.0");
+        }
+
         [Fact]
         public async Task MultiTfmProject_PackageVersionUpdated()
         {
diff --git a/src/nuget-client/test/NuGet.Core.Tests/NuGet.CommandLine.Xplat.Tests/Commands/Package/Update/PackageUpdateCommandRunnerTests/MultiProjectTests.cs b/src/nuget-client/test/NuGet.Core.Tests/NuGet.CommandLine.Xplat.Tests/Commands/Package/Update/PackageUpdateCommandRunnerTests/MultiProjectTests.cs
index 6b7c30b8dfe..117b1316b24 100644
--- a/src/nuget-client/test/NuGet.Core.Tests/NuGet.CommandLine.Xplat.Tests/Commands/Package/Update/PackageUpdateCommandRunnerTests/MultiProjectTests.cs
+++ b/src/nuget-client/test/NuGet.Core.Tests/NuGet.CommandLine.Xplat.Tests/Commands/Package/Update/PackageUpdateCommandRunnerTests/MultiProjectTests.cs
@@ -30,15 +30,15 @@ public async Task ProjectWithP2PReference_SinglePackage_UpdatesCorrectPackageVer
         var solutionDirectory = RuntimeEnvironmentHelper.IsWindows
             ? @"S:\path\to\repo\src"
             : @"/path/to/repo/src";
-        var project1Path = Path.Combine(solutionDirectory, "Project1", "Project1.csproj");
+        var project1Path = Path.Combine(solutionDirectory, "ConsoleApp1", "ConsoleApp1.csproj");
         var project1 = new TestPackageSpecFactory(project1Path, builder =>
         {
             builder.WithProperty("TargetFramework", "net9.0")
                    .WithItem("PackageReference", "Test.Package", [new("Version", "1.0.0")])
-                   .WithItem("ProjectReference", @"..\Project2\Project2.csproj", []);
+                   .WithItem("ProjectReference", @"..\ClassLib1\ClassLib1.csproj", []);
         }).Build();
 
-        var project2Path = Path.Combine(solutionDirectory, "Project2", "Project2.csproj");
+        var project2Path = Path.Combine(solutionDirectory, "ClassLib1", "ClassLib1.csproj");
         var project2 = new TestPackageSpecFactory(project2Path, builder =>
         {
             builder.WithProperty("TargetFramework", "net9.0");
diff --git a/src/runtime/eng/Version.Details.props b/src/runtime/eng/Version.Details.props
index 59e856f19c4..63bf3e97cf5 100644
--- a/src/runtime/eng/Version.Details.props
+++ b/src/runtime/eng/Version.Details.props
@@ -6,7 +6,7 @@ This file should be imported by eng/Versions.props
 <Project>
   <PropertyGroup>
     <!-- dotnet/icu dependencies -->
-    <MicrosoftNETCoreRuntimeICUTransportPackageVersion>10.0.0-rc.2.25466.2</MicrosoftNETCoreRuntimeICUTransportPackageVersion>
+    <MicrosoftNETCoreRuntimeICUTransportPackageVersion>10.0.0-rtm.25502.1</MicrosoftNETCoreRuntimeICUTransportPackageVersion>
     <!-- dotnet/wcf dependencies -->
     <SystemServiceModelPrimitivesPackageVersion>4.9.0-rc2.21473.1</SystemServiceModelPrimitivesPackageVersion>
     <!-- dotnet/llvm-project dependencies -->
@@ -100,12 +100,12 @@ This file should be imported by eng/Versions.props
     <MicrosoftDotNetXHarnessTestRunnersCommonPackageVersion>10.0.0-prerelease.25475.1</MicrosoftDotNetXHarnessTestRunnersCommonPackageVersion>
     <MicrosoftDotNetXHarnessTestRunnersXunitPackageVersion>10.0.0-prerelease.25475.1</MicrosoftDotNetXHarnessTestRunnersXunitPackageVersion>
     <!-- _git/dotnet-optimization dependencies -->
-    <optimizationlinuxarm64MIBCRuntimePackageVersion>1.0.0-prerelease.25467.1</optimizationlinuxarm64MIBCRuntimePackageVersion>
-    <optimizationlinuxx64MIBCRuntimePackageVersion>1.0.0-prerelease.25467.1</optimizationlinuxx64MIBCRuntimePackageVersion>
-    <optimizationPGOCoreCLRPackageVersion>1.0.0-prerelease.25467.1</optimizationPGOCoreCLRPackageVersion>
-    <optimizationwindows_ntarm64MIBCRuntimePackageVersion>1.0.0-prerelease.25467.1</optimizationwindows_ntarm64MIBCRuntimePackageVersion>
-    <optimizationwindows_ntx64MIBCRuntimePackageVersion>1.0.0-prerelease.25467.1</optimizationwindows_ntx64MIBCRuntimePackageVersion>
-    <optimizationwindows_ntx86MIBCRuntimePackageVersion>1.0.0-prerelease.25467.1</optimizationwindows_ntx86MIBCRuntimePackageVersion>
+    <optimizationlinuxarm64MIBCRuntimePackageVersion>1.0.0-prerelease.25502.1</optimizationlinuxarm64MIBCRuntimePackageVersion>
+    <optimizationlinuxx64MIBCRuntimePackageVersion>1.0.0-prerelease.25502.1</optimizationlinuxx64MIBCRuntimePackageVersion>
+    <optimizationPGOCoreCLRPackageVersion>1.0.0-prerelease.25502.1</optimizationPGOCoreCLRPackageVersion>
+    <optimizationwindows_ntarm64MIBCRuntimePackageVersion>1.0.0-prerelease.25502.1</optimizationwindows_ntarm64MIBCRuntimePackageVersion>
+    <optimizationwindows_ntx64MIBCRuntimePackageVersion>1.0.0-prerelease.25502.1</optimizationwindows_ntx64MIBCRuntimePackageVersion>
+    <optimizationwindows_ntx86MIBCRuntimePackageVersion>1.0.0-prerelease.25502.1</optimizationwindows_ntx86MIBCRuntimePackageVersion>
     <!-- dotnet/hotreload-utils dependencies -->
     <MicrosoftDotNetHotReloadUtilsGeneratorBuildToolPackageVersion>10.0.0-alpha.0.25479.2</MicrosoftDotNetHotReloadUtilsGeneratorBuildToolPackageVersion>
     <!-- dotnet/node dependencies -->
diff --git a/src/runtime/eng/Version.Details.xml b/src/runtime/eng/Version.Details.xml
index e40ce5b17dd..1f28d582d03 100644
--- a/src/runtime/eng/Version.Details.xml
+++ b/src/runtime/eng/Version.Details.xml
@@ -1,9 +1,9 @@
 <Dependencies>
   <Source Uri="https://github.com/dotnet/dotnet" Mapping="runtime" Sha="e72b5bbe719d747036ce9c36582a205df9f1c361" BarId="285185" />
   <ProductDependencies>
-    <Dependency Name="Microsoft.NETCore.Runtime.ICU.Transport" Version="10.0.0-rc.2.25466.2">
+    <Dependency Name="Microsoft.NETCore.Runtime.ICU.Transport" Version="10.0.0-rtm.25502.1">
       <Uri>https://github.com/dotnet/icu</Uri>
-      <Sha>4c504bd8f75919cc512c456551f4229847da9e21</Sha>
+      <Sha>a91b254e70decd379d76338b7bb171ee98301aef</Sha>
     </Dependency>
     <Dependency Name="System.ServiceModel.Primitives" Version="4.9.0-rc2.21473.1">
       <Uri>https://github.com/dotnet/wcf</Uri>
@@ -307,21 +307,21 @@
       <Uri>https://github.com/dotnet/dotnet</Uri>
       <Sha>e72b5bbe719d747036ce9c36582a205df9f1c361</Sha>
     </Dependency>
-    <Dependency Name="optimization.windows_nt-x64.MIBC.Runtime" Version="1.0.0-prerelease.25467.1">
+    <Dependency Name="optimization.windows_nt-x64.MIBC.Runtime" Version="1.0.0-prerelease.25502.1">
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-optimization</Uri>
-      <Sha>59dc6a9bf1b3e3ab71c73d94160c2049fb104cd1</Sha>
+      <Sha>71ce9774e9875270b80faaac1d6b60568a80e1fa</Sha>
     </Dependency>
-    <Dependency Name="optimization.windows_nt-x86.MIBC.Runtime" Version="1.0.0-prerelease.25467.1">
+    <Dependency Name="optimization.windows_nt-x86.MIBC.Runtime" Version="1.0.0-prerelease.25502.1">
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-optimization</Uri>
-      <Sha>59dc6a9bf1b3e3ab71c73d94160c2049fb104cd1</Sha>
+      <Sha>71ce9774e9875270b80faaac1d6b60568a80e1fa</Sha>
     </Dependency>
-    <Dependency Name="optimization.linux-x64.MIBC.Runtime" Version="1.0.0-prerelease.25467.1">
+    <Dependency Name="optimization.linux-x64.MIBC.Runtime" Version="1.0.0-prerelease.25502.1">
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-optimization</Uri>
-      <Sha>59dc6a9bf1b3e3ab71c73d94160c2049fb104cd1</Sha>
+      <Sha>71ce9774e9875270b80faaac1d6b60568a80e1fa</Sha>
     </Dependency>
-    <Dependency Name="optimization.PGO.CoreCLR" Version="1.0.0-prerelease.25467.1">
+    <Dependency Name="optimization.PGO.CoreCLR" Version="1.0.0-prerelease.25502.1">
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-optimization</Uri>
-      <Sha>59dc6a9bf1b3e3ab71c73d94160c2049fb104cd1</Sha>
+      <Sha>71ce9774e9875270b80faaac1d6b60568a80e1fa</Sha>
     </Dependency>
     <Dependency Name="Microsoft.DotNet.HotReload.Utils.Generator.BuildTool" Version="10.0.0-alpha.0.25479.2">
       <Uri>https://github.com/dotnet/hotreload-utils</Uri>
@@ -355,13 +355,13 @@
       <Uri>https://github.com/dotnet/dotnet</Uri>
       <Sha>e72b5bbe719d747036ce9c36582a205df9f1c361</Sha>
     </Dependency>
-    <Dependency Name="optimization.windows_nt-arm64.MIBC.Runtime" Version="1.0.0-prerelease.25467.1">
+    <Dependency Name="optimization.windows_nt-arm64.MIBC.Runtime" Version="1.0.0-prerelease.25502.1">
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-optimization</Uri>
-      <Sha>59dc6a9bf1b3e3ab71c73d94160c2049fb104cd1</Sha>
+      <Sha>71ce9774e9875270b80faaac1d6b60568a80e1fa</Sha>
     </Dependency>
-    <Dependency Name="optimization.linux-arm64.MIBC.Runtime" Version="1.0.0-prerelease.25467.1">
+    <Dependency Name="optimization.linux-arm64.MIBC.Runtime" Version="1.0.0-prerelease.25502.1">
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-optimization</Uri>
-      <Sha>59dc6a9bf1b3e3ab71c73d94160c2049fb104cd1</Sha>
+      <Sha>71ce9774e9875270b80faaac1d6b60568a80e1fa</Sha>
     </Dependency>
     <!-- Necessary for source-build. This allows the package to be retrieved from previously-source-built artifacts
          and flow in as dependencies of the packages produced by runtime. -->
diff --git a/src/runtime/src/mono/mono/mini/aot-compiler.c b/src/runtime/src/mono/mono/mini/aot-compiler.c
index 5349e634ed9..9598e9d3f20 100644
--- a/src/runtime/src/mono/mono/mini/aot-compiler.c
+++ b/src/runtime/src/mono/mono/mini/aot-compiler.c
@@ -638,7 +638,7 @@ is_direct_pinvoke_enabled (const MonoAotCompile *acfg)
 
 /* Wrappers around the image writer functions */
 
-#define MAX_SYMBOL_SIZE 256
+#define MAX_SYMBOL_SIZE 1024
 
 #if defined(TARGET_WIN32) && defined(TARGET_X86)
 static const char *
diff --git a/src/source-manifest.json b/src/source-manifest.json
index 9e6b331554a..a988ed957bc 100644
--- a/src/source-manifest.json
+++ b/src/source-manifest.json
@@ -1,10 +1,10 @@
 {
   "repositories": [
     {
-      "barId": 285108,
+      "barId": 286215,
       "path": "arcade",
       "remoteUri": "https://github.com/dotnet/arcade",
-      "commitSha": "e6f510cb87812d56ad781d93ff0513cdcccd0eb4"
+      "commitSha": "7ff6478d902606d65aa33cb8cedc2730e1843fe1"
     },
     {
       "barId": 286219,
@@ -61,10 +61,10 @@
       "commitSha": "dc755eb75a2a1f6a82036588da128eb859d96e8e"
     },
     {
-      "barId": 284434,
+      "barId": 286446,
       "path": "nuget-client",
       "remoteUri": "https://github.com/nuget/nuget.client",
-      "commitSha": "28eeb0947095a716b98b5c34454625708cb3ac76"
+      "commitSha": "5514d935e3e77d90d931758cf9e2589735b905a3"
     },
     {
       "barId": 286084,
@@ -79,10 +79,10 @@
       "commitSha": "23d275e30097136b12a68d1bab4997148361d116"
     },
     {
-      "barId": 285920,
+      "barId": 286218,
       "path": "runtime",
       "remoteUri": "https://github.com/dotnet/runtime",
-      "commitSha": "05a3a9ba8860b076afc88a6bf0d455f2c3b522d3"
+      "commitSha": "d321bc6abef02ed27790e8da3740d253976b9ac6"
     },
     {
       "barId": 277711,