Add .NET 9.0.300 for AuditSources support (#49055)

Author: Nigusu-Allehu

docs/core/tools/dotnet-package-list.md

@@ -122,7 +122,7 @@ The project or solution file to operate on. If not specified, the command search
 - **`--vulnerable`**
 
   Lists packages that have known vulnerabilities. Cannot be combined with `--deprecated` or `--outdated` options.
-  Use the `<AuditSources>` property in your configuration file to specify your source of vulnerability data, which is acquired from the [VulnerabilityInfo](/nuget/api/vulnerability-info) resource.
+  Available starting in **.NET SDK 9.0.300**, this option uses the `<AuditSources>` property in your configuration file to specify your source of vulnerability data, which is acquired from the [VulnerabilityInfo](/nuget/api/vulnerability-info) resource.
   If `<AuditSources>` is not specified, the specified `<PackageSources>` are used to load vulnerability data.
   For more information, see [Audit sources](/nuget/concepts/auditing-packages#audit-sources) and [How to scan NuGet packages for security vulnerabilities](https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/).