Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Bash] The vulnerability InfoBar disappears in the Solution Explorer window after restoring packages for .NET SDK based project #13318

Open
CiciLi1 opened this issue Mar 14, 2024 · 4 comments
Open

[Bug Bash] The vulnerability InfoBar disappears in the Solution Explorer window after restoring packages for .NET SDK based project #13318

CiciLi1 opened this issue Mar 14, 2024 · 4 comments
Assignees
@nkolev92
Labels
Area:NuGetAudit Category:Quality Week Issues that should be considered for quality week Found:ManualTests Functionality:VisualStudioUI Priority:2 Issues for the current backlog. SeQuality Style:PackageReference Type:Bug

Comments

@CiciLi1
Copy link

CiciLi1 commented Mar 14, 2024

NuGet Product Used

Visual Studio Package Management UI

Product Version

NuGet Client Dev\6.10.0.80

Worked before?

No response

Impact

It bothers me. A fix would be nice

Repro Steps & Context

Repro Steps:   

  1. Create a C# Class Library (.NET Core) -- .NET 8.0 project.

  2. Right-click the project in Solution Explorer and select "Manage NuGet Packages…" menu item to open PM UI.

  3. Select the package source: “nuget.org” near the gear button.

  4. Go to the "Browse" tab and search for a package (e.g. "Newtonsoft.Json").

  5. Select a vulnerable package version (e.g. 12.0.1) and install the package.

  6. Observe the Solution Explorer window, which displays a golden InfoBar.

  7. Right-click the solution node in Solution Explorer window and click "Restore NuGet Packages".

Expected:   

The vulnerability InfoBar should still show on the top of the Solution Explorer window.

Actual:

The vulnerability InfoBar disappears in the Solution Explorer window after restoring packages as below:
vu

Notes:    

  1. The repro rate is 100%.    

  2. This is not a regression since it is a new feature.  

  3. This issue also reproes when building the solution instead of restoring packages in step7.

  4. It doesn’t repro for non-SDK based projects.

Verbose Logs

No response
@nkolev92
Copy link
Member

This is not a regression since it is a new feature.  

@CiciLi1, the vulnerability info bar for PackageReference projects is not new.

Can you please help us understand when this regressed (Check 17.9)

@nkolev92 nkolev92 added the Priority:1 High priority issues that must be resolved in the current sprint. label Mar 14, 2024
@nkolev92 nkolev92 self-assigned this Mar 14, 2024
@CiciLi1
Copy link
Author

CiciLi1 commented Mar 15, 2024

This is not a regression since it is a new feature.

@CiciLi1, the vulnerability info bar for PackageReference projects is not new.

Can you please help us understand when this regressed (Check 17.9)

Hi @nkolev92, this issue doesn't repro on version 17.9.0 Preview 6.0 [34601.282.d17.9] with implicit NuGet Client 6.9.1.3 and version 17.8.8 with implicit NuGet Client 6.8.1.2.

We also verified the issue one by one starting with the NuGet Client Dev\6.10.0.52, which we suspect started with Dev\6.10.0.60 (we couldn't verify it because the build Dev\6.10.0.60 is failed, but the issue didn't repro on NuGet Client Dev\6.10.0.59, and it repro on NuGet Client Dev\6.10.0.62).

@nkolev92 nkolev92 added the Category:Quality Week Issues that should be considered for quality week label Jun 21, 2024
@nkolev92 nkolev92 mentioned this issue Jul 25, 2024
Closed
3 tasks
@nkolev92
Copy link
Member

I have a draft PR: NuGet/NuGet.Client#5935.

The gist is that combining the PC & PR checks leads to a heurustic that's not fully correct, since the PR up to date check tries really hard to avoid performance issues with restore.

@nkolev92 nkolev92 removed the Category:Quality Week Issues that should be considered for quality week label Aug 5, 2024
@SueSu01
Copy link

SueSu01 commented Aug 23, 2024

It still reproes on VS Main\35222.175 + NuGet Client Dev\6.12.0.82.

@nkolev92 nkolev92 added Priority:2 Issues for the current backlog. Category:Quality Week Issues that should be considered for quality week and removed Priority:1 High priority issues that must be resolved in the current sprint. labels Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nkolev92 nkolev92

Labels
Area:NuGetAudit Category:Quality Week Issues that should be considered for quality week Found:ManualTests Functionality:VisualStudioUI Priority:2 Issues for the current backlog. SeQuality Style:PackageReference Type:Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Account for up to date projects when deciding to raise the vulnerability infobar NuGet/NuGet.Client
4 participants
@nkolev92 @martinrrm @CiciLi1 @SueSu01