[Bug Bash] The warning icon on the right of installed vulnerable package version doesn’t show for the higher version vulnerable package in “Installed” tab of solution-level PM UI before the second refreshing #14151
Assignees
Labels
Found:ManualTests
Functionality:Install
The install command in VS/nuget.exe
Functionality:VisualStudioUI
Package Manager UI et al
Priority:1
High priority issues that must be resolved in the current sprint.
RegressionFromPreviousRTM
A regression from the last RTM. Example: worked in 6.2, doesn't work in 6.3
Style:Packages.Config
Type:Bug
Comments
|
I am able to reproduce the issue following the repro steps mentioned in the issue description. |
kartheekp-ms
added
Functionality:VisualStudioUI
|
@CiciLi1 |
|
Team Triage: Assigning to @martinrrm since we expect this to be a dup. |
|
Oh interesting. Can you check 17.0 and 17.8. Thanks. |
It doesn't repro on D17.8\35911.164 with implicit Dev\6.8.1.2 and D17.0\35911.228 with implict Dev\6.10.2.8. |
jeffkl
added
Priority:1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NuGet Product Used
Visual Studio Package Management UI
Product Version
Dev\6.14.0.49
Worked before?
It’s not a regression since it also reproes on D17.13\35814.105 with implicit Dev\6.13.2.1 (D16.11 doesn't have the feature).
Impact
It bothers me. A fix would be nice
Repro Steps & Context
Repro Steps:
Create a solution with two C# Console App (.NET Framework [latest]) projects (called Project1 & Project2).
Open the solution-level PM UI.
Select the package source: "nuget.org" near the gear button.
Click the “settings” button (top-right of details pane), check "Prompt for format selection on first package install" in General tab and click OK button.
Go to the “Browse" tab and select a vulnerable package (e.g. "Newtonsoft.Json").
Install a vulnerable package version (e.g. 12.0.1) into Project1 and install another vulnerable package version (e.g. 12.0.2) into Project2, both with “packages.config” format.
Go to the “Installed” tab and click the installed package (e.g. "Newtonsoft.Json") in the package list.
Expected:
The warning icon should show on the right of every installed vulnerable package version.
Actual:
The warning icon on the right of installed vulnerable package version doesn’t show for the higher version as below:
Verbose Logs
The text was updated successfully, but these errors were encountered: