Right-click the project in Solution Explorer and select "Manage NuGet Packages…" menu item to open PM UI.
Select the package source: “nuget.org” near the gear button.
Go to the "Browse" tab and search for a vulnerable package (e.g. "Newtonsoft.Json").
Select a vulnerable package version (e.g. 12.0.1) and click the “Install” button on the right.
Right-click the solution in Solution Explorer window and add a new project.
Expected:
The golden InfoBar and the link “Manage NuGet Packages” still show on the top of the Solution Explorer window since the message is “The solution contains package with vulnerabilities”.
Actual:
The vulnerability InfoBar in the Solution Explorer disappears when adding a new project as below:
Note:
The repro rate is 100%.
This is not a regression, since it is a new feature change.
NuGet Product Used
Visual Studio Package Management UI
Product Version
NuGet Client Dev\6.8.0.115
Worked before?
No response
Impact
It bothers me. A fix would be nice
Repro Steps & Context
Repro Steps:
Create a C# Console App (.Net core) project.
Right-click the project in Solution Explorer and select "Manage NuGet Packages…" menu item to open PM UI.
Select the package source: “nuget.org” near the gear button.
Go to the "Browse" tab and search for a vulnerable package (e.g. "Newtonsoft.Json").
Select a vulnerable package version (e.g. 12.0.1) and click the “Install” button on the right.
Right-click the solution in Solution Explorer window and add a new project.
Expected:
The golden InfoBar and the link “Manage NuGet Packages” still show on the top of the Solution Explorer window since the message is “The solution contains package with vulnerabilities”.
Actual:
The vulnerability InfoBar in the Solution Explorer disappears when adding a new project as below:
Note:
The repro rate is 100%.
This is not a regression, since it is a new feature change.
Verbose Logs
No response