[Bug Bash] The vulnerability InfoBar still displays in the Solution Explorer window after updating a vulnerable package to a non-vulnerable version for a “packages.config” project

[SueSu01]

NuGet Product Used

Visual Studio Package Management UI

Product Version

NuGet Client Dev\6.10.0.80

Worked before?

No response

Impact

It bothers me. A fix would be nice

Repro Steps & Context

1. Create a C# Console App (.NET Framework) project in VS.
2. Right-click the project in Solution Explorer and select "Manage NuGet Packages…" menu item to open PM UI.
3. On Browse tab, search for a vulnerable package (e.g. “NewtsonSoft.Json” -version 12.0.3) and install it with “packages.config” format.
4. Right-click the solution in Solution Explorer window and click "Restore NuGet Packages".
5. A golden InfoBar and a link “Manage NuGet Packages” will show on the top of the Solution Explorer window.
6. Update the package to a non-vulnerable version (the latest version).
7. Right-click the solution in Solution Explorer window and click "Restore NuGet Packages".

Expected:      The vulnerability InfoBar should disappear in the Solution Explorer window.

Actual: The vulnerability InfoBar still displays in the Solution Explorer window as below:

Notes:     1.The repro rate is 100%.   2.This is not a regression since it is a new feature.   3.It doesn't repro on PackageReference project.

Verbose Logs

No response

[nkolev92]

Related to https://github.com/NuGet/Home/issues/12862.

Similar, but probably not the same fix.

[SueSu01]

It still reproes on VS Main\35222.175 + NuGet Client Dev\6.12.0.82.