Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Show which package versions are vulnerable in the VS PMUI package details pane version dropdown #11127

Closed
chrisraygill opened this issue Aug 4, 2021 · 4 comments · Fixed by NuGet/NuGet.Client#5185
Closed

[Feature]: Show which package versions are vulnerable in the VS PMUI package details pane version dropdown #11127

chrisraygill opened this issue Aug 4, 2021 · 4 comments · Fixed by NuGet/NuGet.Client#5185
Assignees
@martinrrm
Labels
Product:VS.Client Type:Feature
Milestone
6.7

Comments

@chrisraygill
Copy link
Contributor

chrisraygill commented Aug 4, 2021
edited

NuGet Product(s) Involved

Visual Studio Package Management UI

The Elevator Pitch

Feature

Surface which versions of a package have a vulnerability in the package details pane version dropdown like we do with deprecated versions.

Design

  • When a version only has vulnerabilities, the string should say "(Vulnerable)"
  • When a version has a vulnerability and is deprecated, the string should say "(Vulnerable, Deprecated)"
  • The string should be surfaced next to vulnerable versions in all project level PMUI tabs including the Browse, Installed, and Updates tabs
  • The string should be surfaced next to vulnerable versions in all solution level PMUI tabs including the Browse, Installed, Updates, and Consolidate tabs

image

Existing behavior for deprecated versions:
image

Additional Context and Details

Successful release of this feature will require a fix to #11129 to ensure both vulnerability and deprecation strings are correctly shown in the Browse tab.
@chrisraygill
Copy link
Contributor Author

@anangaur any opinion on if we should show "(Vulnerable, Deprecated)" if a version is both, or only show "(Vulnerable)" since that is the more important element?

@anangaur
Copy link
Member

anangaur commented Aug 4, 2021

Both IMO

@chrisraygill chrisraygill mentioned this issue Aug 4, 2021
Merged
@donnie-msft
Copy link
Contributor

The string should be surfaced next to vulnerable versions in all project level PMUI tabs including the Browse, Installed, and Updates tabs
The string should be surfaced next to vulnerable versions in all solution level PMUI tabs including the Browse, Installed, Updates, and Consolidate tabs

Does this mean the package list, or still talking about the version dropdown? The Details pane and dropdown are the same control on all tabs.

@aortiz-msft aortiz-msft assigned martinrrm and unassigned jebriede and chrisraygill Nov 1, 2021
@martinrrm martinrrm removed this from the Sprint 2021-11 milestone Dec 13, 2021
@donnie-msft donnie-msft mentioned this issue Feb 10, 2022
Closed
@donnie-msft
Copy link
Contributor

I've blocked this on #11410
Chatting with @JonDouglas brought up the point of emphasis: we want to ensure the versions and all vulnerabilities are loaded before rendering this list of versions.

@martinrrm martinrrm removed this from the Sprint 2022-03 milestone Mar 7, 2022
This was referenced Jan 31, 2023
Closed
Open
@martinrrm martinrrm mentioned this issue May 24, 2023
Merged
8 tasks
@nkolev92 nkolev92 added this to the 6.7 milestone Jun 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@martinrrm martinrrm

Labels
Product:VS.Client Type:Feature
Projects
None yet
Milestone
6.7
Development

Successfully merging a pull request may close this issue.

Show Vulnerable label in versions combobox NuGet/NuGet.Client
8 participants
@nkolev92 @erdembayar @jebriede @anangaur @chrisraygill @martinrrm @heng-liu @donnie-msft