The vulnerable label doesn’t show in the “version” dropdown box of “Browse” tab when searching for vulnerable packages

[CiciLi1]

NuGet Product Used

Visual Studio Package Management UI

Product Version

NuGet Client Dev\6.7.0.51

Worked before?

No response

Impact

It bothers me. A fix would be nice

Repro Steps & Context

Repro Steps:     

1. Create a C# Console App (.NET Core 8.0) project.   

2. Right-click the project in Solution Explorer and select "Manage NuGet Packages…" menu item to open the PM UI.

3. Select the package source: “nuget.org” near the gear button.

4. Go to "Browse" tab, search a package “Newtonsoft.Json” which have vulnerable versions and expand the "Version" drop-down box in the right panel.

Expected:     

The vulnerable label should show in the “version” dropdown box of “Browse” tab when searching for vulnerable packages

Actual:     

The vulnerable label doesn’t show in the “version” dropdown box of “Browse” tab when searching for vulnerable packages below screenshot:

Notes:  

1.The repro rate is 100%.  
2. It doesn’t repro on Dev\6.7.0.50 since the feature changed from Dev\6.7.0.51.
3. It does not repro when no vulnerable packages are searched as below screenshot:

Verbose Logs

No response

[martinrrm]

This is not a bug, what is happening is that Recommended packages (first 5 with a star) use a different search API that brings vulnerabilities for each version and we can display that in the version combobox.

But in the registration search API, this information is not available and we can not display the label in the combobox, when you click a version we query the metadata and then we display the Vulnerability/Deprecation warning.

This behavior is the same for Deprecation.

[martinrrm]

Deprecation:

[jeffkl]

Closing this issue for now as by design.

[martinrrm]

This is actually a bug, this version should be available already. Looks like this is a cache problem