Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Bash] The warning icon on the right of installed vulnerable package version doesn’t show for the lower version in “Consolidate” tab of solution-level PM UI #14024

Open
v-luzh opened this issue Dec 30, 2024 · 2 comments
Open

[Bug Bash] The warning icon on the right of installed vulnerable package version doesn’t show for the lower version in “Consolidate” tab of solution-level PM UI #14024

v-luzh opened this issue Dec 30, 2024 · 2 comments
Labels
Area:NuGetAudit Found:ManualTests Functionality:VisualStudioUI Priority:2 Issues for the current backlog. Product:VS.Client Type:Bug

Comments

@v-luzh
Copy link

v-luzh commented Dec 30, 2024
edited
Loading

NuGet Product Used

Visual Studio Package Management UI

Product Version

Dev\6.13.0.106

Worked before?

It’s not a regression since it is a new feature.

Impact

It bothers me. A fix would be nice

Repro Steps & Context

Details about problem

NuGet Version: Dev\6.13.0.106
VS Version: Main\35627.41
OS: Windows-11-Enterprise-23H2

Notes:  

1.The repro rate is 100%. 
2.It only shows for the latest version on "Consolidate" tab if there are three projects installed different vulnerable package versions as the screenshot below.
image

Repro Steps:   

1.Create a solution with two C# Console App (.NET [latest]) projects (called Project1 & Project2).
2.Right-click the project in Solution Explorer and select "Manage NuGet Packages for Solution…" menu item to open PM UI.
3.Select the package source: "nuget.org" near the gear button.
4.Go to the “Browse" tab, install a vulnerable package version “Newtonsoft.json 12.0.1” into the Project2.
5.Go to the “Installed” tab, click the installed package (e.g. "Newtonsoft.Json") in the package list and install another vulnerable package version “Newtonsoft.json 12.0.2” into the Project1.
6.Go to the “Consolidate” tab and observe the warning icon on the right of every installed vulnerable package version.

Expected Result:

The warning icon should show on the right of every installed vulnerable package version.

Actual Result:

The warning icon on the right of installed vulnerable package version doesn’t show for the lower version as the screenshot below.
image
@jgonz120
Copy link
Contributor

jgonz120 commented Dec 31, 2024
edited
Loading

I was able to repro. The icon is displayed properly on the installed tab, but it fails on the consolidate tab. The one that isn't displayed is the lowest version, not necessarily the second item in the list.

image

@v-luzh v-luzh changed the title [Bug Bash] The warning icon on the right of installed vulnerable package version doesn’t show for the dependent project in “Consolidate” tab of solution-level PM UI [Bug Bash] The warning icon on the right of installed vulnerable package version doesn’t show for the lower version in “Consolidate” tab of solution-level PM UI Dec 31, 2024
@v-luzh
Copy link
Author

v-luzh commented Dec 31, 2024

I was able to repro. The icon is displayed properly on the installed tab, but it fails on the consolidate tab. The one that isn't displayed is the lowest version, not necessarily the second item in the list.

image

Hi @jgonz120, thanks for your verification. Yes, you are correct, I have updated the bug.

@jeffkl jeffkl added Priority:2 Issues for the current backlog. and removed Triage:NeedsTriageDiscussion labels Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area:NuGetAudit Found:ManualTests Functionality:VisualStudioUI Priority:2 Issues for the current backlog. Product:VS.Client Type:Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jgonz120 @jeffkl @v-luzh