[Feature]: Show which package versions are vulnerable in the VS PMUI package details pane version dropdown

[chrisraygill]

NuGet Product(s) Involved

Visual Studio Package Management UI

The Elevator Pitch

Feature

Surface which versions of a package have a vulnerability in the package details pane version dropdown like we do with deprecated versions.

Design

• When a version only has vulnerabilities, the string should say "(Vulnerable)"
• When a version has a vulnerability and is deprecated, the string should say "(Vulnerable, Deprecated)"
• The string should be surfaced next to vulnerable versions in all project level PMUI tabs including the Browse, Installed, and Updates tabs
• The string should be surfaced next to vulnerable versions in all solution level PMUI tabs including the Browse, Installed, Updates, and Consolidate tabs

Existing behavior for deprecated versions:

Additional Context and Details

Successful release of this feature will require a fix to #11129 to ensure both vulnerability and deprecation strings are correctly shown in the Browse tab.

[chrisraygill]

@anangaur any opinion on if we should show "(Vulnerable, Deprecated)" if a version is both, or only show "(Vulnerable)" since that is the more important element?

[anangaur]

Both IMO

[donnie-msft]

The string should be surfaced next to vulnerable versions in all project level PMUI tabs including the Browse, Installed, and Updates tabs
The string should be surfaced next to vulnerable versions in all solution level PMUI tabs including the Browse, Installed, Updates, and Consolidate tabs

Does this mean the package list, or still talking about the version dropdown? The Details pane and dropdown are the same control on all tabs.