Skip to content

Vulnerability InfoBar now has "How to fix with GitHub Copilot" link to NuGet's MCP Server documentation#6959

Merged
donnie-msft merged 5 commits intodevfrom
dev-donnie-msft-actionInfoBarDocs
Nov 21, 2025
Merged

Vulnerability InfoBar now has "How to fix with GitHub Copilot" link to NuGet's MCP Server documentation#6959
donnie-msft merged 5 commits intodevfrom
dev-donnie-msft-actionInfoBarDocs

Conversation

@donnie-msft
Copy link
Contributor

@donnie-msft donnie-msft commented Nov 19, 2025
edited
Loading

Bug

Fixes: https://github.com/NuGet/Client.Engineering/issues/3548
Fixes: NuGet/Home#14680

Description

Adds a "Fix with Copilot" button after the "Manage NuGet Packages" action in the Vulnerability InfoBar shown when a solution is restored that has vulnerable packages.

Currently, this action redirects to https://aka.ms/nugetmcp/auditFix with instructions on how to use the NuGet MCP server to fix vulnerable packages.

Leverages existing navigation telemetry for this action and adds it to the existing action (as it was missing).
The UI lives within the InfoBar, so localization / accessibility testing isn't necessary as these are already tested controls. This PR just adds another action.

image

Alternatives Considered

Pending feedback from VS UX team

Hyperlink Text Options:

“Learn how to Fix with Copilot”
“Learn more”
“Fix with Copilot” (may feel misleading since it points to docs, not an immediate fix)

Separator Between Actions:

Single space: "Manage NuGet Packages" "Learn how to Fix with Copilot"
image

(✅ Currently Implemented)Vertical Bar: "Manage NuGet Packages" | "Learn how to Fix with Copilot"
Parenthesis: "Manage NuGet Packages (Learn how to Fix with Copilot)"
"or": The word "or": "Manage NuGet Packages" or "Learn how to Fix with Copilot"

PR Checklist

  • Meaningful title, helpful description and a linked NuGet/Home issue
  • Added tests for telemetry events
  • Link to an issue or pull request to update docs if this PR changes settings, environment variables, new feature, etc.

@donnie-msft donnie-msft requested a review from a team as a code owner November 19, 2025 02:13
zivkan
zivkan previously approved these changes Nov 19, 2025
View reviewed changes
nkolev92
nkolev92 previously approved these changes Nov 19, 2025
View reviewed changes
Copy link
Member

@nkolev92 nkolev92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We talked offline, I like "OR" or empty space as separators, but the links are probably clear enough.

@donnie-msft donnie-msft requested a review from jeffkl November 20, 2025 01:02
jebriede
jebriede previously approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@jebriede jebriede left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Thanks for implementing this.

A few thoughts:
I agree that it's worth exploring what separator we should have between the Manage NuGet Packages and Learn how to Fix with Copilot links.

Also left a small suggestion to make a helper method for navigating to the URL to keep the OnActionItem code cleaner.

jeffkl
jeffkl reviewed Nov 20, 2025
View reviewed changes
@donnie-msft donnie-msft dismissed stale reviews from jebriede, nkolev92, and zivkan via f0c0e2f November 20, 2025 19:03
@donnie-msft donnie-msft force-pushed the dev-donnie-msft-actionInfoBarDocs branch from 6a4fd89 to f0c0e2f Compare November 20, 2025 19:03
@donnie-msft donnie-msft changed the title Vulnerability InfoBar now has "Fix with Copilot" hyperlink to NuGet's GitHub Copilot docs Vulnerability InfoBar now has "How to fix with GitHub Copilot" link to NuGet's MCP Server docs Nov 20, 2025
jeffkl
jeffkl previously approved these changes Nov 20, 2025
View reviewed changes
@donnie-msft donnie-msft requested a review from jeffkl November 21, 2025 01:32
@donnie-msft donnie-msft enabled auto-merge (squash) November 21, 2025 01:51
@donnie-msft donnie-msft merged commit bf048eb into dev Nov 21, 2025
17 of 18 checks passed
@donnie-msft donnie-msft deleted the dev-donnie-msft-actionInfoBarDocs branch November 21, 2025 03:06
@dotnet-maestro dotnet-maestro bot mentioned this pull request Nov 23, 2025
Merged
donnie-msft added a commit that referenced this pull request Dec 2, 2025
@donnie-msft
Vulnerability InfoBar now has "How to fix with GitHub Copilot" link t…
a1e8bec 
…o NuGet's MCP Server docs (#6959)
@donnie-msft donnie-msft mentioned this pull request Dec 2, 2025
Merged
donnie-msft added a commit that referenced this pull request Dec 4, 2025
@donnie-msft
[7.0.x] Vulnerability InfoBar now has "How to fix with GitHub Copilot…
1281d70 
…" link to NuGet's MCP Server docs (#6959) (#6979)
@donnie-msft donnie-msft changed the title Vulnerability InfoBar now has "How to fix with GitHub Copilot" link to NuGet's MCP Server docs Vulnerability InfoBar now has "How to fix with GitHub Copilot" link to NuGet's MCP Server documentation Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zivkan zivkan zivkan approved these changes

@jebriede jebriede jebriede approved these changes

@jeffkl jeffkl jeffkl approved these changes

@kartheekp-ms kartheekp-ms Awaiting requested review from kartheekp-ms

@nkolev92 nkolev92 Awaiting requested review from nkolev92

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Vulnerability InfoBar in Visual Studio now has "How to fix with GitHub Copilot" link to NuGet's MCP Server documentation

6 participants

@donnie-msft @nkolev92 @zivkan @jebriede @jeffkl @kartheekp-ms