Vulnerability InfoBar now has "How to fix with GitHub Copilot" link to NuGet's MCP Server docs (#6959)

Author: donnie-msft

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/HyperlinkType.cs

@@ -14,6 +14,7 @@ public enum HyperlinkType
         DeprecationAlternativeDetails,
         DeprecationAlternativePackageItem,
         VulnerabilityAdvisory,
+        VulnerabilityAdvisoryGHCopilotDocs,
         OptionsBlocked,
         OwnerProfile,
         OwnerProfileDetailsPane

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/NavigatedTelemetryEvent.cs

@@ -72,6 +72,28 @@ public static NavigatedTelemetryEvent CreateWithPMUIConfigurePackageSourceMappin
             return navigatedTelemetryEvent;
         }
 
+        /// <summary>
+        /// Navigating from the Vulnerability InfoBar to the Manage Packages dialog.
+        /// </summary>
+        public static NavigatedTelemetryEvent CreateWithVulnerabilityInfoBarManagePackages()
+        {
+            NavigatedTelemetryEvent navigatedTelemetryEvent = new(NavigationType.Button, NavigationOrigin.VulnerabilityInfoBar_ManagePackages);
+            return navigatedTelemetryEvent;
+        }
+
+        /// <summary>
+        /// Navigating an External hyperlink from VS.
+        /// </summary>
+        /// <param name="hyperlinkType">Hyperlink origin</param>
+        public static NavigatedTelemetryEvent CreateWithExternalLink(HyperlinkType hyperlinkType)
+        {
+            NavigatedTelemetryEvent navigatedTelemetryEvent = new(NavigationType.Hyperlink, NavigationOrigin.PMUI_ExternalLink);
+
+            navigatedTelemetryEvent[HyperLinkTypePropertyName] = hyperlinkType;
+
+            return navigatedTelemetryEvent;
+        }
+
         /// <summary>
         /// Navigating an External hyperlink from the PM UI.
         /// </summary>

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/NavigationOrigin.cs

@@ -11,6 +11,7 @@ public enum NavigationOrigin
         Options_PackageSourceMapping_RemoveAll,
         Options_LocalsCommand_ClearAll,
         PMUI_ExternalLink,
-        PMUI_PackageSourceMapping_Configure
+        PMUI_PackageSourceMapping_Configure,
+        VulnerabilityInfoBar_ManagePackages
     }
 }

src/NuGet.Clients/NuGet.SolutionRestoreManager/Resources.Designer.cs

@@ -197,4 +197,7 @@ To prevent NuGet from restoring packages during build, open the Visual Studio Op
     <value>'{0}' items do not have the same value(s) across all target frameworks. Remove any condition from MSBuild files for '{0}' items.</value>
     <comment>{0} - MSBuild item type. For example, NuGetAuditSuppress</comment>
   </data>
-</root>
+  <data name="InfoBar_HyperlinkGHCopilotDocs" xml:space="preserve">
+    <value>How to fix with GitHub Copilot</value>
+  </data>
+</root>

src/NuGet.Clients/NuGet.SolutionRestoreManager/Resources.resx

@@ -11,7 +11,9 @@
 using Microsoft.VisualStudio.Imaging;
 using Microsoft.VisualStudio.Shell;
 using Microsoft.VisualStudio.Shell.Interop;
+using NuGet.Common;
 using NuGet.PackageManagement;
+using NuGet.PackageManagement.Telemetry;
 using NuGet.VisualStudio;
 using NuGet.VisualStudio.Telemetry;
 
@@ -21,19 +23,25 @@ namespace NuGet.SolutionRestoreManager
     [PartCreationPolicy(CreationPolicy.Shared)]
     public class VulnerablePackagesInfoBar : IVulnerabilitiesNotificationService, IVsInfoBarUIEvents
     {
+        private const string LogEntrySource = "NuGet Package Manager";
+
         private IAsyncServiceProvider _asyncServiceProvider = AsyncServiceProvider.GlobalProvider;
         internal IVsInfoBarUIElement? _infoBarUIElement;
         internal bool _infoBarVisible = false; // InfoBar is currently being displayed in the Solution Explorer
         internal bool _wasInfoBarClosed = false; // InfoBar was closed by the user, using the 'x'(close) in the InfoBar
         internal bool _wasInfoBarHidden = false; // InfoBar was hid, this is caused because there are no more vulnerabilities to address
         private uint? _eventCookie; // To hold the connection cookie
+        private InfoBarHyperlink _hyperlinkPmui;
+        private InfoBarHyperlink _hyperlinkGHCopilotDocs;
 
         private Lazy<IPackageManagerLaunchService>? PackageManagerLaunchService { get; }
         private ISolutionManager? SolutionManager { get; }
 
         [ImportingConstructor]
         public VulnerablePackagesInfoBar(ISolutionManager solutionManager, Lazy<IPackageManagerLaunchService> packageManagerLaunchService)
         {
+            _hyperlinkPmui = new InfoBarHyperlink(Resources.InfoBar_HyperlinkMessage);
+            _hyperlinkGHCopilotDocs = new InfoBarHyperlink(Resources.InfoBar_HyperlinkGHCopilotDocs, "https://aka.ms/nugetmcp/auditFix");
             SolutionManager = solutionManager;
             PackageManagerLaunchService = packageManagerLaunchService;
             SolutionManager.SolutionClosed += OnSolutionClosed;
@@ -155,15 +163,43 @@ public void OnClosed(IVsInfoBarUIElement infoBarUIElement)
         public void OnActionItemClicked(IVsInfoBarUIElement infoBarUIElement, IVsInfoBarActionItem actionItem)
         {
             ThreadHelper.ThrowIfNotOnUIThread();
-            PackageManagerLaunchService?.Value.LaunchSolutionPackageManager();
+            if (actionItem != null)
+            {
+                if (actionItem.ActionContext == _hyperlinkGHCopilotDocs.ActionContext)
+                {
+                    LaunchGitHubCopilotDocs();
+                }
+                else
+                {
+                    PackageManagerLaunchService?.Value.LaunchSolutionPackageManager();
+                    var evt = NavigatedTelemetryEvent.CreateWithVulnerabilityInfoBarManagePackages();
+                    TelemetryActivity.EmitTelemetryEvent(evt);
+                }
+            }
+        }
+
+        private void LaunchGitHubCopilotDocs()
+        {
+            try
+            {
+                System.Diagnostics.Process.Start(_hyperlinkGHCopilotDocs.ActionContext);
+                var evt = NavigatedTelemetryEvent.CreateWithExternalLink(HyperlinkType.VulnerabilityAdvisoryGHCopilotDocs);
+                TelemetryActivity.EmitTelemetryEvent(evt);
+            }
+            catch (System.ComponentModel.Win32Exception ex)
+            {
+                ActivityLog.LogError(LogEntrySource, ex.ToString());
+            }
         }
 
         protected InfoBarModel GetInfoBarModel()
         {
             IEnumerable<IVsInfoBarTextSpan> textSpans = new IVsInfoBarTextSpan[]
             {
                 new InfoBarTextSpan(Resources.InfoBar_TextMessage + " "),
-                new InfoBarHyperlink(Resources.InfoBar_HyperlinkMessage)
+                _hyperlinkPmui,
+                new InfoBarTextSpan(" | "),
+                _hyperlinkGHCopilotDocs
             };
 
             return new InfoBarModel(

src/NuGet.Clients/NuGet.SolutionRestoreManager/VulnerablePackagesInfoBar.cs

@@ -22,6 +22,11 @@
         <target state="translated">Balíček {0} {1} nemá přesnou verzi, například [1.0.0]. S PackageDownload se povolují jenom přesné verze.</target>
         <note>0 - The package that does not have an exact version. Do not translate 'PackageDownload'. 1 - the version string that's not exact.</note>
       </trans-unit>
+      <trans-unit id="InfoBar_HyperlinkGHCopilotDocs">
+        <source>How to fix with GitHub Copilot</source>
+        <target state="new">How to fix with GitHub Copilot</target>
+        <note />
+      </trans-unit>
       <trans-unit id="InfoBar_HyperlinkMessage">
         <source>Manage NuGet Packages</source>
         <target state="translated">Spravovat balíčky NuGet</target>

src/NuGet.Clients/NuGet.SolutionRestoreManager/xlf/Resources.cs.xlf

@@ -22,6 +22,11 @@
         <target state="translated">Das Paket "{0} {1}" weist keine genaue Version wie "[1.0.0]" auf. Nur exakte Versionen sind bei PackageDownload zulässig.</target>
         <note>0 - The package that does not have an exact version. Do not translate 'PackageDownload'. 1 - the version string that's not exact.</note>
       </trans-unit>
+      <trans-unit id="InfoBar_HyperlinkGHCopilotDocs">
+        <source>How to fix with GitHub Copilot</source>
+        <target state="new">How to fix with GitHub Copilot</target>
+        <note />
+      </trans-unit>
       <trans-unit id="InfoBar_HyperlinkMessage">
         <source>Manage NuGet Packages</source>
         <target state="translated">NuGet-Pakete verwalten</target>

src/NuGet.Clients/NuGet.SolutionRestoreManager/xlf/Resources.de.xlf

@@ -22,6 +22,11 @@
         <target state="translated">El paquete "{0} {1}" no tiene una versión exacta, como "[1.0.0]". Solo se permiten versiones exactas con PackageDownload.</target>
         <note>0 - The package that does not have an exact version. Do not translate 'PackageDownload'. 1 - the version string that's not exact.</note>
       </trans-unit>
+      <trans-unit id="InfoBar_HyperlinkGHCopilotDocs">
+        <source>How to fix with GitHub Copilot</source>
+        <target state="new">How to fix with GitHub Copilot</target>
+        <note />
+      </trans-unit>
       <trans-unit id="InfoBar_HyperlinkMessage">
         <source>Manage NuGet Packages</source>
         <target state="translated">Administración de paquetes NuGet</target>

src/NuGet.Clients/NuGet.SolutionRestoreManager/xlf/Resources.es.xlf

@@ -22,6 +22,11 @@
         <target state="translated">Le paquet '{0}' {1} n’a pas de version exacte comme '[1.0.0]'. Seules les versions exactes sont autorisées avec PackageDownload.</target>
         <note>0 - The package that does not have an exact version. Do not translate 'PackageDownload'. 1 - the version string that's not exact.</note>
       </trans-unit>
+      <trans-unit id="InfoBar_HyperlinkGHCopilotDocs">
+        <source>How to fix with GitHub Copilot</source>
+        <target state="new">How to fix with GitHub Copilot</target>
+        <note />
+      </trans-unit>
       <trans-unit id="InfoBar_HyperlinkMessage">
         <source>Manage NuGet Packages</source>
         <target state="translated">Gérer les packages NuGet</target>