Revert "Pass through the cache context to the vulnerability resource (#…

…5361)" (#5387)
NuGet · Sep 5, 2023 · f5a29ef · f5a29ef
1 parent 46c44c7
commit f5a29ef
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 8 deletions.
diff --git a/src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommandProviders.cs b/src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommandProviders.cs
@@ -39,12 +39,11 @@ public RestoreCommandProviders(
         private static IReadOnlyList<IVulnerabilityInformationProvider> CreateVulnerabilityInfoProviders(IReadOnlyList<IRemoteDependencyProvider> remoteProviders)
         {
             List<IVulnerabilityInformationProvider> providers = new(remoteProviders.Count);
-            using var sourceCacheContext = new SourceCacheContext();
             for (int i = 0; i < remoteProviders.Count; i++)
             {
                 if (remoteProviders[i].SourceRepository != null)
                 {
-                    providers.Add(new VulnerabilityInformationProvider(remoteProviders[i].SourceRepository, sourceCacheContext, NullLogger.Instance));
+                    providers.Add(new VulnerabilityInformationProvider(remoteProviders[i].SourceRepository, NullLogger.Instance));
                 }
             }
             return providers;
@@ -151,7 +150,7 @@ public static RestoreCommandProviders Create(
             var vulnerabilityInfoProviders = new List<IVulnerabilityInformationProvider>(remoteProviders.Count);
             foreach (SourceRepository source in sources)
             {
-                var provider = new VulnerabilityInformationProvider(source, cacheContext, log);
+                var provider = new VulnerabilityInformationProvider(source, log);
                 vulnerabilityInfoProviders.Add(provider);
             }
 

diff --git a/src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommandProvidersCache.cs b/src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommandProvidersCache.cs
@@ -120,7 +120,7 @@ public RestoreCommandProviders GetOrCreate(
             var vulnerabilityInformationProviders = new List<IVulnerabilityInformationProvider>(sources.Count);
             foreach (SourceRepository source in sources)
             {
-                IVulnerabilityInformationProvider provider = _vulnerabilityInformationProviders.GetOrAdd(source, s => new VulnerabilityInformationProvider(s, cacheContext, log));
+                IVulnerabilityInformationProvider provider = _vulnerabilityInformationProviders.GetOrAdd(source, s => new VulnerabilityInformationProvider(s, log));
                 vulnerabilityInformationProviders.Add(provider);
             }
 

diff --git a/src/NuGet.Core/NuGet.Commands/RestoreCommand/VulnerabilityInformationProvider.cs b/src/NuGet.Core/NuGet.Commands/RestoreCommand/VulnerabilityInformationProvider.cs
@@ -15,15 +15,13 @@ namespace NuGet.Commands
     internal sealed class VulnerabilityInformationProvider : IVulnerabilityInformationProvider
     {
         private readonly SourceRepository _source;
-        private readonly SourceCacheContext _sourceCacheContext;
         private readonly ILogger _logger;
 
         private readonly AsyncLazy<GetVulnerabilityInfoResult?> _vulnerabilityInfo;
 
-        public VulnerabilityInformationProvider(SourceRepository source, SourceCacheContext cacheContext, ILogger logger)
+        public VulnerabilityInformationProvider(SourceRepository source, ILogger logger)
         {
             _source = source;
-            _sourceCacheContext = cacheContext;
             _logger = logger;
 
             _vulnerabilityInfo = new AsyncLazy<GetVulnerabilityInfoResult?>(GetVulnerabilityInfoAsync);
@@ -44,7 +42,15 @@ public VulnerabilityInformationProvider(SourceRepository source, SourceCacheCont
                 return null;
             }
 
-            GetVulnerabilityInfoResult result = await vulnerabilityInfoResource.GetVulnerabilityInfoAsync(_sourceCacheContext, _logger, CancellationToken.None);
+            // Don't re-use a SourceCacheContext from whatever triggered this, because installing packages
+            // (and a few other scenarios, look at everything that calls SourceCacheContext.MaxAge's setter)
+            // will ignore the http cache, because it wants to allow newly published packages to be installable.
+            // However, in VS, when a new project template installs packages, we don't want to force a re-download
+            // of the vulnerability data. Firstly, from a customer point of view, it's not necessary. The reason
+            // we bust the cache for package install doesn't apply to vulnerability data. Secondly, it triggers
+            // regressions in VS's performance tests.
+            using SourceCacheContext cacheContext = new();
+            GetVulnerabilityInfoResult result = await vulnerabilityInfoResource.GetVulnerabilityInfoAsync(cacheContext, _logger, CancellationToken.None);
             return result;
         }
     }