Pass through the cache context to the vulnerability resource

src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommandProviders.cs

@@ -39,11 +39,12 @@ public RestoreCommandProviders(
         private static IReadOnlyList<IVulnerabilityInformationProvider> CreateVulnerabilityInfoProviders(IReadOnlyList<IRemoteDependencyProvider> remoteProviders)
         {
             List<IVulnerabilityInformationProvider> providers = new(remoteProviders.Count);
+            using var sourceCacheContext = new SourceCacheContext();
             for (int i = 0; i < remoteProviders.Count; i++)
             {
                 if (remoteProviders[i].SourceRepository != null)
                 {
-                    providers.Add(new VulnerabilityInformationProvider(remoteProviders[i].SourceRepository, NullLogger.Instance));
+                    providers.Add(new VulnerabilityInformationProvider(remoteProviders[i].SourceRepository, sourceCacheContext, NullLogger.Instance));
                 }
             }
             return providers;
@@ -150,7 +151,7 @@ public static RestoreCommandProviders Create(
             var vulnerabilityInfoProviders = new List<IVulnerabilityInformationProvider>(remoteProviders.Count);
             foreach (SourceRepository source in sources)
             {
-                var provider = new VulnerabilityInformationProvider(source, log);
+                var provider = new VulnerabilityInformationProvider(source, cacheContext, log);
                 vulnerabilityInfoProviders.Add(provider);
             }
 

src/NuGet.Core/NuGet.Commands/RestoreCommand/RestoreCommandProvidersCache.cs

@@ -120,7 +120,7 @@ public RestoreCommandProviders GetOrCreate(
             var vulnerabilityInformationProviders = new List<IVulnerabilityInformationProvider>(sources.Count);
             foreach (SourceRepository source in sources)
             {
-                IVulnerabilityInformationProvider provider = _vulnerabilityInformationProviders.GetOrAdd(source, s => new VulnerabilityInformationProvider(s, log));
+                IVulnerabilityInformationProvider provider = _vulnerabilityInformationProviders.GetOrAdd(source, s => new VulnerabilityInformationProvider(s, cacheContext, log));
                 vulnerabilityInformationProviders.Add(provider);
             }
 

src/NuGet.Core/NuGet.Commands/RestoreCommand/Utility/AuditUtility.cs

@@ -399,6 +399,7 @@ private PackageVulnerabilitySeverity ParseAuditLevel()
 
         internal enum NuGetAuditMode { Unknown, Direct, All }
 
+        // Enum parsing and ToString are a magnitude of times slower than a naive implementation. 
         private NuGetAuditMode ParseAuditMode()
         {
             string? auditMode = _restoreAuditProperties.AuditMode?.Trim();
@@ -431,6 +432,7 @@ internal enum EnabledValue
             ExplicitOptOut
         }
 
+        // Enum parsing and ToString are a magnitude of times slower than a naive implementation.
         public static EnabledValue ParseEnableValue(string value)
         {
             if (string.Equals(value, "default", StringComparison.OrdinalIgnoreCase))
@@ -450,6 +452,7 @@ public static EnabledValue ParseEnableValue(string value)
             return EnabledValue.Undefined;
         }
 
+        // Enum parsing and ToString are a magnitude of times slower than a naive implementation.
         internal static string GetString(EnabledValue enableAudit)
         {
             return enableAudit switch
@@ -462,6 +465,7 @@ internal static string GetString(EnabledValue enableAudit)
             };
         }
 
+        // Enum parsing and ToString are a magnitude of times slower than a naive implementation.
         internal static string GetString(NuGetAuditMode auditMode)
         {
             return auditMode switch

src/NuGet.Core/NuGet.Commands/RestoreCommand/VulnerabilityInformationProvider.cs

@@ -15,13 +15,15 @@ namespace NuGet.Commands
     internal sealed class VulnerabilityInformationProvider : IVulnerabilityInformationProvider
     {
         private readonly SourceRepository _source;
+        private readonly SourceCacheContext _sourceCacheContext;
         private readonly ILogger _logger;
 
         private readonly AsyncLazy<GetVulnerabilityInfoResult?> _vulnerabilityInfo;
 
-        public VulnerabilityInformationProvider(SourceRepository source, ILogger logger)
+        public VulnerabilityInformationProvider(SourceRepository source, SourceCacheContext cacheContext, ILogger logger)
         {
             _source = source;
+            _sourceCacheContext = cacheContext;
             _logger = logger;
 
             _vulnerabilityInfo = new AsyncLazy<GetVulnerabilityInfoResult?>(GetVulnerabilityInfoAsync);
@@ -42,8 +44,7 @@ public VulnerabilityInformationProvider(SourceRepository source, ILogger logger)
                 return null;
             }
 
-            using SourceCacheContext cacheContext = new();
-            GetVulnerabilityInfoResult result = await vulnerabilityInfoResource.GetVulnerabilityInfoAsync(cacheContext, _logger, CancellationToken.None);
+            GetVulnerabilityInfoResult result = await vulnerabilityInfoResource.GetVulnerabilityInfoAsync(_sourceCacheContext, _logger, CancellationToken.None);
             return result;
         }
     }