Support

• D

  NPM Package name case sensitivity
  • dan.brown_0128  

  10
  0
  Votes
  10
  Posts
  28
  Views

  

  Hi @pbspec2_5732 , The script in the linked gist should fix the problem for you; it's not feasible/possible to try editing in the database directly due to the complexity of the model. https://gist.github.com/apxltd/351d328023c1c32852c30c335952fabb Thanks, Steve
• R

  Vulnerability JQuery Proget 5.2.14
  • r.vanmeurs_4680  

  2
  0
  Votes
  2
  Posts
  5
  Views

  

  Hi @r-vanmeurs_4680 , This is a false positive and you can disregard it; ProGet 5.2 is not impacted by the vulnerability in JQuery for may reasons, including the fact that they vulnerable code is not used and, if it were, ProGet is protected on the server-side from such "attacks". Thanks, Steve
• D

  Proget 2024 SCA Permissions
  • davidroberts63  

  3
  0
  Votes
  3
  Posts
  5
  Views

  D

  Thank you, that did the trick.
• C

  ProGet: Different behavior for build creation
  • caterina  

  8
  0
  Votes
  8
  Posts
  20
  Views

  C

  Hi @atripp, I was able to test the new version of ProGet and there still seems to be a weird behavior. Again I am using my test-project 'BuildStageTest'. I deleted all existing builds to give it a "fresh start". Creating a build via SBOM upload seems to be working fine. This way I created build 1.0.0: As you can see, there are no other builds in my project. If I try to create the same version via "Create Build" you display an error (which is great): But if I try to manually create build 2.0.0 I get the same error even if the build is not existing: I thought that there might be an issue because build 2.0.0 already existed in previous tests. But I deleted all builds as you can see from the ui and the database screenshots above. So I also created a completely new project and tried to manually create builds. But for some versions i do get the error message (I was not able to manually create 1.0.0, 2.0.0, 4.0.0, but some other versions were working just fine): Are you able to reproduce this behavior? Thanks, Caterina
• U

  Proget 2023 - docker manifest problem
  • udi.moshe_0021  

  7
  0
  Votes
  7
  Posts
  12
  Views

  U

  Hi @atripp , found this config. i remember seeing it and left it checked because the description recommended it for registries like microsoft and for some reason i didn't pay attention to this until i figured out that i need to add "library" prefix. thank you very much for all the help.
• F

  ProGet Asset Directory
  • forbzie22_0253  

  2
  0
  Votes
  2
  Posts
  4
  Views

  

  Hi @forbzie22_0253 , That's not exposed in the UI at this time; is there a reason/use case you'd want to use it? it's primarily intended as a kind of backup of sorts. Thanks, Alana
• G

  Inedo.Agents.Ssh.SftpException: SFTP Protocol Error (permission denied) using SSH To Linux (otter)
  • gurdip.sira_1271  

  3
  0
  Votes
  3
  Posts
  6
  Views

  G

  Had to set ownership on the folder on the Linux server, all green now thanks!
• C

  pgutil: PackageLockOnly for npm projects
  • caterina  

  5
  0
  Votes
  5
  Posts
  15
  Views

  

  Hi @caterina, We are working to add this back, but the hold up has been trying to properly document this. Here is our thoughts, but wanted to get your feedback. We are looking to change the parameter name to --do-not-scan-node_modules with a command line description of: Do not scan the node_modules directory when scanning for package-lock.json files What are your thoughts on this? Thanks, Rich
• D

  Projects, builds and SCA.
  • daniel.lundqvist_1790  

  6
  0
  Votes
  6
  Posts
  24
  Views

  

  Hi @daniel-lundqvist_1790 , You can select the edition you'd like to trial within the software itself, under Admin > License Key. Thanks, Alana
• Z

  Package Promotion via API with two restricted feeds
  • zs-dahe  

  2
  0
  Votes
  2
  Posts
  11
  Views

  

  Hi @zs-dahe , The Package Promotion API only be checks for permission against toFeed - you don't need any other permission on the toFeed or fromFeed. As far as more granular permissions, perhaps setting up a Personal Key for like a builds user would do the trick? That'll let you reuse the API Key and set up very granular permissions. We decided not to duplicate that granular permission setting in the API Keys because it's already confusing enough Thanks, Alex
• S

  Support for Winget feed
  features • • sylvain.martel_3976  

  14
  0
  Votes
  14
  Posts
  69
  Views

  

  Thanks for clarifying @matt-lowe! some IT managers are very much stuck on the 'Microsoft' rut and are unable to see past it, no matter the cost and time it adds to most IT management ... TBH the only way I managed to get ProGet installed was for managing PowerShell scripts for a small project and have managed to keep it ticking over with other options. I've definitely heard that... personally I think this is where vendor/sales can really come in and make a difference. Sometimes it's a lot harder to sell things internally... it's not so much about "giving a sales pitch" but more that decision makers can have a different relationship with sales execs. It's one thing to blow off a vendor demo or delay a project... but team morale can get shot if you do that internally, so it's safer to stick to status quo. And of course, sales execs can challenge the status quo in a much more direct way... trying that as an employee might be uncomfortable or feel insubordinate. Anyway this isn't related to WinGet, but we might be able to help with the bigger picture -- might be worth spending 15-20 minutes just talking through it and seeing if there's any paths to go from there. We're seeing a lot of movement on the WinOps/ProGet/Chocolatey in big orgs, so clearly they're getting something over DIY solutions or WinGet. Feel free to shoot a note at the contact form, and we'll take it from there!
• D

  Licensed pacakges showing on Unlicensed Local Packages listing
  • davidroberts63  

  6
  0
  Votes
  6
  Posts
  18
  Views

  

  @davidroberts63 thanks for figuring that one out, that's definitely bug... ... box style was correct, but enabled/disabled text looked at wrong property Easy fix, difficult to spot!
• M

  Buildmaster license on OpenShift
  • marc.ledent_9164  

  2
  0
  Votes
  2
  Posts
  6
  Views

  

  Hi @marc-ledent_9164 , Are you referring to the Machine UID from Manual Activation? I'm not sure what the Machine UID looks like in BuildMaster 7 on Linux, but I do recall that early versions of our products sometimes couldn't generate the string on some hardware. I think that's fixed now. The code is supposed to be based on the CPU (vendor ID, model, family, and stepping info) and the and the major version of the Inedo software (e.g. 5.1, 5.3, 2022, 2023). Thanks, Alana
• 

  Error deleting Debian package from API
  • Scati  

  7
  0
  Votes
  7
  Posts
  21
  Views

  

  Hi @gdivis, I've tried encoding the purl URL, and it works on both Windows and Linux, without having to interchange the distro and component order. However, it's a little strange that NuGet package purls work whether they are encoded or not. Anyway, I'm going to encode the URL in the code. Thank you very much.
• S

  ProGet: Auto package promotion from NuGet mirror?
  • scampbell_8969  

  2
  0
  Votes
  2
  Posts
  6
  Views

  

  Hi @scampbell_8969, ProGet does not have this feature; we've thought about it after some customer discussions in years past, but I don't think anyone's asked about it until now. And it wasn't the right solution for those customers. We concluded it would be kind of complicated to document / configure / troubleshoot, especially once we got into the details and specifics. Here's some of those: A new version could be unwanted, especially after the "Moq Meltdown" from last year Patch versions are probably okay, but new major versions should still be vetted Licenses can (and do) change between versions New versions It's also a vector for malicious update attacks Some kind of filter would be needed to select package for auto-promotion Very few packages get frequent updates, so this doesn't seem like it's solving a big problem Instead we created a "latest version" compliance flag that allows you to flag packages that aren't the latest patch version. We'll see if that's popular. Thanks, Alana
• C

  pgutil: Read product name and version from file
  • caterina  

  4
  0
  Votes
  4
  Posts
  16
  Views

  

  Hi @caterina, We're a bit concerned that this is too specific for your usecase, and we're really struggling documenting it. Instead of doing this, we're thinking it might just make more sense to run (Get-Item 'C:\path\to\file.exe').VersionInfo using PowerShell and export these into variables instead. For Example: $versionInfo = (Get-Item 'C:\path\to\file.exe').VersionInfo $version = if($versionInfo.FileVersion) { $versionInfo.FileVersion} else { $versionInfo.ProductVersion } $productName = $versionInfo.ProductName pgutil builds scan --input=myApplication.csproj --project-name$productName" --version=$version Thanks, Dan
• C

  ProGet: Confusion about behavior of Compliance
  • caterina  

  3
  0
  Votes
  3
  Posts
  12
  Views

  C

  Hi @atripp, thank you for the clarification. I can confirm this behavior. Thank you very much, Caterina
• U

  Proget download timeout when waiting for file to be scanned
  • udi.moshe_0021  

  3
  0
  Votes
  3
  Posts
  12
  Views

  U

  Hi @atripp , thank you for the info and clarification.
• J

  ProGet - License usage overview HTTP 500 for custom licenses
  • jw  

  3
  0
  Votes
  3
  Posts
  11
  Views

  J

  Hi @atripp, We haven't updated the production instance to the version that introduced this feature yet, so nobody breathing down my neck. ;) I'll wait for the official release, but thanks for the offer. Have a nice weekend!
• M

  Problem changing password (integraded authentication)
  • marc.ledent_9164  

  5
  0
  Votes
  5
  Posts
  13
  Views

  M

  I've seen your message yesterday. I will investigate as soon I have the correct environment. Thanks for the help!