Support

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Support

A

ProGet pnpm audit reports no vulnerabilities
• Ashley

2

0
Votes

2
Posts

6
Views

Hi @Ashley , Thanks for the detailed information. I haven't set up an npm/pnpm environment to test this, but I wanted to share a few thoughts, and see if you can test something. I doubt the encoding is an issue. Idea 1: Different API Endpoints There are two vulnerability APIs, and I think one is kind of deprecated? Anyway ProGet has never implemented that one. If you haven't already, I'd make sure pnpm is calling the same endpoint. Idea 2: Null Severity In the example you provided, severity is only set on one of the three items. If this is the problem, then it would mean that pnpm is erroring when processing the resultset. This will be trivial to verify: can you (temporarily) override the assessment of PGV-262413Y and PGV-262413X to be Contain? Then, run it again. You should see a "critical" serverity in the results then. That being said, this is a bug. These vulnerabilities should be suppressed and not show up in the results at all; we'll fix that via PG-3317. Idea 3: Nonnumeric Id The other possibility; ProGet is using a string identifier, but npm is using an integer identifier. I suspect that npm used to do CVEs that field, but who knows. None of this is documented. I'm not really sure how how test this without some kind of proxy/MITM interception, or reverse-engineering their source code. Maybe this is a GitHub issue on the pnpm repository? Thanks, Steve
J

Cargo package metadata not parsing correctly causing builds to fail
proget cargo • • joris.guex

1

0
Votes

1
Posts

4
Views

No one has replied
N

ProGet: implement Policies & Blocking support for Container feeds
• Nils Nilsson

7

0
Votes

7
Posts

57
Views

N

@gdivis Hello! I've tested containers audit a little bit and it seems to work well at first glance. I could easily differentiate between a vulnerable image and one with no vulnerabilities, both from output and exit code. Thank you for your work! :) // Nils
J

Block recently published - Metadata filter ?
• jens.viebig_4541

4

1
Votes

4
Posts

28
Views

@jens-viebig_4541 ooh good catch! That guidance is outdated as of ProGet 2026, where we no longer recommend/default to blocking Noncompliant packages. We should rewrite/republish the article to be more focused on guidance, update the screenshots, etc. I'll add that to the list.
S

"Invalid scheduled job type:" (blank) in Update Checker Scheduled Job Dispatcher after 2025 → 2026 upgrade
• svc-4x9p2a_6341

2

0
Votes

2
Posts

6
Views

Hi @svc-4x9p2a_6341 , This is known issue and will be addressed via PG-3309 in the next maintenance release. You can just ignore the messages for the time being, it only happens like once a week or so.... I wouldn't modify the database either. Thanks, Steve
M

ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support
• mhelp_5176

4

0
Votes

4
Posts

10
Views

Hi @mhelp_5176, Connecting to the embedded database requires local access to the ProGet server. Once an attacker has that, then they already have full access to the database, as it's stored as files on disk... basically it's the equivalent of storing the safe key inside of the safe :) As such. it doesn't make sense for us to add complexity to the product to support changing a password that's already secured. Thanks, Steve
P

User gets 500 error if you delete a logged in user
• pg_user_8607

4

0
Votes

4
Posts

16
Views

Hello, Thanks for reporting this; this behavior is by design. ProGet uses authentication tickets (i.e. encrypted cookies). If the username on a valid ticket cannot be located in the user directory, then a "user not found" error will occur, as it did here. This errant behavior is generally desired for troubleshooting cases where users are intermittently not available from a user directory. Otherwise it's very difficult to troubleshoot, since it will just appear as a random log-out. Thanks, Steve
D

PostgreSQL DB Location
• david.williams_3389

5

0
Votes

5
Posts

19
Views

Hi @mhelp_5176, Not at this time; this would add complexity to the software and installation, so we're hesitant to give an option to configure this path without a compelling technical benefit. Given your requirements, perhaps they should just configure the %ProgramData% folder to be on a different drive? Many Windows programs use that location for data like this. Or perhaps configure a junction (soft link). Thanks, Alana
Add Documentation for Chocolatey Proxy feeds
• steviecoaster

11

0
Votes

11
Posts

33
Views

Hi @imm0rtalsupp0rt , We've published a version of the article now: https://docs.inedo.com/docs/proget/feeds/chocolatey/howto-chocolatey-proxyccr Let us know your thoughts or freel free to submit a PR should have have any suggestions! Thanks, Alex
N

[feature] ProGet: Send test notifications from 'Notifiers & Webhooks'
• Nils Nilsson

6

1
Votes

6
Posts

20
Views

@sigurd-hansen_7559 wow very cool! We didn't anticipate anyone would customize these templates beyond adding a variable or two, so it it didn't seem to make a lot of sense to invest in a proper editor (like we have in the other products) Anyway, it'd be interesting to see what kind of templates you develop.
A

Support for Azure Key Vault references in Connector credentials
• alkhleif_2585

2

0
Votes

2
Posts

4
Views

Hi @alkhleif_2585 , There isn't much demand for this kind of feature (I think we've only seen one or two requests for this over very many years) so it's not on our roadmap. And it's unlikely we will add it to the roadmap considering that it would be quite costly to build, support, and maintain. Especially considering that we'd need to support all of the major "vaults" out there as well. It doesn't seem to add much value to ProGet as these types of read-only credentials can be very long living (several years) without any security risk, and take just a few minutes to rotate when needed. That being said, you could probably write a "sync script" pretty easily that continuously updates the connector credentials by connecting to the vault and then updating it via the API. Cheers, Steve
J

Cargo feed returning 500 Internal Server Error
proget error 500 cargo • • joris.guex

3

0
Votes

3
Posts

19
Views

J

Hi @atripp, We have now updated to ProGet 2026.3 and can confirm this is now working as expected. Thank you for your prompt help.
V

Issue with Composer Connector: ProGet blocks non-standard version names from Packagist
• vdubrovskyi_1854

2

0
Votes

2
Posts

10
Views

Hi @vdubrovskyi_1854 , Without knowing which specific package you're referring to, it's hard to give a more specific example. Historically, Packagist was effectively a database of "GitHub Repository pointers" and Composer was effectively just a wrapper around the Git client. They can both still operate in that mode, and needs to for older, non-standard packages. I suspect that's the type of package you're referring to here. ProGet's Composer feeds work with "packages" (i.e. not the GitHub pointers), which account for nearly all of the modern packages on Packagist.org. For the small number of packages that don't follow the standard (mostly older, legacy packages), you'll need to download them, properly package them, and then upload them to follow the standard. Unfortunately there's no technically feasible/sensible way to solve this problem - since it would require ProGet to serve as a GitHub pointer database, which just doesn't make sense. Cheers, Steve
Unable to login with Active Directory with Proget 2026.1
• aristo_4359

7

0
Votes

7
Posts

44
Views

@pg_user_8607 Given the fix is about searching in AD I think the pull request is indeed related, as there is no other error I can find other than unable to find the user(s) in the User Directories Test.
After upgrading to 2026 https no longer works
• Valentijn

5

1
Votes

5
Posts

42
Views

Hi, I was on a short vacation but today I upgraded to 2026.3 (build 14) without any problems. This probably fixed it: PG-3299 2026.3 FIX: Hostname based binding fails when hosting on Windows with HTTP.SYS Kind regards, Valentijn
B

Scheduled Task is failing due to invalid script identifier
• brandon_owensby_2976

3

0
Votes

3
Posts

23
Views

B

Hi Alana, Just wanted to let you know that restarting the service did fix the issue. Thank you for the suggestion. Brandon
A

Malformed upload-time (2-digit fractional seconds) breaks pip ≥ 25.3 on Python 3.10
• appplat_4310

3

0
Votes

3
Posts

18
Views

A

Hi @gdivis , thanks for the quick turnaround. Everything is working as expected with the new version. Cheers
0

PEP 700 conformance for PyPI feeds
• 0xFFFFFFFF

13

0
Votes

13
Posts

100
Views

@Ashley thanks for letting us know!
B

Git Repository Monitor - Create build when a PR is created/updated
• brandon_owensby_2976

7

0
Votes

7
Posts

25
Views

Hi @brandon_owensby_2976 , Thanks for the feedback, we appreciate it :) There's definitely a value in building before merging; if you haven't already, I'd check out that feature branch article, as it outlines the pattern we use for it. In general, the way I would try to configure is: consider using a releaseless-build if you don't yet know the release it's targeting use a different piepline so it's visually clear; the stages may be Build -> Test -> Merge clean up the builds aftewards That said, this isn't the most popular workflow in BuildMaster, so it may not be the most intuitive to implement or feel a bit clunky. We don't have a lot of public examples, but the inedo-docs application is the closest to a Gitflow, releaseless type of workflow. Commits to master branch auto-deploy to live site, where as branches can only go to test: https://buildmaster.inedo.com/applications/136/overview No idea if that's helpful, but just FYI Cheers, Alana
B

BuildMaster - api/json/SecureResource_GetSecureResources fails with 500 Internal Server Error
• brandon_owensby_2976

2

0
Votes

2
Posts

11
Views

Hi @brandon_owensby_2976 , Looks like this is a regression in BuildMaster 2025 from a library upgrade; we will address it via BM-4017 in an upcoming release, either this Friday or the following cycle. Thanks, Alana

1 / 228

Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation

ProGet pnpm audit reports no vulnerabilities • Ashley

Cargo package metadata not parsing correctly causing builds to fail proget cargo • • joris.guex

ProGet: implement Policies & Blocking support for Container feeds • Nils Nilsson

Block recently published - Metadata filter ? • jens.viebig_4541

"Invalid scheduled job type:" (blank) in Update Checker Scheduled Job Dispatcher after 2025 → 2026 upgrade • svc-4x9p2a_6341

ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support • mhelp_5176

User gets 500 error if you delete a logged in user • pg_user_8607

PostgreSQL DB Location • david.williams_3389

Add Documentation for Chocolatey Proxy feeds • steviecoaster

[feature] ProGet: Send test notifications from 'Notifiers & Webhooks' • Nils Nilsson

Support for Azure Key Vault references in Connector credentials • alkhleif_2585

Cargo feed returning 500 Internal Server Error proget error 500 cargo • • joris.guex

Issue with Composer Connector: ProGet blocks non-standard version names from Packagist • vdubrovskyi_1854

Unable to login with Active Directory with Proget 2026.1 • aristo_4359

After upgrading to 2026 https no longer works • Valentijn

Scheduled Task is failing due to invalid script identifier • brandon_owensby_2976

Malformed upload-time (2-digit fractional seconds) breaks pip ≥ 25.3 on Python 3.10 • appplat_4310

PEP 700 conformance for PyPI feeds • 0xFFFFFFFF

Git Repository Monitor - Create build when a PR is created/updated • brandon_owensby_2976

BuildMaster - api/json/SecureResource_GetSecureResources fails with 500 Internal Server Error • brandon_owensby_2976

ProGet pnpm audit reports no vulnerabilities
• Ashley

Cargo package metadata not parsing correctly causing builds to fail
proget cargo • • joris.guex

ProGet: implement Policies & Blocking support for Container feeds
• Nils Nilsson

Block recently published - Metadata filter ?
• jens.viebig_4541

"Invalid scheduled job type:" (blank) in Update Checker Scheduled Job Dispatcher after 2025 → 2026 upgrade
• svc-4x9p2a_6341

ProGet 2026/PostgreSQL (Embedded) Group Managed Service Account Support
• mhelp_5176

User gets 500 error if you delete a logged in user
• pg_user_8607

PostgreSQL DB Location
• david.williams_3389

Add Documentation for Chocolatey Proxy feeds
• steviecoaster

[feature] ProGet: Send test notifications from 'Notifiers & Webhooks'
• Nils Nilsson

Support for Azure Key Vault references in Connector credentials
• alkhleif_2585

Cargo feed returning 500 Internal Server Error
proget error 500 cargo • • joris.guex

Issue with Composer Connector: ProGet blocks non-standard version names from Packagist
• vdubrovskyi_1854

Unable to login with Active Directory with Proget 2026.1
• aristo_4359

After upgrading to 2026 https no longer works
• Valentijn

Scheduled Task is failing due to invalid script identifier
• brandon_owensby_2976

Malformed upload-time (2-digit fractional seconds) breaks pip ≥ 25.3 on Python 3.10
• appplat_4310

PEP 700 conformance for PyPI feeds
• 0xFFFFFFFF

Git Repository Monitor - Create build when a PR is created/updated
• brandon_owensby_2976

BuildMaster - api/json/SecureResource_GetSecureResources fails with 500 Internal Server Error
• brandon_owensby_2976