Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

  • ProGet license activation automation

    7
    0 Votes
    7 Posts
    24 Views
    F
    @atripp thanks for confirming
  • Game rules for Release! ??

    2
    0 Votes
    2 Posts
    17 Views
    apxltdA
    @Alex_9348 found them! https://s3.amazonaws.com/cdn.inedo.com/release/rules.pdf Enjoy :)
  • getting socket timeout for node-forge npm package

    5
    2
    0 Votes
    5 Posts
    15 Views
    P
    @atripp Ohh, sorry my mistake, changed it to proget, same problem actually. Will check at our end.
  • ENOAUDIT

    3
    1
    0 Votes
    3 Posts
    11 Views
    P
    @atripp Thanks
  • ProGet 2023 - IIS App pool stopping

    16
    0 Votes
    16 Posts
    55 Views
    R
    @stevedennis I swtiched from "V3: Active Directory (LDAP)" to "V4: Active Directory/LDAP (Preview)" and all is good now. Logon went from two/three minutes down to one second.
  • 'Inedo.ProGet.Web.Security.UserNotFoundException' on application startup

    18
    0 Votes
    18 Posts
    66 Views
    rhessingerR
    Hi @Darren-Gipson_6156, No problem! Glad it is working. ProGet 2024.6 will include a fix for this issue, PG-2695. So hopefully this won't happen again! Thanks, Rich
  • 0 Votes
    4 Posts
    4 Views
    C
    I have done more digging and you are right. My windows service wasn't actually pointing to the exe that was updated If i run the updated service, funnily enough it works!
  • 0 Votes
    4 Posts
    12 Views
    stevedennisS
    In that case please just upgrade and it should be resolved :)
  • Deprecating or unlisting all versions

    2
    0 Votes
    2 Posts
    5 Views
    atrippA
    Hi @rick-kramer_9238, You could do this via the API; it would involve first Querying Package Versions, and then for each version returned, Setting Package Status. I think it'd be a "relatively easy" script to write - so if you create one that can do it, please share :) Hope that helps, Alana
  • ProGet 2024 API changes

    2
    0 Votes
    2 Posts
    11 Views
    atrippA
    Hi @forbzie22_0253 , This refers to Delete Package, which was introduced in ProGet 2023: https://docs.inedo.com/docs/proget-api-packages-delete We don't really document/track what Native APIs change between releases, so I'm not really sure: https://docs.inedo.com/docs/proget-api-http#native-api-endpoints You can do a comparison in the /api/reference page. Thanks, Alana
  • 0 Votes
    13 Posts
    46 Views
    P
    @atripp I thought the fix was for Otter !
  • [OTTER]Gitlab Secure Ressource gone

    13
    1
    0 Votes
    13 Posts
    33 Views
    P
    @atripp Thank you for your time and the fix. I can wait for the next release. Best regards PhilippeC.
  • |OTTER] Status filter not working for "any error"

    otter
    4
    3
    0 Votes
    4 Posts
    12 Views
    P
    @atripp Thanks for the update
  • Deleting Debian Packages don't work

    7
    0 Votes
    7 Posts
    15 Views
    ScatiS
    Hi @gdivis, pgutil packages delete --source=scati --feed=stable --package="pacomalarmprocessor" --version=7.2.1.0-1 --qualifier="arch=amd64&component=scati&distro=bionic" It works perfect with that command. Thank you. Keep up the good work.
  • [ProGet] Alpine Feed Connector - Package Caching Broken

    6
    1
    0 Votes
    6 Posts
    29 Views
    gdivisG
    Hi @artur-wisniowski_4029, We'll get this fixed, but it's unlikely to be in this week's release. ProGet hashs the complete package file for every package uploaded to it, while the APK spec says to hash only over a certain tar segment of the package. We've been returning ProGet's hash of the package file as the checksum and this is incorrect as you've noted. We'll post here again when we have a fix date, but I'd expect it will be either next week or the week after. Thanks!
  • ProGet Npm Feed cache

    4
    0 Votes
    4 Posts
    22 Views
    stevedennisS
    Hi @pawel-ostrowski_5669 , ProGet dynamically generates these indexes based on an aggregation of locally stored packages and connector results on each request, so caching doesn't make a lot of sense. npmjs.org, on the other hand, needs to only update indexes when a new version is uploaded, so the cache duration can be a long time. Thanks, Steve
  • Import SBOM

    2
    0 Votes
    2 Posts
    9 Views
    stevedennisS
    Hi @pbinnell_2355 , It looks like you have Windows Integrated Authentication enabled. Curl does not support this, but with powerShell you would need to add -UseDefaultCredentials Thanks, Steve
  • ProGet: Vulnerability scanning of Chocolatey feeds

    2
    0 Votes
    2 Posts
    9 Views
    atrippA
    Hi @am-infrastruktur_3111 , Chocolatey packages are scanned for viruses, so you will see those pop up. For example, pathdebug 0.3.4 should show up in ProGet's vulnerability system: https://security.inedo.com/vulnerability/details/PGV-2420934 Otherwise, there is unfortunately no standardized/consistent naming for Windows software (unlike APK, APT, RPM, etc), so there's no way to associate a vulnerability report like CVE-2024-21392 with a software package. In this case, Microsoft calls the effected software ".NET 8.0", not .NET or dotnet, etc. In Other reports, they call it ".NET8", etc. And you can see that it translates a little weird n the CVE report as well: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392 ".NET 8.0 affected from 1.0.0 before 8.0.3 " - weird, right? This is a known issue in the industry for many years, and it would need to be address by Microsoft first. It's sadly not on their priority list. Best, Alana
  • 0 Votes
    6 Posts
    13 Views
    stevedennisS
    Ultimately this is going to involve training for your developers. Just like instituting a code review process will be new and uncomfortable at first, a package review process will be the same. Developers will not like it and they will complain. However, 99% of the time, developers will be fine using the approved feed. 1% of the time (when they want to test a new package or upgrade), then will use the unapproved feed. They'll just need to learn how to switch package sources (it's a drop-down in Visual Studio) and then learn not commit commit these package references. My advise is to make it incumbent upon developers to not commit code/configuration that depends on unapproved packages. If they do, then it will "break the build" because the packages aren't available. This is an expected behavior - it would be like if a developer decided to upgrade to .NET9-beta. "Don't break the build" is a common mantra on development teams, and it means developers can't commit code changes that will do that. Just extend that to using unapproved packages.
  • GPG error updating Debian repositories

    12
    0 Votes
    12 Posts
    42 Views
    ScatiS
    Fix verified on 2024.2 version. Thank you.
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation