I repackaged the Owin package but didn't relalize that that would break all my builds as the dll's are now in a 1.0.0 folder where all the project files expect them in the 1.0 folder.
I guess this would work if the projects are in sdk project format but most of them are not.
Hi,
In one of our older products we use angular 1.8.3.
Proget reports
This package has no known security vulnerabilities.
but npm audit reports
angular *
Severity: high
angular vulnerable to regular expression denial of service (ReDoS) - https://github.com/advisories/GHSA-m2h2-264f-f486
Angular (deprecated package) Cross-site Scripting - https://github.com/advisories/GHSA-prc3-vjfx-vhm9
angular vulnerable to regular expression denial of service via the angular.copy() utility - https://github.com/advisories/GHSA-2vrf-hf26-jrp5
angular vulnerable to regular expression denial of service via the $resource service - https://github.com/advisories/GHSA-2qqx-w9hr-q5gx
angular vulnerable to regular expression denial of service via the <input type="url"> element - https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
angular vulnerable to super-linear runtime due to backtracking - https://github.com/advisories/GHSA-4w4v-5hc9-xrr2
fix available via `npm audit fix --force`
Will install angular@1.6.10, which is a breaking change
node_modules/angular
1 high severity vulnerability
Hi,
I clicked most builds but just can't find it.
Recently we deleted all projects and started anew using fullbuild numbers as SBOMS's started to accumulate for our quarterly releases. (not all projects have been changed yet though)
Anyway I uploaded ProGetVicrea.zip
Thanks for having a look.
Valentijn
We are using Version 2024.11 (Build 10)
In this screen it reports that a non-compliant license is in use in active releases.
But how can i find out which one and where?
We have dozens of projects and hundreds of builds but i can't seem the find it
I did a "Pull to ProGet" and ran analyze again and now the warning is gone.
Downloading the package did not help.
I'm pretty sure it was already in the cache, we clean the nuget cache on our buildservers weekly and everything is downloaded through Proget. The package downloads section shows the downloads.
There are a number of packages that show up with a compliance warning like this one
But when I look at the package it says everyting is ok
Thanks I made a backup and ran the script and it did clean up quite a few rows.
I'll try upgrading to 2024 again next week after we released :)
Strange that you can't see VicreaNeuronGegevensmagazijnContracts, I can't find bootstrap.less