Navigation

    Inedo Community Forums

    Forums
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. davi.morris_9177
    D
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    davi.morris_9177

    @davi.morris_9177

    0
    Reputation
    3
    Posts
    1
    Profile views
    0
    Followers
    0
    Following
    Joined Last Online
    davi.morris_9177 Follow

    Best posts made by davi.morris_9177

    This user hasn't posted anything yet.

    Latest posts made by davi.morris_9177

    • Maven packages not including JAR files in ProGet

      Using ProGet Version 2025.24 (Build 7)

      After creating a connector maven central and running the indexing scheduled tasks, many Maven packages do not list the main jar file in the list of files that are included with the package.

      It appears that this is maybe happening if the pom file does not explicitly have a packaging element with a value of "jar".

      An example is shown in the image below, but this behaviour is seen with many packages.

      The main jar file kotlin-stdlib-2.3.20.jar is not listed.

      If you request this file directly it will be downloaded and then appear in the list of files.

      This means that if you attempt to promote a package from a feed with an external connector to a curated feed without directly requesting the jar file first, the jar will not be promoted and the package will not work from the curated feed.

      Is the behaviour that we are seeing intended or do we have something configured incorrectly?

      e09f25bd-3129-43bb-9955-93acc24db736-image.png

      posted in Support
      D
      davi.morris_9177
    • Vulnerability checking on Maven packages

      Currently running Version 2025.17 (Build 20) of ProGet.

      Do we have something configured wrong, or does the vulnerability checking not work well for maven packages and the weird version sorting that these use?

      For example, if I look at version 2.21.0 for com.fasterxml.jackson.core:jackson-databind, it shows a huge list of vulnerabilities for this version, but the vulnerability details show that these vulnerabilities are for versions that are older than 2.21.0.

      2.21.0 doesn't seem to have any vulnerabilities itself, but due to the version sorting it seems to be getting associated with lots of old vulnerabilities.

      Is there any way for us to resolve this issue, or is the vulnerability checking basically unusable for these maven packages?

      921f54f2-ea53-47c9-8f54-34f4973c9eb6-image.png

      posted in Support
      D
      davi.morris_9177
    • pgutil packages promote for pypi feeds

      When promoting files between pypi feeds, is the option to promote a single file actually supported?

      The help documentation for the pgutil command "packages promote" provides the following example:

      pgutil packages promote --feed=private-pypi --to-feed=public-pypi --package=Django --version=5.0.6 --filename=Django-5.0.6.tar.gz

      However, when including the filename in a call, it responds that filename was an unexpected argument.

      posted in Support
      D
      davi.morris_9177