@stevedennis Thanks for the reply. I understand that these packages aren't in my feed and are displayed from PSGallery.
PSGallery contains thousands of packages. Why are just these two packages displayed?
Neither package has been downloaded and caching is disabled. I would expect to only see the packages I have added to the feed. This was true in previous versions of ProGet.
This just seems odd to me.
I'll take a look at filtering.
Thanks for the suggestion.
When I create a PowerShell feed with a PSGallery connector it always shows two packages.
0004-New-AzureRmVmAvailabilitySetPsg and 0install.
There doesn't appear to be anyway to remove these packages.
Is there a way to fix this?
Hi,
An internal security scan has flagged the ProGet website as running a vulnerable version of JQuery.
Do you have plans to upgrade the version of jQuery used in ProGet?
If so, can you share when this might be released?
This is the URL that is being reported https://<server>/resources/InedoLib/jquery-1.11.3.min.js?900.0.0.20
The CVE for this vulnerability is:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
This page details the issue, the mitigation, and any issues that may be caused.
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Thanks,