Hi,
We just upgraded to 2026.2 and it looks good, thanks for getting the update out so quick!
A
Ashley
@Ashley
1
Reputation
18
Posts
2
Profile views
0
Followers
0
Following
Best posts made by Ashley
-
RE: PEP 700 conformance for PyPI feedsposted in Support
Latest posts made by Ashley
-
RE: PEP 700 conformance for PyPI feedsposted in Support
Hi,
We just upgraded to 2026.2 and it looks good, thanks for getting the update out so quick!
-
RE: PEP 700 conformance for PyPI feedsposted in Support
Hi Alana,
Thanks for investigating! Is the maintenance release this Friday or the week after?
-
RE: PEP 700 conformance for PyPI feedsposted in Support
Hi @stevedennis
I upgraded our dev server to 2026.1 and we are still having issues with the upload-time property. It appears that ProGet will only add the upload-time property when the package has been pulled to ProGet, i.e. not present for remotes.
2026.1 (Build 14):
Request:$rawBytes = (Invoke-WebRequest http://proget-server/pypi/pypi-public/simple/ty -Headers @{ "Accept" = "application/vnd.pypi.simple.v1+json" }).content [System.Text.Encoding]::UTF8.GetString($rawBytes) | Out-File "c:\test.json"Response:
{ "meta": { "api-version": "1.1" }, "name": "ty", "versions": [ "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.22", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", "0.0.23", ... //Excluded for brevity "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39", "0.0.39" ], "files": [ { "filename": "ty-0.0.22.tar.gz", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.22/ty-0.0.22.tar.gz", "requires-python": ">=3.8", "size": 5333861, "upload-time": "2026-05-25T08:36:56.833Z", "hashes": { "md5": "4771ed89add13f88713a6db3875afc5c", "sha1": "1ea16ea77d71ced631d577066855c9ca2bc8d498", "sha256": "391fc4d3a543950341b750d7f4aa94866a73e7cdbf3e9e4e4e8cfc8b7bef4f10", "sha512": "4e1b256aae7d7ae6f5349cd865e03d13c00f6e64183a8c06e6d22438aef6f771aa84da80bd27c280cb3b378c6887c77e559b25ea6366823dfd2629808af1364c" } }, { "filename": "ty-0.0.22-py3-none-linux_armv6l.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.22/ty-0.0.22-py3-none-linux_armv6l.whl", "requires-python": ">=3.8", "size": 10328232, "upload-time": "2026-05-25T08:36:26.603Z", "core-metadata": { "sha256": "91b9b58596f18ff672976d7f04dcab28e9b5ada579303470779c7e2a3be0d131" }, "hashes": { "md5": "bcfc8be7ece186f373fa0f1c43d4ba31", "sha1": "04bb25267d898b6cb4b2586e14639f85820b2fe9", "sha256": "03d37220d81016cb9d2a9c9ec11704d84f2df838f1dbf1296d91ea7fba57f8b5", "sha512": "b79e054a90040dc6624f5556dd7444f50a3ad3ffd2d7b64f758a5a69b376e92dc246428599df78d9995c86207bb697eddbf2386898a1f61c50cbee8e71384de8" } }, ... //Excluded for brevity { "filename": "ty-0.0.23.tar.gz", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.23/ty-0.0.23.tar.gz", "requires-python": ">=3.8", "size": 5341461, "upload-time": "2026-03-13T12:34:23Z", "hashes": { "md5": "c220bcee84ca26a01a2479388d4ad7af", "sha1": "75dd14d7fcbd3f56313886a1b46c23481930bc76", "sha256": "5fb05db58f202af366f80ef70f806e48f5237807fe424ec787c9f289e3f3a4ef", "sha512": "1dcd3d9a55d0734db1b1335f89db36b3b70d0c77112ad667dc24d556c5e122b6d8b0fced5fc19b99a292bbd98ab0ec0a92aebfe50047e37d627ad3442b2b2ef1" } }, { "filename": "ty-0.0.23-py3-none-linux_armv6l.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.23/ty-0.0.23-py3-none-linux_armv6l.whl", "requires-python": ">=3.8", "size": 10329096, "upload-time": "2026-03-13T12:34:09Z", "core-metadata": { "sha256": "6367da298c587b4db7c8709f079114d1dbbc9f748735deefb4179e295b7a1bb2" }, "hashes": { "md5": "62bc86fe02c8109ab3a619b2b5196fa2", "sha1": "dedbdef7ad32e50890f667cd2e8ae2a64ef28625", "sha256": "e810eef1a5f1cfc0731a58af8d2f334906a96835829767aed00026f1334a8dd7", "sha512": "b615aaa871792d14c9ad725ed54c9749976da032eaf19e278787094308ab9ca7438c4d3e4ae46132b783d43a8e6fcf4643b0b9b9cf4450e181edb126e13493ec" } }, ... //Excluded for brevity { "filename": "ty-0.0.39-py3-none-linux_armv6l.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-linux_armv6l.whl", "requires-python": ">=3.8", "size": 11360431, "hashes": { "sha256": "c1bb7ac70f1f7d70cc6655fd96558039e4562b10f489fa49c7ebfd5fcee73ad1" } }, { "filename": "ty-0.0.39-py3-none-macosx_10_12_x86_64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-macosx_10_12_x86_64.whl", "requires-python": ">=3.8", "size": 11096281, "hashes": { "sha256": "3435b64c1e59c14c9aa39c20cc018823937cd38d55db853e74d95b8f420569b0" } }, { "filename": "ty-0.0.39-py3-none-macosx_11_0_arm64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-macosx_11_0_arm64.whl", "requires-python": ">=3.8", "size": 10529674, "hashes": { "sha256": "5f136377ce46c73677701a9e1ad730bf72f699bcec046e422eb79d0886cac3ab" } }, { "filename": "ty-0.0.39-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", "requires-python": ">=3.8", "size": 11055561, "hashes": { "sha256": "36b65fb0cc17f03e851d40e210d420be94ab8bc52d041328ad1e45f616036a61" } }, { "filename": "ty-0.0.39-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", "requires-python": ">=3.8", "size": 11127185, "hashes": { "sha256": "4967967bfadf3860ff84c3fccdbaec8edf8aa20d0d727521084733d853de6657" } }, { "filename": "ty-0.0.39-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", "requires-python": ">=3.8", "size": 11608459, "hashes": { "sha256": "9e10ecb1297099ddf9a1f054f8bd921d1863ce85fb819a3c96ed27865a1ba6ed" } }, { "filename": "ty-0.0.39-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", "requires-python": ">=3.8", "size": 12177101, "hashes": { "sha256": "9b19cca70e465d71b0510656343883d62372bbe74b7845cae7c0e701d6d5264b" } }, { "filename": "ty-0.0.39-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", "requires-python": ">=3.8", "size": 11827815, "hashes": { "sha256": "56c6704b01b9b3d80ff26b2918423b742516d1e469bef830e9254dcedc9185bf" } }, { "filename": "ty-0.0.39-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "requires-python": ">=3.8", "size": 11694429, "hashes": { "sha256": "40b7840ff46764b6a6757f4ade1cd0530fc3e8a0b435ca93e7602360e4cb90b6" } }, { "filename": "ty-0.0.39-py3-none-manylinux_2_31_riscv64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-manylinux_2_31_riscv64.whl", "requires-python": ">=3.8", "size": 11869846, "hashes": { "sha256": "1c62a3a87ce26b50819f0dbf03bd95f23f19eeb87bbc7aa732ec64277c77f1aa" } }, { "filename": "ty-0.0.39-py3-none-musllinux_1_2_aarch64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-musllinux_1_2_aarch64.whl", "requires-python": ">=3.8", "size": 11029763, "hashes": { "sha256": "f8c34bc81a9c3516e49904e9d8330aac385377cca98390193ea02b903a40fcf0" } }, { "filename": "ty-0.0.39-py3-none-musllinux_1_2_armv7l.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-musllinux_1_2_armv7l.whl", "requires-python": ">=3.8", "size": 11146761, "hashes": { "sha256": "66f5ab11586a64e79cb692ad685ee5469325c31b5f30bd3554f52f36dbe28cc4" } }, { "filename": "ty-0.0.39-py3-none-musllinux_1_2_i686.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-musllinux_1_2_i686.whl", "requires-python": ">=3.8", "size": 11281843, "hashes": { "sha256": "e8d89732bcbbcb091f439e556dfc4932f198b118b47d5b85212c60662099670e" } }, { "filename": "ty-0.0.39-py3-none-musllinux_1_2_x86_64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-musllinux_1_2_x86_64.whl", "requires-python": ">=3.8", "size": 11792477, "hashes": { "sha256": "eceb6c91dcd05a231119f82abdd9aa337513de23ca6ac990bc44f88791dc1799" } }, { "filename": "ty-0.0.39-py3-none-win32.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-win32.whl", "requires-python": ">=3.8", "size": 10615377, "hashes": { "sha256": "891c3262314dbc80bf3e872634d23dd216306945daa9a9fcc206ce5ed21ac4c9" } }, { "filename": "ty-0.0.39-py3-none-win_amd64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-win_amd64.whl", "requires-python": ">=3.8", "size": 11710711, "hashes": { "sha256": "ba7f2d54452535419e90f6f03ff39282999e87b43c21c00559f6d7ad711a36d5" } }, { "filename": "ty-0.0.39-py3-none-win_arm64.whl", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39-py3-none-win_arm64.whl", "requires-python": ">=3.8", "size": 11081409, "hashes": { "sha256": "eb4cf0fefbbfedf9a352597bb2431ebdcb7eb3a595c0f825f228e897a0ec285d" } }, { "filename": "ty-0.0.39.tar.gz", "url": "http://proget-server/pypi/pypi-public/download/ty/0.0.39/ty-0.0.39.tar.gz", "requires-python": ">=3.8", "size": 5702365, "hashes": { "sha256": "f750277e76a01ecd86185960eca73823c26a53c51103568d56d4d904575159fd" } } ] }Note: Only versions 0.0.22 and 0.0.23 have the upload-time property, this is because I manually pulled these version to ProGet.
upload-timeshould always be present prior to pulls so that client package managers like uv withexclude-newer = "7 days"can avoid pulling new packages that will be blocked by ProGet due to non-compliance rules. -
RE: PEP 700 conformance for PyPI feedsposted in Support
Hi @dean-houston,
Can I confirm that this was fixed in the ProGet 2026 26.0.0 release last week?
PG-3272
Major Release ProGet 2026 We are experiencing issues with UV attempting to resolve packages that are too new when configured with the "exclude-newer" property, presumably because it's looking for the
upload-timeand notpublishedin the response.For info, we are currently seeing non-PEP 700 compliance on version 2025.27
Thanks,
Ashley -
ProGet Package Download Statistics IP when behind Load Balancerposted in Support
Hi,
We are running 2x ProGet servers in High Availability behind a load balancer. We are only seeing the load balancer IP on the package download statistics in ProGet.
We have enabled X-Forwarded-For on the load balancer to forward on the Client-IP but this has had not had any impact. Is there another header value we should be sending? Apologies if this is documented somewhere, I couldn't find it!
Thanks,
Ashely -
RE: NPM Incorrect Handling of min-release-ageposted in Support
Thanks @atripp, that makes sense.
I was having another issue with pgutil which turned out to be my fault, however I believe there is a follow on issue to do with the compliance analysis for project builds that have yet to have been pulled to ProGet. More detail on my original post here: https://forums.inedo.com/topic/5733/proget-unable-to-publish-sbom-from-pgutil/4.
@Dan_Woolf suggested continuing the topic here as it's related to non-compliant packages and what I believe to be the recently published rule. Is this something you can take a look at?
Thanks!
-
RE: ProGet Unable to publish SBOM from pgutilposted in Support
Hi @Dan_Woolf
I had to restart my computer so I lost my PowerShell variables, but I'm going to say you were correct. I ran it again and didn't get the errors - my bad!
This might be for a separate thread, but after providing the correct inputs
, ProGet thinks every build package is noncompliant, but if I click into one of the packages which takes me to the feed, the package is correctly reporting as compliant.Project Build:
Example Package Feed:
If I analyze my Build again, this is part of the log output (too long to post the entire thing):
Using recently cached (04/05/2026 09:06:59) metadata. Analyzing compliance for Azure.Core 1.47.1... Beginning license rule analysis... Default rules: undectableLicense=Warn, unspecifiedLicense=Compliant Checking MIT against rules... No matching license rules; applying unspecifiedLicense rule (Compliant) License rule analysis complete. Policy "Global" considers aged packages (3 years) Warn The package is not cached or local to any feed; cannot determine Publish Date. Policy "Global" considers recently published (7 days) Noncompliant The package is not cached or local to any feed; cannot determine Publish Date. No policies define a latest patch, so latest patch will not be checked. Analysis resulted in a Noncompliant result. Azure.Core 1.47.1 is Noncompliant Package is Recently Published Using recently cached (04/05/2026 08:35:56) metadata. Analyzing compliance for Azure.Identity 1.14.2... Beginning license rule analysis... Default rules: undectableLicense=Warn, unspecifiedLicense=Compliant Checking MIT against rules... No matching license rules; applying unspecifiedLicense rule (Compliant) License rule analysis complete. Package is deprecated. Policy "Global" considers deprecation Warn Policy "Global" considers aged packages (3 years) Warn The package is not cached or local to any feed; cannot determine Publish Date. Policy "Global" considers recently published (7 days) Noncompliant The package is not cached or local to any feed; cannot determine Publish Date. No policies define a latest patch, so latest patch will not be checked. Analysis resulted in a Noncompliant result. Azure.Identity 1.14.2 is Noncompliant Package Status is Deprecated; Package is Recently Published Using recently cached (04/05/2026 08:35:56) metadata. Analyzing compliance for Microsoft.Bcl.AsyncInterfaces 8.0.0... Beginning license rule analysis... Default rules: undectableLicense=Warn, unspecifiedLicense=Compliant Checking MIT against rules... No matching license rules; applying unspecifiedLicense rule (Compliant) License rule analysis complete. Policy "Global" considers aged packages (3 years) Warn The package is not cached or local to any feed; cannot determine Publish Date. Policy "Global" considers recently published (7 days) Noncompliant The package is not cached or local to any feed; cannot determine Publish Date. No policies define a latest patch, so latest patch will not be checked. Analysis resulted in a Noncompliant result. Microsoft.Bcl.AsyncInterfaces 8.0.0 is Noncompliant Package is Recently Published Using recently cached (04/05/2026 08:35:56) metadata. Analyzing compliance for Microsoft.Bcl.Cryptography 9.0.4... Beginning license rule analysis... Default rules: undectableLicense=Warn, unspecifiedLicense=Compliant Checking MIT against rules... No matching license rules; applying unspecifiedLicense rule (Compliant) License rule analysis complete. Policy "Global" considers aged packages (3 years) Warn The package is not cached or local to any feed; cannot determine Publish Date. Policy "Global" considers recently published (7 days) Noncompliant The package is not cached or local to any feed; cannot determine Publish Date. No policies define a latest patch, so latest patch will not be checked. Analysis resulted in a Noncompliant result. Microsoft.Bcl.Cryptography 9.0.4 is Noncompliant Package is Recently Published Using recently cached (04/05/2026 08:37:50) metadata. Analyzing compliance for Microsoft.Data.SqlClient 6.1.1... Beginning license rule analysis... Default rules: undectableLicense=Warn, unspecifiedLicense=Compliant Checking MIT against rules... No matching license rules; applying unspecifiedLicense rule (Compliant) License rule analysis complete. Policy "Global" considers aged packages (3 years) Warn The package is not cached or local to any feed; cannot determine Publish Date. Policy "Global" considers recently published (7 days) Noncompliant The package is not cached or local to any feed; cannot determine Publish Date. No policies define a latest patch, so latest patch will not be checked. Analysis resulted in a Noncompliant result. Microsoft.Data.SqlClient 6.1.1 is Noncompliant Package is Recently Published Using recently cached (04/05/2026 08:35:57) metadata. Analyzing compliance for microsoft.data.sqlclient.sni.runtime 6.0.2... Beginning license rule analysis... Default rules: undectableLicense=Warn, unspecifiedLicense=Compliant The package is not cached or local to any feed; without package metadata, license detection is limited. No licenses detected on package; applying undectableLicense rule (Warn) License rule analysis complete. Policy "Global" considers aged packages (3 years) Warn The package is not cached or local to any feed; cannot determine Publish Date. Policy "Global" considers recently published (7 days) Noncompliant The package is not cached or local to any feed; cannot determine Publish Date. No policies define a latest patch, so latest patch will not be checked. Analysis resulted in a Noncompliant result. microsoft.data.sqlclient.sni.runtime 6.0.2 is Noncompliant Package is Recently Published; No license detectedFrom a brief look at the logs, i'm guessing this is to do with out recently published rule not being calculated for packages that are yet to be cached locally. We are trialling this prior the the build step, so we can't make the assumption that a particular package version will be cached locally in ProGet when running pgutil scan.
Any help is much appreciated.
Thanks,
Ashley -
RE: NPM Incorrect Handling of min-release-ageposted in Support
Hi @atripp,
I upgraded to the latest ProGet version and the package is now complaint if it's older than 7 days but less than 8 days. Unfortunately, it looks like packages that are newer than 7 days (but older than 6) are now compliant. I guess this makes sense if you removed the time component in the comparison.
Examples:
Time now: 2026-05-04T09:53:00 (GMT)
Package published date: 2026-04-27T09:45:00
Outcome compliant
Time now: 2026-05-04T09:53:00 (GMT)
Package published date: 2026-04-27T15:00:00
Outcome compliant
(It should be Noncompliant)Package "pkg:npm/%40hono/node-server@1.19.14" will analyzed with local data Attempting to update local package with remote metadata... Cached metadata from search on 04/05/2026 08:41:11 Detecting licenses for "pkg:npm/%40hono/node-server@1.19.14"... Found 1 licenses: MIT Detecting vulnerabilities for "@hono/node-server" version "1.19.14"... Found 0 vulnerabilities. Searching policies associated with feed "npm-public"... Found 1 policy to use for analysis. Beginning license rule analysis... Default rules: undectableLicense=Warn, unspecifiedLicense=Compliant Checking MIT against rules... No matching license rules; applying unspecifiedLicense rule (Compliant) License rule analysis complete. Policy "Global" considers aged packages (3 years) Warn Policy "Global" considers recently published (7 days) Noncompliant No policies define a latest patch, so latest patch will not be checked. Analysis resulted in a Compliant result.I'm guessing that a for a full fix it needs to compare the time of the package in UTC against UTC time on the server in addition to the date.
P.S: I only just noticed that there's a typo in Set Package Status for "Publihsed date:"
af87249d-4355-4cd3-8b69-4bd62ef8b731-image.pngThanks for all your effort on this.
Ashley -
ProGet Unable to publish SBOM from pgutilposted in Support
Hi,
I am trialling the SBOM functionality in ProGet using pgutil builds scan but it errors when trying to publish the SBOM to ProGet.
pgutil builds scan --source=$Source --api-key=$ApiKey --input=$ProjectPath --project-name=$ProjectName --version=$ReleaseNumber Scanning for dependencies in .\REDACTED.csproj... Publishing SBOM to ProGet... Server responded with InternalServerError (500): 547`16`0`Projects_CreateOrUpdateProject`44`The INSERT statement conflicted with the CHECK constraint "CK__Projects__Project_Name". The conflict occurred in database "REDACTED", table "dbo.Projects", column 'Project_Name'. Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.Server: ProGet 2025.25 (Build 11)
Database: Microsoft SQL Server 2019
PgUtil: 2.2.7I am able to create a project from the Web UI, but the pgutil error is still present after manually creating the project in ProGet.
