Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Thank you for the pointers.
I think I finally got it working, though I must admit I'm still not a 100% sure what combination in what order actually led to success.
I'm already in contact with @apxltd about your planned SCA changes. I will try to write up what tripped me as part of that feedback.
There is updated documentation with step-by-step instructions here:
Hi @stevedennis
Thanks for the quick response and fix.
The Usage & Statistics page (feeds/some-feed/System.CodeDom/8.0.0/usage) suggests that this package version is part of the scanned project.
When navigating to the package list of that linked "Latest Version" the project it shows what version of said package is actually contained in the project.
In the current state the Usage & Statistics page is not very informative or helpful as it gives users the impression that a particular version is used in the project which in reality is not. Yes, the right information is obtainable by following the version link, but that does not really solve the issue with the page itself.
It would be good if the tables both on feeds/some-feed/System.CodeDom/8.0.0/usage and also on feeds/some-feed/System.CodeDom/versions/usage could be changed to show the concrete version of the package that is used in the project version that is currently listed.
Is this something that could be changed?
Hi @atripp,
We haven't updated the production instance to the version that introduced this feature yet, so nobody breathing down my neck. ;)
I'll wait for the official release, but thanks for the offer.
Have a nice weekend!
First of all thanks for adding the ability to list all packages for a given license on the package usage overview page (PG-2783), very helpful feature.
There seems to be an issue with listing packages that are matched to custom licenses. We have added a number of custom licenses to ProGet, to deal with proprietary packages that do not have OSS SPDX identifiers.
When clicking on the link to list the packages on such a custom license there is a 500 error on the next page:
Stack trace from error log page:
Stack trace: at Inedo.ProGet.WebApplication.Pages.Licenses.ListLicensePackagesPage.CreateChildControls()
at Inedo.ProGet.WebApplication.Pages.ProGetSimplePage.InitializeAsync()
at Inedo.Web.PageFree.SimplePageBase.ExecutePageLifeCycleAsync()
at Inedo.Web.PageFree.SimplePageBase.ProcessRequestAsync(AhHttpContext context)
at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
Ahh, took me a while to get it, but this is the dialog I was looking for.
It wasn't quite clear that the orange "Package Status is Deprecated" is actually a policy violation dialog, which is overriding this one here.
Thanks again.
Hello @atripp
Thanks for the feedback.
Just to double check: When the box shows "Package Status is Deprecated" it should also contain the custom deprecation reason, right?
Right now the box looks like in my screenshot above and I could not find any place where one could read the custom reason.
Or am I just looking in the wrong place?
ProGet Version 2024.15
1. Deprecation reason not visible
The custom deprecation reason does not seem to be visible anywhere anymore. If I recall correctly it was visible both in the ProGet UI and also Visual Studio.
VS package manager:
Any chance something got broken when that field was changed from a dropdown to a textbox?
2. License policy violation overrides deprecation status/reason
When a package is marked as deprecated and it also violates a license policy, the deprecation reason are not visible in the info box, instead only the license message is shown.
It would be good if the deprecation state and reason would always be visible regardless of policy compliance.
Inedo.ProGet was never updated on nuget.org since the initial deployment compared to pgutil. It looks like there have been a number of interesting additions looking at the source.
Any chance this package can be updated?
Always releasing it together with pgutil would also be appreciated.
Thanks for adding it to the roadmap.
From what I can see so far, there haven't been that many changes in the spec. For us mainly the author field changed.
Right now there is no immediate need. It might arise in the future if improvements or fixes are only being made available in the CycloneDX 4.x tooling.