Thanks I made a backup and ran the script and it did clean up quite a few rows.
I'll try upgrading to 2024 again next week after we released :)
Posts made by v.makkenze_6348
-
RE: Errors in PackageAnalyzer logs
-
RE: Errors in PackageAnalyzer logs
Strange that you can't see VicreaNeuronGegevensmagazijnContracts, I can't find bootstrap.less
-
RE: Errors in PackageAnalyzer logs
VicreaNeuronGegevensmagazijnContracts indeed had a four part version number.
We deleted al versions of the package as the last download was in 2018. -
Warnings about a package in Diagostic Center without package name
I see these two warning in Diagnostic Center
The package is not cached or local to any feed; cannot determine if Unlisted.
The package is not cached or local to any feed; cannot determine if Deprecated.But Details says none so I have no idea which package is causing this.
-
RE: NuGet no longer works after upgrading to 2024
I uninstalled and installed the previous version, so we can build again.
Think the downgrade dropdown was empty because we got an IIS error at the end of each upgrade, maybe that's solved now too. -
NuGet no longer works after upgrading to 2024
Hi,
I upgraded to 2024 and now I get errors in our builds and Visual Studio
Visual Studio simply says "Object reference not set to an instance of an object" and I can't browse for packages.
NuGet during the build gives a big stacktrace.
##[error]The nuget command failed with exit code(1) and error(Failed to retrieve information about 'NeuronTenantAuthenticationHttp' from remote source 'https://packages.vicrea.nl/nuget/Vicrea/FindPackagesById()?id='NeuronTenantAuthenticationHttp'&semVerLevel=2.0.0'. Object reference not set to an instance of an object. NuGet.Protocol.Core.Types.FatalProtocolException: Failed to retrieve information about 'NeuronTenantAuthenticationHttp' from remote source 'https://packages.vicrea.nl/nuget/Vicrea/FindPackagesById()?id='NeuronTenantAuthenticationHttp'&semVerLevel=2.0.0'. ---> System.NullReferenceException: Object reference not set to an instance of an object. at NuGet.Protocol.RemoteV2FindPackageByIdResource.BuildModel(String id, XElement element) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext() at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection) at NuGet.Protocol.RemoteV2FindPackageByIdResource.<>c__DisplayClass23_2.<<FindPackagesByIdAsyncCore>b__0>d.MoveNext() ...
When I browse to the url I get a lot of info back, not sure why the query starts at version 2.0.0
https://packages.vicrea.nl/nuget/Vicrea/FindPackagesById()?id='NeuronTenantAuthenticationHttp'&semVerLevel=2.0.0I tried to downgrade but the version dropdown is empty.
Kinda stuck for now
-
RE: Errors in PackageAnalyzer logs
I upgraded to 2024 and now I have these errors during analysis
ERROR: 2024-04-21 14:38:08Z - Unhandled exception analyzing pkg:nuget/VicreaNeuronGegevensmagazijnContracts pkg:nuget/VicreaNeuronGegevensmagazijnContracts@17.2.65 in Vicrea feed: 547`16`0`FeedPackageVersions_SetAnalysis`26`The INSERT statement conflicted with the FOREIGN KEY constraint "FK__FeedPackageAnalyses__FeedPackageVersions". The conflict occurred in database "ProGet", table "dbo.FeedPackageVersions".
-
RE: Error during upgrade
The workaround for now is to restart the IIS application pool and start the proget service through the website.
-
Error during upgrade
Hi,
We are running Proget within IIS as the root project but we get this error each time we upgrade. Been working around it for a time but would like to fix it.
Any tips on how to solve this?
** Ensure ASP.NET Core Module is installed ** ** Ensure IIS Site: $ProductName does not exist ** DEBUG: Looking for Site "ProGet"... DEBUG: Does not exist. Creating... ERROR: You must specify binding information when creating a site. ERROR: You must specify binding information when creating a site.
-
RE: Ability to bulk delete SBOMs
For most of our products we work with four releases a year and have many builds so the SBOM's add up.
We also have a cloud product where we deliver continously and used the buildnumer as Proget 'release' but then the number of releases got unwieldy. We fixed release number to 1.0 but then SBOM's add up again.
What i'm really looking for is a way to refresh the SBOM's for a release.
I like to keep the old releases (as we call them) so we see progress
-
Unknown licenses that are known
Hi,
I have some unresolved issues like this
But when I look at the package is says it has a license
Using Version 2023.32 (Build 3)
-
RE: Errors in PackageAnalyzer logs
After deleting a lot of SBOM's and running sp_updatestats on the database the timeout is gone (for now) but the Object reference errors are still there.
-
Ability to bulk delete SBOMs
Hi,
I'm running into some timeout issues during release analysis so I wanted to reduces the number of imported SBOMs but you can only delete one at a time. A bulk delete action would be nice or a feature in pgscan to replace an SBOM instead of adding more and more each build.
Version 2023.32 (Build 3)
-
Errors in PackageAnalyzer logs
Hi,
I see errors in PackageAnalyzer logs
Unhandled exception analyzing packages in Vicrea feed: Object reference not set to an instance of an object. Unhandled exception analyzing packages in VicreaMaven feed: Object reference not set to an instance of an object. Unhandled exception: Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (258): The wait operation timed out. at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task`1 result) at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke() at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread) --- End of stack trace from previous location --- at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch) at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters) at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters) at Inedo.ProGet.Data.DB.Context.Projects_GetReleaseAnalyzerDataAsync(Nullable`1 ProjectRelease_Id) at Inedo.ProGet.Projects.ProjectReleaseAnalyzer.AnalyzeReleaseAsync(Int32 projectReleaseId, Boolean sendEmail, CancellationToken cancellationToken) at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.AnalyzeReleasesAsync(ScheduledTaskContext context) at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.ExecuteAsync(ScheduledTaskContext context) at Inedo.ProGet.Service.Executions.ActiveScheduledTaskExecution.ExecuteAsync() ClientConnectionId:0d07b9a9-043b-4747-81e1-0bdfc00192d0 Error Number:-2,State:0,Class:11
After the last error the analysis stops.
Using Version 2023.32 (Build 3)
-
Small spelling error in image Usage Instructions
Hi,
There is an i in 'the' that shouldn't be there.
To publish a container image to this registry, you must first retag it with thie repository url, and then push it as follows:
-
RE: Unable to add license to package
I upgraded to 23.0.32 (was on 23.0.31) and the license looks ok now but when I run analyze I get a timeout.
An error occurred in the web application: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
After that I ran the PackageAnalyzer task but that failed too.
Unhandled exception: Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (258): The wait operation timed out. at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task`1 result) at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke() at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread) --- End of stack trace from previous location --- at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch) at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters) at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters) at Inedo.ProGet.Data.DB.Context.Projects_GetReleaseAnalyzerDataAsync(Nullable`1 ProjectRelease_Id) at Inedo.ProGet.Projects.ProjectReleaseAnalyzer.AnalyzeReleaseAsync(Int32 projectReleaseId, Boolean sendEmail, CancellationToken cancellationToken) at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.AnalyzeReleasesAsync(ScheduledTaskContext context) at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.ExecuteAsync(ScheduledTaskContext context) at Inedo.ProGet.Service.Executions.ActiveScheduledTaskExecution.ExecuteAsync() ClientConnectionId:e6772410-67c5-4929-a7c3-c2ad388f8e73 Error Number:-2,State:0,Class:11
-
RE: Timeout in build when running pgscan
Hi,
I checked again and the number of packages is correct when the build succeeds.
Had to run the build 9 times before I had a build that did not give a timeout.Before i counted the number of components in the SBOM but the app itself is also a component and i have two SBOM's so therefore i was missing two packages.
I get the feeling that during the failing builds the SBOM is uploaded but not completely processed. So the next build its processed and thats when i see three SBOM's or four if the build succeeds.
Still no clue why this is the only build that has these failures, its not our biggest or most complex product. We don't have many builds that contain both npm and nuget packages but there are others. All builds are run at least once a week so the others with two pgscans are ok.
-
Unable to add license to package
Hi,
I have an issue that says Unknown License Detected for package
Microsoft.AspNet.Web.Optimization 1.1.3But when I use "Assign License Type to URL" and choose an existing license
(in this case MICROSOFT .NET LIBRARY) and press Add to license nothing seem to happen and the package still has an unknown license.I tried to add the package to the license as Package name but its says its invalid
"pkg:/nuget/Microsoft.AspNet.Web.Optimization" is an invalid package name.the same if i try to add it as an PUrl (pkg:/nuget/Microsoft.AspNet.Web.Optimization@1.1.3)
-
RE: Timeout in build when running pgscan
I noticed that the new version had multiple SBOM's and I only ran the build once.
After deleting all SBOM's and the version again the build still failed but at least I only see 1 SBOM this time.Edit: The build runs pgscan twice once for npm and once for NuGet so i should see two SBOM's
499 components in npm SBOM
137 components in NuGet SBOM
636 is the expected number of packagesBut this time total packages in UI shows 634
-
RE: Timeout in build when running pgscan
Running again into this issue:
Unhandled exception processing https://packages.vicrea.nl/api/sca/importVersion 2023.31 (Build 5)
Total Packages 635I deleted the release in Proget and build again, again a timeout but I do see the new release in Proget. So it looks like the SBOM is processed but maybe not complete?
-
RE: Timeout in build when running pgscan
I ended up restarting the build 5 times when it finally worked.
Proget is running on a dedicated machine that does nothing else and no other builds where running.Can it be that we have too many SBOMs, versions, packages or something like that?
-
Timeout in build when running pgscan
After upgrading to the latest version this started to happen.
Version: Version 2023.30 (Build 16)
Server responded with 500 Internal Server Error: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
In Diagnostic Center the following is shown:
Unhandled exception processing https://packages.vicrea.nl/api/sca/import
Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. ---> System.ComponentModel.Win32Exception (258): The wait operation timed out. at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task`1 result) at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke() at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread) --- End of stack trace from previous location --- at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch) at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters) at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters) at Inedo.ProGet.Data.DB.Context.Projects_GetReleaseAnalyzerDataAsync(Nullable`1 ProjectRelease_Id) at Inedo.ProGet.Projects.ProjectReleaseAnalyzer.AnalyzeReleaseAsync(Int32 projectReleaseId, Boolean sendEmail, CancellationToken cancellationToken) at Inedo.ProGet.Projects.BomUtil.ImportXmlAsync(Stream source) at Inedo.ProGet.WebApplication.SimpleHandlers.Api.Bom.ScaApiHandler.ProcessRequestAsync(AhHttpContext context, LoggedResponseStream output, WebApiContext apiContext) at Inedo.ProGet.WebApplication.SimpleHandlers.Api.ProGetApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context, LoggedResponseStream output, WrappedApiKey apiKey) at Inedo.Web.Handlers.Api.ApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context) at Inedo.Web.Handlers.Api.StandardApiHandler.ProcessRequestAsync(AhHttpContext context) ClientConnectionId:6200fa0a-d298-4898-be14-9721cbe745c5 Error Number:-2,State:0,Class:11
-
RE: Database Error
Hi,
I got the same error, after disabling the preview feature it works again.
An error occurred processing a GET request to https://packages.vicrea.nl/nuget/VicreaNuGet/v3/flatcontainer/system.management.automation.dll/10.0.10586/system.management.automation.dll.10.0.10586.nupkg: 547`16`0`FeedPackageVersions_SetAnalysis`26`The INSERT statement conflicted with the FOREIGN KEY constraint "FK__FeedPackageAnalyses__FeedPackageVersions". The conflict occurred in database "ProGet", table "dbo.FeedPackageVersions".
-
License not found in package
Hi,
I'm trying to assign licenses to npm packages that have embedded license files.
But the kendo packages give an error:
(500) Server Error License not found in packageThere is a license file in the package but it's called license.md
https://www.npmjs.com/package/@progress/kendo-licensingRegards,
Valentijn
-
RE: Enable Vulnerability Feature Preview... timeout
I tried it four times but all attempts failed.
-
Enable Vulnerability Feature Preview... timeout
Hi,
I tried to enable this feature but got a timeout.
Running: Version 2023.29 (Build 17)Updating internal database with 43011 entries
Unhandled exception: Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
---> System.ComponentModel.Win32Exception (258): The wait operation timed out.
at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task1 result) at System.Threading.Tasks.ContinuationResultTaskFromResultTask
2.InnerInvoke()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch)
at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
at Inedo.Data.DatabaseContext.ExecuteTableAsync[TRow](String storedProcName, GenericDbParameter[] parameters)
at Inedo.ProGet.Vulnerabilities.PgvdDownloafer.UpdateVulnerabilitiesInternalAsync(IAsyncEnumerable`1 vulnerabilities, CancellationToken cancellationToken)
at Inedo.ProGet.Vulnerabilities.PgvdDownloafer.UpdateVulnerabilitiesAsync(CancellationToken cancellationToken)
at Inedo.ProGet.Executions.SwitchToPgvdExecution.ExecuteAsync(IManualExecutionContext context)
at Inedo.ProGet.Service.Executions.ActiveManualExecution.ExecuteAsync()
ClientConnectionId:12b1995d-0cc6-4709-9072-3b870d34f096
Error Number:-2,State:0,Class:11 -
RE: KeyNotFoundException when using pgscan
This was a package that came from a local workspace, skipping seems the right solution as you can never check these packages for vulnerabilities.
-
KeyNotFoundException when using pgscan
Hi,
We started using Proget and pgscan for our frontend code but get a KeyNotFoundException exception in pgscan\Inedo.DependencyScan\NpmDependencyScanner.cs line 81
string version = npmDependencyPackage.Value.GetProperty("version").GetString();
This is the bit of json from the lock-file it fails on and as you can see there is no version attribute.
"node_modules/@vicrea-neuron/eslint-plugin": { "resolved": "packages/eslint-plugin", "link": true },
With kind regards,
Valentijn
-
RE: Out of memory errors after upgrading to 2023.15
Thanks, I updated and feed cleanup is back to seconds instead of hours
-
RE: Out of memory errors after upgrading to 2023.15
In todays log there is some more information:
Unhandled exception: Microsoft.Data.SqlClient.SqlException (0x80131904): There is insufficient system memory in resource pool 'internal' to run this query. at Microsoft.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at Microsoft.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at Microsoft.Data.SqlClient.SqlDataReader.TryHasMoreRows(Boolean& moreRows) at Microsoft.Data.SqlClient.SqlDataReader.TryReadInternal(Boolean setTimeout, Boolean& more) at Microsoft.Data.SqlClient.SqlDataReader.Read() at Inedo.Data.StrongDataReader.<Read>g__read|11_1[TRow](<>c__DisplayClass11_0`1& ) at Inedo.Data.StrongDataReader.Read[TRow](IDbDataResult dbResult)+MoveNext() at Inedo.Data.StrongDataReader.Read[TRow](Func`1 getReader, Boolean disposeReader)+MoveNext() at Inedo.ProGet.Feeds.StandardPackageFeed`3.<>c__DisplayClass58_0.<<Inedo-ProGet-Feeds-IRetentionFeed<Inedo-ProGet-Feeds-StandardRetentionPackage<TVersion>>-EnumerateItemsAsync>g__iterateOneToOne|1>d.MoveNext() at Inedo.EnumerableExtensions.AsyncIterator`1.Enumerator.MoveNextAsync() at Inedo.ProGet.Feeds.IRetentionFeed`1.Inedo.ProGet.Feeds.IRetentionFeed.EnumerateItemsAsync(Boolean cachedOnly, Boolean prereleaseOnly, CancellationToken cancellationToken)+MoveNext() at Inedo.ProGet.Feeds.IRetentionFeed`1.Inedo.ProGet.Feeds.IRetentionFeed.EnumerateItemsAsync(Boolean cachedOnly, Boolean prereleaseOnly, CancellationToken cancellationToken)+MoveNext() at Inedo.ProGet.Feeds.IRetentionFeed`1.Inedo.ProGet.Feeds.IRetentionFeed.EnumerateItemsAsync(Boolean cachedOnly, Boolean prereleaseOnly, CancellationToken cancellationToken)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult() at Inedo.ProGet.Feeds.RetentionRunner.RunRetentionRuleAsync(FeedRetentionRuleConfiguration rule, Int32 sequenceNumber, Boolean retentionDryRun, CancellationToken cancellationToken) at Inedo.ProGet.Feeds.RetentionRunner.RunRetentionRuleAsync(FeedRetentionRuleConfiguration rule, Int32 sequenceNumber, Boolean retentionDryRun, CancellationToken cancellationToken) at Inedo.ProGet.Feeds.RetentionRunner.PerformRetentionAsync(Boolean dryRun, CancellationToken cancellationToken) at Inedo.ProGet.ScheduledTasks.Feed.FeedCleanupScheduledTask.ExecuteAsync(ScheduledTaskContext context) at Inedo.ProGet.Service.Executions.ActiveScheduledTaskExecution.ExecuteAsync() ClientConnectionId:9f725e0d-f135-46ae-8b92-fb58605389c0 Error Number:701,State:123,Class:17
-
RE: Out of memory errors after upgrading to 2023.15
Hi
I upgrade whenever the website gives me a warning so the previous version was probably 2023.14 (can't find the previous version in the logfile)
It looks like the problem is with the feed cleanup as that takes a long time and gives an error.
Vicrea FeedCleanup 8/24/2023 1:43 AM - Normal Executing
Vicrea FeedCleanup 8/23/2023 1:58 AM 6h 32min Error Completed
Vicrea FeedCleanup 8/22/2023 1:49 AM 7h 29min Error CompletedThe log doesn't say anything usefull:
DEBUG: 2023-08-22 23:58:38Z - Beginning cleanup for Vicrea (NuGet) feed.
INFO : 2023-08-22 23:58:38Z - Starting feed retention check...
DEBUG: 2023-08-22 23:58:38Z - Checking for feed retention rules...
DEBUG: 2023-08-22 23:58:38Z - Feed has 1 retention rule.
INFO : 2023-08-22 23:58:38Z - Running in dry run mode...
INFO : 2023-08-22 23:58:38Z - Checking rule 1...
DEBUG: 2023-08-22 23:58:38Z - Only delete packages that have not been requested in the last 90 days (since 5/25/2023 1:58:38 AM)
DEBUG: 2023-08-22 23:58:38Z - Only delete packages that have been downloaded fewer than 1 times.
DEBUG: 2023-08-22 23:58:38Z - Never delete the most recent 1 versions of packages.
INFO : 2023-08-22 23:58:38Z - Finding packages that match retention rule 1... -
Out of memory errors after upgrading to 2023.15
Hi,
We upgraded to Proget 2023.15 but now every morning the server is unavailable.
We see low virtual memory warnings in the eventlog mentioning the ProGet service.
ProGet.Service.exe (2812) consumed 10.343.374.848 bytes,
-
RE: FeedCleanup deleted way more than expected
I uploaded the missing packages again by dropping everything I had in my local cache to the DropFolder en got my builds working again.
But when I look at one of the missing packages its shows up with all the download history when seen from the package itself but when I look at usage from the specific version its shows no recent downloads but only downloads fromn last month.
From build logs
NU1101: Unable to find package Neuron.Tenant.Monitor. No packages exist with this id in source(s): Vicrea, VicreaNuGetSeen from package
Seen from specific version
-
FeedCleanup deleted way more than expected
Hi,
This is our setup, we force build all our products once a week and delete the nuget cache on the build server the night before. We had the default retention rule to delete packages that have not been requested in the last 90 days and that have been downloaded fewer than 1 times.
This works fine but packages that where downloaded once by a developer and later replaced by newer versions started to accumelate so I changed downloaded fewer that 1 times to 2 times. Reasening that every really used package is downloaded at least 12 times in the last 90 days because of the cleaned cache and the forced build.
Somehow this week packages that are clearly used are missing and I can see in the retention log that they have been deleted and i'm sure that they where downloaded more than twice in the last 90 days.
-
RE: Reporting & Software Composition Analysis (SCA) shows many unresolved Issues
I repackaged the Owin package but didn't relalize that that would break all my builds as the dll's are now in a 1.0.0 folder where all the project files expect them in the 1.0 folder.
I guess this would work if the projects are in sdk project format but most of them are not.
-
Reporting & Software Composition Analysis (SCA) shows many unresolved Issues
Hi,
We recently starting using SCA and have most of our products in there now but almost all of them show some unresolved issues.
It's always "Missing Package" but most often the same package is listed in the same list as resolved.
Some examples from different products:
#34 Owin 1.0.0 Unknown License Resolved on 5/9/2023 11:55 PM
#89 Owin 1.0.0 Missing Package Unresolved
(this one pops up in quite a few products)#11 Microsoft.Web.Infrastructure 1.0.0 Unknown License Resolved on 5/13/2023 11:49 PM
#24 Microsoft.Web.Infrastructure 1.0.0 Missing Package Unresolved#1 AutoMapper 10.1.1 Unknown License Resolved on 5/15/2023 5:30 PM
#57 AutoMapper 10.1.1 Missing Package Unresolved
#56 WiX 3.11.2 Unknown License Resolved on 5/15/2023 5:30 PM
#58 WiX 3.11.2 Missing Package UnresolvedAll packages are exclusivly downloaded through Proget en we clean our nuget cache once a week on the buildservers.
We are running Version 2023.7 (Build 10)
Any tips on how to resolve there issues are welcome
-
RE: Errors downloaden npm packages after upgrade to 2023 (build 73)
I installed Version 2023.2 (Build 12) and added the @ back to the folder name and downloading now works.
But quering the versions does not work.
$ npm view @vicrea-neuron/kendo-theme versions npm ERR! code E404 npm ERR! 404 Not Found - GET https://packages.vicrea.nl/npm/VicreaNpm/@vicrea-neuron%2fkendo-theme - Package not found. npm ERR! 404 npm ERR! 404 '@vicrea-neuron/kendo-theme@latest' is not in this registry. npm ERR! 404 npm ERR! 404 Note that you can also install from a npm ERR! 404 tarball, folder, http url, or git url.
-
RE: Errors downloaden npm packages after upgrade to 2023 (build 73)
I renamed the folder on the server and downloading npm packages works.
-
Errors downloaden npm packages after upgrade to 2023 (build 73)
After upgrading to 2023 we can no longer download npm packages.
An error occurred in the web application: Could not find a part of the path 'D:\ProGet\Packages.npm\F9\vicrea-neuron\kendo-theme\0.1.23\package.tgz'.
The real path where the package is located is
D:\Proget\Packages.npm\F9\@vicrea-neuron\kendo-theme\0.1.23\package.tgzSomehow the @ in the path has disappeared.
Should we rename things on the server or update the database somehow. -
RE: Duplicate unassesed vulnerabilities
Hi,
I just added all available sources as I didn't know which one to choose
- OSS Index
- PGVC
- ProGet Vulnerability Central
For now I removed OSS Index and ProGet Vulnerability Central and only have PGVC
(not sure what the difference between ProGet Vulnerability Central and PGVC is)I set severity for these two vulnerabilities to caution
GHSA-wc69-rhjr-hc9g : Moment.js vulnerable to Inefficient Regular Expression Complexity
GHSA-8hfj-j24r-96c4 : Path Traversal: 'dir/../../filename' in moment.localeCleared the NuGet cache and ran a build that uses this package.
Then I started experimenting with turning things on and off and running the Tasks VulnerabilityDownloader and VulnerabilityDownloader.
With only PGVC I see only this one but not the other ones
GHSA-8hfj-j24r-96c4 : Path Traversal: 'dir/../../filename' in moment.localeWith OSS and PGVC I see 11 vulnerabilities but no duplicates
With all three I see 12 vulnerabilities and a duplicate for GHSA-8hfj-j24r-96c4
When I select them they have the same ID but vulnerabilityId in the url is different.For now I turned ProGet Vulnerability Central off or should I used that one and turn PGVC off?
I'm using Version 2022.27 (Build 9)
-
Duplicate unassesed vulnerabilities
Hi,
We recently started with the Software Composition Analysis feature of Proget and now have a good overview of the packages we use. We have set all unassesed vulnerabilities on caution so the builds won't fail but we do have a good overview of the vulnerabilities.
Weekly we clean the NuGet caches and run all our builds but these fail as a lot of assessments seem to reset and block the download. Here is an example but there are many many packages where we need to assess the same vulnerability over and over again which is tedious and in the end undoable.
-
RE: Web folder missing after upgrading to ProGet 22.0.1
Also:
I did remove the second website as we want ProGet to be running on the default web site on port 443 (https). -
RE: Web folder missing after upgrading to ProGet 22.0.1
Installed the .NET 6.0 Web Hosting Bundle
I did a complete uninstall, an new install (choosing IIS)
Changed the application pool to No Managed Code and Integrated pipeline modeAnd now it works, thank you for the tips.
-
RE: Web folder missing after upgrading to ProGet 22.0.1
I tried to upgrade again but simply changing the path IIS is not enough.
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid. -
Web folder missing after upgrading to ProGet 22.0.1
We upgraded from 6.0.18 to 22.0.1 with InedoHub but the Web folder was missing and we could not longer access ProGet through IIS en https
-
RE: Npm packages not visible when running onder IIS
When I use an api key, there seem to be no caching problems.
So I have this in my .npmrc
_auth=<base encoded string api:key> -
RE: Npm packages not visible when running onder IIS
I disabled the cache, but when I publish a new package its still not visible.
Version 1 is published
$ pnpm view @vicrea-neuron/progettest versions
[ '1.0.0' ]Publish version 2
$ npm publish
npm notice
npm notice package: @vicrea-neuron/progettest@2.0.0
npm notice === Tarball Contents ===
npm notice 64B package.json
npm notice === Tarball Details ===
npm notice name: @vicrea-neuron/progettest
npm notice version: 2.0.0
npm notice package size: 162 B
npm notice unpacked size: 64 B
npm notice shasum: 7187dcb1f33b4025539a79b0728b0b33dd44af9a
npm notice integrity: sha512-G+8QbHgghLq4g[...]/Cn6P+qby28eQ==
npm notice total files: 1
npm notice- @vicrea-neuron/progettest@2.0.0
It does not show up
$ pnpm view @vicrea-neuron/progettest versions
[ '1.0.0' ]Only after an IIS reset version 2 is visible
$ pnpm view @vicrea-neuron/progettest versions
[ '1.0.0', '2.0.0' ] -
RE: Npm packages not visible when running onder IIS
As far as I know I did not do anything other then what the documentation said.
Which IIS settings would you like to see? -
Npm packages not visible when running onder IIS
We changed from http to https using this documentation
https://docs.inedo.com/docs/various-iis-switching-to-iis
But now when we publish an npm package with npm publish we don't see the new version with pnpm view only after an IIS reset is the new package visible.
The package also don't show up in Latest Local Packages list, but do after an IIS reset