RE: Lots of errors after upgrading to Proget 2025.3 (Build 9)

@stevedennis I tried in a docker image but also could not reproduce it reading SBOM from the UI. We have a major release ahead perhaps i can try after the release, but failing builds scares people me included.

@stevedennis we went back to an older version that doesn't break our builds and accepts this SBOM

I tried to reproduce it in a docker image but then i need a license key and the latest docker image version isn't build 9 but 6

@stevedennis I sent the SBOM to support

@stevedennis we switched back to latest 2024 version and SQL server and the builds are working again. I can't include the SBOM in the post as its to large, can I mail it or upload it somewhere?

I switched the nps feed audit to enabled (use ProGet's vulnerabilities and assessments)

Hi,

We upgraded to Proget 2025.3 (Build 9) and switched to the internal Postgres database.
But now our builds are starting to fail, in the diagnostic center I see a few different errors.

• Unhandled exception processing https://packages.vicrea.nl/api/sca/import
  System.InvalidOperationException: Nullable object must have a value.

• Connector error: The operation has timed out.
  System.Net.WebException: The operation has timed out.

• An error occurred processing a POST request to https://packages.vicrea.nl/npm/VicreaNpmJs/-/npm/v1/security/advisories/bulk: The operation has timed out.

We also had to switch from IIS to the integrated web server.
Here are the details of the errors

An error occurred processing a POST request to https://packages.vicrea.nl/npm/VicreaNpmJs/-/npm/v1/security/advisories/bulk: The operation has timed out.

System.Net.WebException: The operation has timed out.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
   at System.Net.WebRequest.GetResponseAsync()
   at Inedo.ProGet.Feeds.Npm.NpmConnector.ProxyRequestAsync(AhHttpContext context, String relativeUrl)
   at Inedo.ProGet.WebApplication.FeedEndpoints.Npm.NpmAuditHandler.TryProcessRequestAsync(AhHttpContext context, WebApiContext apiContext, NpmFeed feed, String relativeUrl)
   at Inedo.ProGet.WebApplication.FeedEndpoints.Npm.NpmHandler.ProcessRequestAsync(AhHttpContext context, WebApiContext apiContext, NpmFeed feed, String relativeUrl)
   at Inedo.ProGet.WebApplication.FeedEndpoints.FeedEndpointHandler.FeedRequestHandler.ProcessRequestAsync(AhHttpContext context)

::Web Error on 7/7/2025 2:37:47 PM::

Connector error: The operation has timed out.

System.Net.WebException: The operation has timed out.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
   at System.Net.WebRequest.GetResponseAsync()
   at Inedo.ProGet.GlobalExtensions.GetResponseAsync(HttpWebRequest request, CancellationToken cancellationToken)
   at Inedo.ProGet.Feeds.Connector.GetDirectResponseAsync(String url, CancellationToken cancellationToken)
   at Inedo.ProGet.Feeds.Connector.GetCachedResponseAsync(String url, CancellationToken cancellationToken)
   at Inedo.ProGet.Feeds.Npm.NpmConnector.GetCachedResponseWith404Async(String url, CancellationToken cancellationToken)
   at Inedo.ProGet.Feeds.Npm.NpmConnector.GetPackagesAsync(PackageNameId name, String version, CancellationToken cancellationToken)+MoveNext()
   at Inedo.ProGet.Feeds.Npm.NpmConnector.GetPackagesAsync(PackageNameId name, String version, CancellationToken cancellationToken)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
   at Inedo.ProGet.GlobalExtensions.ExceptionHandlingAsyncEnumerable`1.ExceptionHandlingAsyncEnumerator.MoveNextAsync()

::Feed Error on 7/7/2025 2:39:07 PM::

Unhandled exception processing https://packages.vicrea.nl/api/sca/import

System.InvalidOperationException: Nullable object must have a value.
   at System.Nullable`1.get_Value()
   at Inedo.ProGet.Projects.BomUtil.ImportBuild(Bom bom, Byte[] originalSbomBytes, String originalFormatCode)
   at Inedo.ProGet.Projects.BomUtil.ImportXmlAsync(Stream source)
   at Inedo.ProGet.WebApplication.SimpleHandlers.Api.Bom.ScaApiHandler.ProcessRequestAsync(AhHttpContext context, LoggedResponseStream output, WebApiContext apiContext)
   at Inedo.ProGet.WebApplication.SimpleHandlers.Api.ProGetApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context, LoggedResponseStream output, WrappedApiKey apiKey)
   at Inedo.Web.Handlers.Api.ApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context)
   at Inedo.Web.Handlers.Api.StandardApiHandler.ProcessRequestAsync(AhHttpContext context)

:: Error on 7/7/2025 3:17:01 PM::

Failed to fetch package tags for path-to-regexp from registry.npmjs.org.



::Feed Warning on 7/7/2025 2:49:23 PM::

Hi,

We just upgraded to 2025.3 (Build 9) and switched to the postgres database

I want to configure the backup job, but everytime I enter a backup file directory and save it, it seems ok but the directory is not stored and the export link does nothing.

Thanks @rhessinger

I worked around it by uploading it to another feed. But with your help I managed to clean up the original feed. I put an item on our backlog to sort this package out.

Kind regards
Valentijn

Hi,

Most builds work now except our flagship build, it fails on this package

System.Management.Automation.dll version 10.0.10586

I can't find it in te UI but it is on disk.
I tried to upload it again but then I get a message it already exists.

It's a transitive dependency of Open-Xml-PowerTools

Hi,

I deleted the two packages and manually removed them from disk.
Uninstalled Proget and installed build 31 en tried a few builds.
They seem to work now, this weekend all builds will run but I think they will work.

Thanks

Valentijn

Hi,

Is there any way this can be fixed because I can't upgrade ProGet anymore or do you need more information?

Regards

Valentijn

Hi,

Most of our weekly builds started failing after upgrading because packages with quirky versions can nog longer be downloaded. After downgrading to build 27 the builds work again.

The nuget command failed with exit code(1) and error(Failed to download package 'Microsoft.Web.Infrastructure.1.0.0' from ...
The nuget command failed with exit code(1) and error(Failed to download package 'System.Net.Http.Formatting.Extension.5.2.3' from ...

I reinstalled Proget with an offline installer

Hi,

I tried to upgrade Proget from 2024.27 to 2024.29 but the installer crashed and now Proget is gone. I tried to reinstall it but that also crashed also installing the old 27 version resulted in a crash. I tried to report it but that crashed the installer

Unhandled exception: System.ArgumentNullException: Value cannot be null.
Parameter name: s
   at Inedo.UPack.UniversalPackageVersion.Parse(String s)
   at Inedo.UPack.Packaging.UniversalPackageMetadata.get_Version()
   at Inedo.Romp.RompPack.PackageInstaller.<RunAsync>d__30.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Inedo.Romp.RompDeploymentJob.<InstallAsync>d__8.MoveNext()

I found this in the event log

Application: InedoHub.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
   at System.Net.HttpWebRequest.EndGetResponse(System.IAsyncResult)
   at System.Threading.Tasks.TaskFactory`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].FromAsyncCoreLogic(System.IAsyncResult, System.Func`2<System.IAsyncResult,System.__Canon>, System.Action`1<System.IAsyncResult>, System.Threading.Tasks.Task`1<System.__Canon>, Boolean)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at Inedo.Hub.Pages.SubmitErrorReportDialog+<Submit_Click>d__3.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Window.ShowHelper(System.Object)
   at System.Windows.Window.ShowDialog()
   at Inedo.Hub.Pages.ErrorPage.Submit_Click(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.Controls.Primitives.ButtonBase.OnClick()
   at System.Windows.Controls.Button.OnClick()
   at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
   at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
   at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
   at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
   at System.Windows.Input.InputManager.ProcessStagingArea()
   at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
   at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
   at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
   at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at Inedo.Hub.App.Main()

Hi,

In one of our older products we use angular 1.8.3.

Proget reports

This package has no known security vulnerabilities.

but npm audit reports

angular  *
Severity: high
angular vulnerable to regular expression denial of service (ReDoS) - https://github.com/advisories/GHSA-m2h2-264f-f486
Angular (deprecated package) Cross-site Scripting - https://github.com/advisories/GHSA-prc3-vjfx-vhm9
angular vulnerable to regular expression denial of service via the angular.copy() utility - https://github.com/advisories/GHSA-2vrf-hf26-jrp5
angular vulnerable to regular expression denial of service via the $resource service - https://github.com/advisories/GHSA-2qqx-w9hr-q5gx
angular vulnerable to regular expression denial of service via the <input type="url"> element - https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
angular vulnerable to super-linear runtime due to backtracking - https://github.com/advisories/GHSA-4w4v-5hc9-xrr2
fix available via `npm audit fix --force`
Will install angular@1.6.10, which is a breaking change
node_modules/angular

1 high severity vulnerability

@stevedennis

Should the text not say something like

There are no active builds...

Hi,

I clicked most builds but just can't find it.
Recently we deleted all projects and started anew using fullbuild numbers as SBOMS's started to accumulate for our quarterly releases. (not all projects have been changed yet though)

Anyway I uploaded ProGetVicrea.zip

Thanks for having a look.

Valentijn

We are using Version 2024.11 (Build 10)

In this screen it reports that a non-compliant license is in use in active releases.
But how can i find out which one and where?
We have dozens of projects and hundreds of builds but i can't seem the find it

I did a "Pull to ProGet" and ran analyze again and now the warning is gone.

Downloading the package did not help.

I'm pretty sure it was already in the cache, we clean the nuget cache on our buildservers weekly and everything is downloaded through Proget. The package downloads section shows the downloads.

There are a number of packages that show up with a compliance warning like this one

But when I look at the package it says everyting is ok

Thanks I made a backup and ran the script and it did clean up quite a few rows.
I'll try upgrading to 2024 again next week after we released :)

Strange that you can't see VicreaNeuronGegevensmagazijnContracts, I can't find bootstrap.less

VicreaNeuronGegevensmagazijnContracts indeed had a four part version number.
We deleted al versions of the package as the last download was in 2018.

I see these two warning in Diagnostic Center

The package is not cached or local to any feed; cannot determine if Unlisted.
The package is not cached or local to any feed; cannot determine if Deprecated.

But Details says none so I have no idea which package is causing this.

I uninstalled and installed the previous version, so we can build again.
Think the downgrade dropdown was empty because we got an IIS error at the end of each upgrade, maybe that's solved now too.

Hi,

I upgraded to 2024 and now I get errors in our builds and Visual Studio

Visual Studio simply says "Object reference not set to an instance of an object" and I can't browse for packages.

NuGet during the build gives a big stacktrace.

##[error]The nuget command failed with exit code(1) and error(Failed to retrieve information about 'NeuronTenantAuthenticationHttp' from remote source 'https://packages.vicrea.nl/nuget/Vicrea/FindPackagesById()?id='NeuronTenantAuthenticationHttp'&semVerLevel=2.0.0'.
  Object reference not set to an instance of an object.
NuGet.Protocol.Core.Types.FatalProtocolException: Failed to retrieve information about 'NeuronTenantAuthenticationHttp' from remote source 'https://packages.vicrea.nl/nuget/Vicrea/FindPackagesById()?id='NeuronTenantAuthenticationHttp'&semVerLevel=2.0.0'. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at NuGet.Protocol.RemoteV2FindPackageByIdResource.BuildModel(String id, XElement element)
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()
   at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)
   at NuGet.Protocol.RemoteV2FindPackageByIdResource.<>c__DisplayClass23_2.<<FindPackagesByIdAsyncCore>b__0>d.MoveNext()
...

When I browse to the url I get a lot of info back, not sure why the query starts at version 2.0.0
https://packages.vicrea.nl/nuget/Vicrea/FindPackagesById()?id='NeuronTenantAuthenticationHttp'&semVerLevel=2.0.0

I tried to downgrade but the version dropdown is empty.

Kinda stuck for now

I upgraded to 2024 and now I have these errors during analysis

ERROR: 2024-04-21 14:38:08Z - Unhandled exception analyzing pkg:nuget/VicreaNeuronGegevensmagazijnContracts pkg:nuget/VicreaNeuronGegevensmagazijnContracts@17.2.65 in Vicrea feed: 547`16`0`FeedPackageVersions_SetAnalysis`26`The INSERT statement conflicted with the FOREIGN KEY constraint "FK__FeedPackageAnalyses__FeedPackageVersions". The conflict occurred in database "ProGet", table "dbo.FeedPackageVersions".

The workaround for now is to restart the IIS application pool and start the proget service through the website.

Hi,

We are running Proget within IIS as the root project but we get this error each time we upgrade. Been working around it for a time but would like to fix it.

Any tips on how to solve this?

** Ensure ASP.NET Core Module is installed **

** Ensure IIS Site: $ProductName does not exist **
 DEBUG: Looking for Site "ProGet"...
 DEBUG: Does not exist. Creating...
 ERROR: You must specify binding information when creating a site.

ERROR: You must specify binding information when creating a site.

For most of our products we work with four releases a year and have many builds so the SBOM's add up.

We also have a cloud product where we deliver continously and used the buildnumer as Proget 'release' but then the number of releases got unwieldy. We fixed release number to 1.0 but then SBOM's add up again.

What i'm really looking for is a way to refresh the SBOM's for a release.

I like to keep the old releases (as we call them) so we see progress

Hi,

I have some unresolved issues like this

But when I look at the package is says it has a license

Using Version 2023.32 (Build 3)

After deleting a lot of SBOM's and running sp_updatestats on the database the timeout is gone (for now) but the Object reference errors are still there.

Hi,

I'm running into some timeout issues during release analysis so I wanted to reduces the number of imported SBOMs but you can only delete one at a time. A bulk delete action would be nice or a feature in pgscan to replace an SBOM instead of adding more and more each build.

Version 2023.32 (Build 3)

Hi,

I see errors in PackageAnalyzer logs

Unhandled exception analyzing packages in Vicrea feed: Object reference not set to an instance of an object.
Unhandled exception analyzing packages in VicreaMaven feed: Object reference not set to an instance of an object.
Unhandled exception: Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.
 ---> System.ComponentModel.Win32Exception (258): The wait operation timed out.
   at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task`1 result)
   at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
   at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch)
   at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
   at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
   at Inedo.ProGet.Data.DB.Context.Projects_GetReleaseAnalyzerDataAsync(Nullable`1 ProjectRelease_Id)
   at Inedo.ProGet.Projects.ProjectReleaseAnalyzer.AnalyzeReleaseAsync(Int32 projectReleaseId, Boolean sendEmail, CancellationToken cancellationToken)
   at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.AnalyzeReleasesAsync(ScheduledTaskContext context)
   at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.ExecuteAsync(ScheduledTaskContext context)
   at Inedo.ProGet.Service.Executions.ActiveScheduledTaskExecution.ExecuteAsync()
ClientConnectionId:0d07b9a9-043b-4747-81e1-0bdfc00192d0
Error Number:-2,State:0,Class:11

After the last error the analysis stops.

Using Version 2023.32 (Build 3)

Hi,

There is an i in 'the' that shouldn't be there.

To publish a container image to this registry, you must first retag it with thie repository url, and then push it as follows:

I upgraded to 23.0.32 (was on 23.0.31) and the license looks ok now but when I run analyze I get a timeout.

An error occurred in the web application: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

After that I ran the PackageAnalyzer task but that failed too.

Unhandled exception: Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.
 ---> System.ComponentModel.Win32Exception (258): The wait operation timed out.
   at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task`1 result)
   at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
   at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch)
   at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
   at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
   at Inedo.ProGet.Data.DB.Context.Projects_GetReleaseAnalyzerDataAsync(Nullable`1 ProjectRelease_Id)
   at Inedo.ProGet.Projects.ProjectReleaseAnalyzer.AnalyzeReleaseAsync(Int32 projectReleaseId, Boolean sendEmail, CancellationToken cancellationToken)
   at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.AnalyzeReleasesAsync(ScheduledTaskContext context)
   at Inedo.ProGet.ScheduledTasks.General.PackageAnalyzerScheduledTask.ExecuteAsync(ScheduledTaskContext context)
   at Inedo.ProGet.Service.Executions.ActiveScheduledTaskExecution.ExecuteAsync()
ClientConnectionId:e6772410-67c5-4929-a7c3-c2ad388f8e73
Error Number:-2,State:0,Class:11

Hi,

I checked again and the number of packages is correct when the build succeeds.
Had to run the build 9 times before I had a build that did not give a timeout.

Before i counted the number of components in the SBOM but the app itself is also a component and i have two SBOM's so therefore i was missing two packages.

I get the feeling that during the failing builds the SBOM is uploaded but not completely processed. So the next build its processed and thats when i see three SBOM's or four if the build succeeds.

Still no clue why this is the only build that has these failures, its not our biggest or most complex product. We don't have many builds that contain both npm and nuget packages but there are others. All builds are run at least once a week so the others with two pgscans are ok.

Hi,

I have an issue that says Unknown License Detected for package
Microsoft.AspNet.Web.Optimization 1.1.3

But when I use "Assign License Type to URL" and choose an existing license
(in this case MICROSOFT .NET LIBRARY) and press Add to license nothing seem to happen and the package still has an unknown license.

I tried to add the package to the license as Package name but its says its invalid
"pkg:/nuget/Microsoft.AspNet.Web.Optimization" is an invalid package name.

the same if i try to add it as an PUrl (pkg:/nuget/Microsoft.AspNet.Web.Optimization@1.1.3)

I noticed that the new version had multiple SBOM's and I only ran the build once.
After deleting all SBOM's and the version again the build still failed but at least I only see 1 SBOM this time.

Edit: The build runs pgscan twice once for npm and once for NuGet so i should see two SBOM's
499 components in npm SBOM
137 components in NuGet SBOM
636 is the expected number of packages

But this time total packages in UI shows 634

Running again into this issue:
Unhandled exception processing https://packages.vicrea.nl/api/sca/import

Version 2023.31 (Build 5)
Total Packages 635

I deleted the release in Proget and build again, again a timeout but I do see the new release in Proget. So it looks like the SBOM is processed but maybe not complete?

I ended up restarting the build 5 times when it finally worked.
Proget is running on a dedicated machine that does nothing else and no other builds where running.

Can it be that we have too many SBOMs, versions, packages or something like that?

After upgrading to the latest version this started to happen.

Version: Version 2023.30 (Build 16)

Server responded with 500 Internal Server Error: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.

In Diagnostic Center the following is shown:

Unhandled exception processing https://packages.vicrea.nl/api/sca/import

Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
---> System.ComponentModel.Win32Exception (258): The wait operation timed out.
at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task`1 result)
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch)
at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
at Inedo.ProGet.Data.DB.Context.Projects_GetReleaseAnalyzerDataAsync(Nullable`1 ProjectRelease_Id)
at Inedo.ProGet.Projects.ProjectReleaseAnalyzer.AnalyzeReleaseAsync(Int32 projectReleaseId, Boolean sendEmail, CancellationToken cancellationToken)
at Inedo.ProGet.Projects.BomUtil.ImportXmlAsync(Stream source)
at Inedo.ProGet.WebApplication.SimpleHandlers.Api.Bom.ScaApiHandler.ProcessRequestAsync(AhHttpContext context, LoggedResponseStream output, WebApiContext apiContext)
at Inedo.ProGet.WebApplication.SimpleHandlers.Api.ProGetApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context, LoggedResponseStream output, WrappedApiKey apiKey)
at Inedo.Web.Handlers.Api.ApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context)
at Inedo.Web.Handlers.Api.StandardApiHandler.ProcessRequestAsync(AhHttpContext context)
ClientConnectionId:6200fa0a-d298-4898-be14-9721cbe745c5
Error Number:-2,State:0,Class:11

Hi,

I got the same error, after disabling the preview feature it works again.

An error occurred processing a GET request to https://packages.vicrea.nl/nuget/VicreaNuGet/v3/flatcontainer/system.management.automation.dll/10.0.10586/system.management.automation.dll.10.0.10586.nupkg: 547`16`0`FeedPackageVersions_SetAnalysis`26`The INSERT statement conflicted with the FOREIGN KEY constraint "FK__FeedPackageAnalyses__FeedPackageVersions". The conflict occurred in database "ProGet", table "dbo.FeedPackageVersions".

Hi,

I'm trying to assign licenses to npm packages that have embedded license files.

But the kendo packages give an error:
(500) Server Error License not found in package

There is a license file in the package but it's called license.md
https://www.npmjs.com/package/@progress/kendo-licensing

Regards,

Valentijn

I tried it four times but all attempts failed.

Hi,

I tried to enable this feature but got a timeout.
Running: Version 2023.29 (Build 17)

Updating internal database with 43011 entries
Unhandled exception: Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
---> System.ComponentModel.Win32Exception (258): The wait operation timed out.
at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__209_0(Task1 result) at System.Threading.Tasks.ContinuationResultTaskFromResultTask2.InnerInvoke()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
at Inedo.Data.DatabaseContext.DbResult.CreateAsync(DbCommand command, DatabaseContext context, DateTimeOffset startTime, Stopwatch stopwatch)
at Inedo.Data.DatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
at Inedo.Data.SqlServerDatabaseContext.ExecuteInternalAsync(String storedProcName, GenericDbParameter[] parameters)
at Inedo.Data.DatabaseContext.ExecuteTableAsync[TRow](String storedProcName, GenericDbParameter[] parameters)
at Inedo.ProGet.Vulnerabilities.PgvdDownloafer.UpdateVulnerabilitiesInternalAsync(IAsyncEnumerable`1 vulnerabilities, CancellationToken cancellationToken)
at Inedo.ProGet.Vulnerabilities.PgvdDownloafer.UpdateVulnerabilitiesAsync(CancellationToken cancellationToken)
at Inedo.ProGet.Executions.SwitchToPgvdExecution.ExecuteAsync(IManualExecutionContext context)
at Inedo.ProGet.Service.Executions.ActiveManualExecution.ExecuteAsync()
ClientConnectionId:12b1995d-0cc6-4709-9072-3b870d34f096
Error Number:-2,State:0,Class:11

@dean-houston

This was a package that came from a local workspace, skipping seems the right solution as you can never check these packages for vulnerabilities.

Hi,

We started using Proget and pgscan for our frontend code but get a KeyNotFoundException exception in pgscan\Inedo.DependencyScan\NpmDependencyScanner.cs line 81

string version = npmDependencyPackage.Value.GetProperty("version").GetString();

This is the bit of json from the lock-file it fails on and as you can see there is no version attribute.

"node_modules/@vicrea-neuron/eslint-plugin": {
  "resolved": "packages/eslint-plugin",
  "link": true
},

With kind regards,

Valentijn

Thanks, I updated and feed cleanup is back to seconds instead of hours