I repackaged the Owin package but didn't relalize that that would break all my builds as the dll's are now in a 1.0.0 folder where all the project files expect them in the 1.0 folder.
I guess this would work if the projects are in sdk project format but most of them are not.
Thanks for the confirmition we downgraded to 2025.19
Hi,
We updates to Proget 2025.21 and a build started failing with this message.
npm error 400 Bad Request - GET https://packages.vicrea.nl/npm/VicreaNpmJs/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz - Package is known to contain malicious code.
Which is great but it seems all versions of eslint-config-prettier are now blocked although not all are versions actually malicious
https://nvd.nist.gov/vuln/detail/CVE-2025-54313
Is this by design or am i missing something?
@stevedennis I tried in a docker image but also could not reproduce it reading SBOM from the UI. We have a major release ahead perhaps i can try after the release, but failing builds scares people me included.
@stevedennis we went back to an older version that doesn't break our builds and accepts this SBOM
I tried to reproduce it in a docker image but then i need a license key and the latest docker image version isn't build 9 but 6
@stevedennis I sent the SBOM to support
@stevedennis we switched back to latest 2024 version and SQL server and the builds are working again. I can't include the SBOM in the post as its to large, can I mail it or upload it somewhere?
I switched the nps feed audit to enabled (use ProGet's vulnerabilities and assessments)
Hi,
We upgraded to Proget 2025.3 (Build 9) and switched to the internal Postgres database.
But now our builds are starting to fail, in the diagnostic center I see a few different errors.
Unhandled exception processing https://packages.vicrea.nl/api/sca/import
System.InvalidOperationException: Nullable object must have a value.
Connector error: The operation has timed out.
System.Net.WebException: The operation has timed out.
An error occurred processing a POST request to https://packages.vicrea.nl/npm/VicreaNpmJs/-/npm/v1/security/advisories/bulk: The operation has timed out.
We also had to switch from IIS to the integrated web server.
Here are the details of the errors
An error occurred processing a POST request to https://packages.vicrea.nl/npm/VicreaNpmJs/-/npm/v1/security/advisories/bulk: The operation has timed out.
System.Net.WebException: The operation has timed out.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
at System.Net.WebRequest.GetResponseAsync()
at Inedo.ProGet.Feeds.Npm.NpmConnector.ProxyRequestAsync(AhHttpContext context, String relativeUrl)
at Inedo.ProGet.WebApplication.FeedEndpoints.Npm.NpmAuditHandler.TryProcessRequestAsync(AhHttpContext context, WebApiContext apiContext, NpmFeed feed, String relativeUrl)
at Inedo.ProGet.WebApplication.FeedEndpoints.Npm.NpmHandler.ProcessRequestAsync(AhHttpContext context, WebApiContext apiContext, NpmFeed feed, String relativeUrl)
at Inedo.ProGet.WebApplication.FeedEndpoints.FeedEndpointHandler.FeedRequestHandler.ProcessRequestAsync(AhHttpContext context)
::Web Error on 7/7/2025 2:37:47 PM::
Connector error: The operation has timed out.
System.Net.WebException: The operation has timed out.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location ---
at System.Net.WebRequest.GetResponseAsync()
at Inedo.ProGet.GlobalExtensions.GetResponseAsync(HttpWebRequest request, CancellationToken cancellationToken)
at Inedo.ProGet.Feeds.Connector.GetDirectResponseAsync(String url, CancellationToken cancellationToken)
at Inedo.ProGet.Feeds.Connector.GetCachedResponseAsync(String url, CancellationToken cancellationToken)
at Inedo.ProGet.Feeds.Npm.NpmConnector.GetCachedResponseWith404Async(String url, CancellationToken cancellationToken)
at Inedo.ProGet.Feeds.Npm.NpmConnector.GetPackagesAsync(PackageNameId name, String version, CancellationToken cancellationToken)+MoveNext()
at Inedo.ProGet.Feeds.Npm.NpmConnector.GetPackagesAsync(PackageNameId name, String version, CancellationToken cancellationToken)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
at Inedo.ProGet.GlobalExtensions.ExceptionHandlingAsyncEnumerable`1.ExceptionHandlingAsyncEnumerator.MoveNextAsync()
::Feed Error on 7/7/2025 2:39:07 PM::
Unhandled exception processing https://packages.vicrea.nl/api/sca/import
System.InvalidOperationException: Nullable object must have a value.
at System.Nullable`1.get_Value()
at Inedo.ProGet.Projects.BomUtil.ImportBuild(Bom bom, Byte[] originalSbomBytes, String originalFormatCode)
at Inedo.ProGet.Projects.BomUtil.ImportXmlAsync(Stream source)
at Inedo.ProGet.WebApplication.SimpleHandlers.Api.Bom.ScaApiHandler.ProcessRequestAsync(AhHttpContext context, LoggedResponseStream output, WebApiContext apiContext)
at Inedo.ProGet.WebApplication.SimpleHandlers.Api.ProGetApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context, LoggedResponseStream output, WrappedApiKey apiKey)
at Inedo.Web.Handlers.Api.ApiKeySecuredHandler.ProcessRequestInternalAsync(AhHttpContext context)
at Inedo.Web.Handlers.Api.StandardApiHandler.ProcessRequestAsync(AhHttpContext context)
:: Error on 7/7/2025 3:17:01 PM::
Failed to fetch package tags for path-to-regexp from registry.npmjs.org.
::Feed Warning on 7/7/2025 2:49:23 PM::
Hi,
We just upgraded to 2025.3 (Build 9) and switched to the postgres database
I want to configure the backup job, but everytime I enter a backup file directory and save it, it seems ok but the directory is not stored and the export link does nothing.
Thanks @rhessinger
I worked around it by uploading it to another feed. But with your help I managed to clean up the original feed. I put an item on our backlog to sort this package out.
Kind regards
Valentijn
Hi,
Most builds work now except our flagship build, it fails on this package
System.Management.Automation.dll version 10.0.10586
I can't find it in te UI but it is on disk.
I tried to upload it again but then I get a message it already exists.
It's a transitive dependency of Open-Xml-PowerTools