We enabled the GitHub Dependabot for the vulnerability alerts. But because of the private code URL for googletest, the Dependabot cannot run successfully.
proxy | 2024/05/09 09:55:06 proxy starting, commit: d85fbd08cee81b78b7f408b09b558cac7a0cee5c
proxy | 2024/05/09 09:55:06 Listening (:1080)
updater | 2024-05-09T09:55:07.225571307 [826013593:main:WARN:src/devices/src/legacy/serial.rs:222] Detached the serial input due to peer close/error.
updater | time="2024-05-09T09:55:09Z" level=info msg="guest starting" commit=7ae3c8b6b9717f8ad3c56d9958b08ec3c5b6c903
updater | time="2024-05-09T09:55:09Z" level=info msg="starting job..." fetcher_timeout=10m0s job_id=826013593 updater_timeout=45m0s updater_version=6c1803521cfef2fcd4e5accda12fa4d1bcab0564-pip
updater | /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/httparty-0.21.0/lib/httparty.rb:10: warning: csv was loaded from the standard library, but will no longer be part of the default gems since Ruby 3.4.0. Add csv to your Gemfile or gemspec. Also contact author of httparty-0.21.0 to add csv into its gemspec.
updater | 2024/05/09 09:55:13 INFO <job_826013593> Starting job processing
updater | 2024/05/09 09:55:13 INFO <job_826013593> Job definition: {"job":{"allowed-updates":[{"dependency-type":"direct","update-type":"all"}],"commit-message-options":{"include-scope":null,"prefix":null,"prefix-development":null},"credentials-metadata":[{"host":"github.com","type":"git_source"}],"debug":null,"dependencies":["cryptography"],"dependency-group-to-refresh":null,"dependency-groups":[],"existing-group-pull-requests":[],"existing-pull-requests":[],"experiments":{"proxy-cached":true,"record-ecosystem-versions":true,"record-update-job-unknown-error":true},"ignore-conditions":[],"lockfile-only":false,"max-updater-run-time":2700,"package-manager":"pip","proxy-log-response-body-on-auth-failure":true,"reject-external-code":false,"repo-private":false,"requirements-update-strategy":null,"security-advisories":[{"affected-versions":["\u003e= 1.9.0, \u003c 2.3"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003c 3.2"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 3.1, \u003c 3.3.2"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003c 1.5.3"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 37.0.0, \u003c 38.0.3"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 1.8, \u003c 39.0.1"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 0.8.1, \u003c 39.0.1"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 0.5, \u003c= 40.0.2"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 40.0.0, \u003c 41.0.2"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 0.8, \u003c 41.0.3"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 2.5, \u003c 41.0.4"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 3.1, \u003c 41.0.6"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003c 42.0.0"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003c 42.0.2"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]},{"affected-versions":["\u003e= 38.0.0, \u003c 42.0.4"],"dependency-name":"cryptography","patched-versions":[],"unaffected-versions":[]}],"security-updates-only":true,"source":{"api-endpoint":"https://api.github.com/","branch":null,"directory":"/gpMgmt","hostname":"github.com","provider":"github","repo":"cloudberrydb/cloudberrydb"},"update-subdependencies":false,"updating-a-pull-request":false,"vendor-dependencies":false}}
updater |
proxy | 2024/05/09 09:55:13 [002] GET https://github.com:443/cloudberrydb/cloudberrydb/info/refs?service=git-upload-pack
proxy | 2024/05/09 09:55:13 [002] * authenticating git server request (host: github.com)
proxy | 2024/05/09 09:55:14 [002] 200 https://github.com:443/cloudberrydb/cloudberrydb/info/refs?service=git-upload-pack
proxy | 2024/05/09 09:55:14 [004] POST https://github.com:443/cloudberrydb/cloudberrydb/git-upload-pack
proxy | 2024/05/09 09:55:14 [004] * authenticating git server request (host: github.com)
proxy | 2024/05/09 09:55:14 [004] 200 https://github.com:443/cloudberrydb/cloudberrydb/git-upload-pack
proxy | 2024/05/09 09:55:14 [006] POST https://github.com:443/cloudberrydb/cloudberrydb/git-upload-pack
proxy | 2024/05/09 09:55:14 [006] * authenticating git server request (host: github.com)
proxy | 2024/05/09 09:55:14 [006] 200 https://github.com:443/cloudberrydb/cloudberrydb/git-upload-pack
proxy | 2024/05/09 09:55:27 [008] GET https://code.hashdata.xyz:443/cloudberry/googletest.git/info/refs?service=git-upload-pack
proxy | 2024/05/09 09:56:06 Posting metrics to remote API endpoint
proxy | 2024/05/09 09:56:06 Successfully posted metrics data via api client
proxy | 2024/05/09 09:57:38 [008] WARN: Cannot read TLS response from mitm'd server dial tcp 192.168.170.50:443: connect: connection timed out
proxy | 2024/05/09 09:57:38 [010] GET https://code.hashdata.xyz:443/cloudberry/googletest.git/info/refs?service=git-upload-pack
proxy | 2024/05/09 09:58:06 Posting metrics to remote API endpoint
proxy | 2024/05/09 09:58:06 Successfully posted metrics data via api client
proxy | 2024/05/09 09:59:49 [010] WARN: Cannot read TLS response from mitm'd server dial tcp 192.168.170.50:443: connect: connection timed out
updater | 2024/05/09 09:59:49 ERROR <job_826013593> Cloning of submodule failed: https://code.hashdata.xyz/cloudberry/googletest.git error: unknown
updater | 2024/05/09 09:59:49 INFO <job_826013593> Dependabot is using Python version '3.12'.
updater | 2024/05/09 09:59:49 INFO <job_826013593> Base commit SHA: 9951bfb3a1e987882ee317175e011fd5694676c1
updater | 2024/05/09 09:59:49 INFO <job_826013593> Finished job processing
updater | time="2024-05-09T09:59:50Z" level=info msg="task complete" container_id=job-826013593-file-fetcher exit_code=0 job_id=826013593 step=fetcher
updater | /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/httparty-0.21.0/lib/httparty.rb:10: warning: csv was loaded from the standard library, but will no longer be part of the default gems since Ruby 3.4.0. Add csv to your Gemfile or gemspec. Also contact author of httparty-0.21.0 to add csv into its gemspec.
updater | 2024/05/09 09:59:53 INFO <job_826013593> Starting job processing
updater | 2024/05/09 09:59:59 INFO <job_826013593> Starting security update job for cloudberrydb/cloudberrydb
updater | 2024/05/09 09:59:59 INFO <job_826013593> Checking if cryptography needs updating
proxy | 2024/05/09 09:59:59 [019] GET https://pypi.org:443/simple/cryptography/
proxy | 2024/05/09 09:59:59 [019] 200 https://pypi.org:443/simple/cryptography/
updater | 2024/05/09 10:00:00 INFO <job_826013593> Filtered out 48 yanked versions
updater | 2024/05/09 10:00:00 INFO <job_826013593> Latest version is 42.0.7
updater | 2024/05/09 10:00:00 INFO <job_826013593> Dependabot can't update vulnerable dependencies for projects without a lockfile or pinned version requirement as the currently installed version of cryptography isn't known.
updater | 2024/05/09 10:00:00 INFO <job_826013593> Finished job processing
updater | 2024/05/09 10:00:00 INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +-------------------------------+
updater | | Errors |
updater | +-------------------------------+
updater | | dependency_file_not_supported |
updater | +-------------------------------+
updater | time="2024-05-09T10:00:00Z" level=info msg="task complete" container_id=job-826013593-updater exit_code=0 job_id=826013593 step=updater
It should run successfully.
Click the button by maintainers on the Dependabot page.
Cloudberry Database version
main
What happened
We enabled the GitHub Dependabot for the vulnerability alerts. But because of the private code URL for googletest, the Dependabot cannot run successfully.
logs:
What you think should happen instead
It should run successfully.
How to reproduce
Click the button by maintainers on the Dependabot page.
Operating System
Any OS
Anything else
No response
Are you willing to submit PR?
Code of Conduct