Unknown dependencies

[JavierSegoviaCordoba]

How are you running Renovate?

WhiteSource Renovate hosted app on github.com

Please select which platform you are using if self-hosting.

No response

If you're self-hosting Renovate, tell us what version of Renovate you run.

No response

Describe the bug

All dependencies are unknown and there is a warning:

WARN: Error updating branch

JavierSegoviaCordoba/massive-catalogs#227

Technically, there are only two catalogs inside gradle folder, so I don't know why those libraries are appearing there.

Relevant debug logs

WARN: Error updating branch(branch="renovate/all")
{
  "err": {
    "task": {
      "commands": [
        "push",
        "origin",
        "renovate/all:renovate/all",
        "--force",
        "-u",
        "--no-verify",
        "--verbose",
        "--porcelain"
      ],
      "format": "utf-8"
    },
    "message": "Pushing to https://github.com/JavierSegoviaCordoba/massive-catalogs.git\nremote: Permission to JavierSegoviaCordoba/massive-catalogs.git denied to renovate[bot].\nfatal: unable to access 'https://github.com/JavierSegoviaCordoba/massive-catalogs.git/': The requested URL returned error: 403\n",
    "stack": "Error: Pushing to https://github.com/JavierSegoviaCordoba/massive-catalogs.git\nremote: Permission to JavierSegoviaCordoba/massive-catalogs.git denied to renovate[bot].\nfatal: unable to access 'https://github.com/JavierSegoviaCordoba/massive-catalogs.git/': The requested URL returned error: 403\n\n    at Object.action (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/plugins/error-detection.plugin.js:30:33)\n    at PluginStore.exec (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/plugins/plugin-store.js:21:33)\n    at /home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:95:45\n    at new Promise (<anonymous>)\n    at GitExecutorChain.handleTaskData (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:93:16)\n    at GitExecutorChain.<anonymous> (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:77:46)\n    at Generator.next (<anonymous>)\n    at fulfilled (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:5:58)\n    at runMicrotasks (<anonymous>)\n    at processTicksAndRejections (internal/process/task_queues.js:95:5)"
  }
}
WARN: Error updating branch(branch="renovate/major-all")
{
  "err": {
    "task": {
      "commands": [
        "push",
        "origin",
        "renovate/major-all:renovate/major-all",
        "--force",
        "-u",
        "--no-verify",
        "--verbose",
        "--porcelain"
      ],
      "format": "utf-8"
    },
    "message": "Pushing to https://github.com/JavierSegoviaCordoba/massive-catalogs.git\nremote: Permission to JavierSegoviaCordoba/massive-catalogs.git denied to renovate[bot].\nfatal: unable to access 'https://github.com/JavierSegoviaCordoba/massive-catalogs.git/': The requested URL returned error: 403\n",
    "stack": "Error: Pushing to https://github.com/JavierSegoviaCordoba/massive-catalogs.git\nremote: Permission to JavierSegoviaCordoba/massive-catalogs.git denied to renovate[bot].\nfatal: unable to access 'https://github.com/JavierSegoviaCordoba/massive-catalogs.git/': The requested URL returned error: 403\n\n    at Object.action (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/plugins/error-detection.plugin.js:30:33)\n    at PluginStore.exec (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/plugins/plugin-store.js:21:33)\n    at /home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:95:45\n    at new Promise (<anonymous>)\n    at GitExecutorChain.handleTaskData (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:93:16)\n    at GitExecutorChain.<anonymous> (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:77:46)\n    at Generator.next (<anonymous>)\n    at fulfilled (/home/ubuntu/renovateapp/node_modules/simple-git/src/lib/runners/git-executor-chain.js:5:58)\n    at runMicrotasks (<anonymous>)\n    at processTicksAndRejections (internal/process/task_queues.js:95:5)"
  }
}
WARN: Could not ensure issue
{
  "err": {
    "message": "integration-unauthorized",
    "stack": "Error: integration-unauthorized\n    at handleGotError (/home/ubuntu/renovateapp/node_modules/renovate/dist/util/http/github.js:60:15)\n    at GithubHttp.request (/home/ubuntu/renovateapp/node_modules/renovate/dist/util/http/github.js:161:13)\n    at runMicrotasks (<anonymous>)\n    at processTicksAndRejections (internal/process/task_queues.js:95:5)\n    at async GithubHttp.requestJson (/home/ubuntu/renovateapp/node_modules/renovate/dist/util/http/index.js:176:21)\n    at async Proxy.ensureIssue (/home/ubuntu/renovateapp/node_modules/renovate/dist/platform/github/index.js:924:17)\n    at async ensureDependencyDashboard (/home/ubuntu/renovateapp/node_modules/renovate/dist/workers/repository/dependency-dashboard.js:285:9)\n    at async Object.renovateRepository (/home/ubuntu/renovateapp/node_modules/renovate/dist/workers/repository/index.js:81:13)\n    at async renovateRepository (/home/ubuntu/renovateapp/app/worker/index.js:400:26)\n    at async /home/ubuntu/renovateapp/app/worker/index.js:644:5"
  }
}

Have you created a minimal reproduction repository?

I have linked to a minimal reproduction repository in the bug description

[JavierSegoviaCordoba]

For some reason it has no permissions to push (403), but the repo is enabled in the renovate github app.

I have seen there were 700+ deps (which is wrong), maybe GitHub API limit was reached.

INFO: Repository started
{
  "renovateVersion": "27.3.3"
}
INFO: Dependency extraction complete
{
  "baseBranch": "main",
  "stats": {
    "managers": {
      "github-actions": {
        "fileCount": 7,
        "depCount": 48
      },
      "gradle": {
        "fileCount": 13,
        "depCount": 716
      },
      "gradle-wrapper": {
        "fileCount": 1,
        "depCount": 1
      }
    },
    "total": {
      "fileCount": 21,
      "depCount": 765
    }
  }
}

[rarkins]

Could you elaborate on "All dependencies are unknown"? Do you mean that every single dependency in the log is not found in https://github.com/renovate-tests/massive-catalogs/blob/main/gradle/libs.versions.toml or other similar files?

[rarkins]

These stats seem extremely high when I run on this repo in my fork:

DEBUG: http statistics (repository=renovate-tests/massive-catalogs)
       "hostStats": {
         "api.github.com": {"requestCount": 378, "requestAvgMs": 290, "queueAvgMs": 0},
         "dl.google.com": {"requestCount": 498, "requestAvgMs": 97, "queueAvgMs": 0},
         "maven.pkg.jetbrains.space": {
           "requestCount": 239,
           "requestAvgMs": 703,
           "queueAvgMs": 0
         },
         "repo.maven.apache.org": {
           "requestCount": 16676,
           "requestAvgMs": 108,
           "queueAvgMs": 0
         },
         "services.gradle.org": {
           "requestCount": 1,
           "requestAvgMs": 175,
           "queueAvgMs": 1
         }
       },
       "totalRequests": 17792

@zharinov can you take a look if the new catalogs support is somehow wrong?

[JavierSegoviaCordoba]

Not sure if all, but probably because I have ktor in the version 1.6.3 in libs.versions.toml and in the dashboard I was getting a message to update to 1.6.3 so probably all those dependencies are transitive or something so.

[JavierSegoviaCordoba]

I found the problem, I have a disabled module which have a toml file inside, but it is not in the gradle folder, so I think renovate is looking for all toml files in the project, not only inside Gradle folder.

I totally forgot that module, it was disabled for months.

Should I create a separate issue to update the docs and/or fixing the bug of looking for all toml files?

... and scans for *.versions.toml files and for *.toml files inside the gradle folder to keep catalogs up to date.

[rarkins]

Here is the current fileMatch:

renovate/lib/manager/gradle/index.ts

Lines 32 to 37 in e108537

	fileMatch: [
	'\\.gradle(\\.kts)?$',
	'(^|/)gradle.properties$',
	'(^|\\/)gradle\\/.+\\.toml$',
	'\\.versions\\.toml$',
	],

Would you change anything about that? e.g. look only directly inside gradle/ folder instead of within any subdirectory?

[JavierSegoviaCordoba]

Up to you, I think allowing add toml files to any folder is good, because Gradle allows that (like it is right now in renovate), but it should be documented as well.

[rarkins]

OK, in that case an update to the docs would be appreciated

[viceice]

Yes, we shouldn't widen these file matches, as other managers are using toml files too and we get too many false positives.

But a user can always override the fileMatch via config. 🙃

[JavierSegoviaCordoba]

The global match is *.versions.toml, do you think that pattern is used in other managers?

[viceice]

no, but we have at least two other matches 😏 So we shouln't use *.toml as match for any manager by default.

renovate/lib/manager/cargo/index.ts

Line 13 in 13bbc5d

fileMatch: ['(^|/)Cargo.toml$'],

renovate/lib/manager/poetry/index.ts

Line 10 in 4200ed9

fileMatch: ['(^|/)pyproject\\.toml$'],

[JavierSegoviaCordoba]

*.toml is not there, there is a gradle/*.toml, but I think that is fine too.

[rarkins]

I think it will be any toml file at any depth inside a gradle folder?

[JavierSegoviaCordoba]

I think so too

[JavierSegoviaCordoba]

Fixed #11717