*solrbot On Sun, May 10, 2026 at 12:09 PM Gus Heck <[email protected]> wrote:
> This sounds like a bug where Maven Central returns the wrong response > code. Dependabot is probably doing the right thing. 403 is usually for when > the user is known to the server but is found to have insufficient > authorization. Insufficient authoriation would not be a transient problem. > 429 (Too many requests) should be used for rate limiting. > https://datatracker.ietf.org/doc/html/rfc6585 > > In theory, Sonatype should fix their software... (and others like > artifactory, or internal proxies within orgs might be getting it right?) > > On Sat, May 9, 2026 at 8:39 PM Jan Høydahl <[email protected]> wrote: > >> Hi all, >> >> You may have noticed the flood of automated emails from solrbot to issues@ >> yesterday about many branch_9x Renovate PRs being flagged as "abandoned". >> Then some hours later, on the next solrbot run, they were flipped back. >> >> Turns out this is due to a bug in the version of Renovate we were running >> (v41.82.10): >> >> Maven Central returned HTTP 403 errors (likely rate-limiting) during a >> scheduled run. Renovate mistakenly treated this as "no updates available" >> rather than a transient registry error, causing existing open PRs to be >> incorrectly classified >> as abandoned. >> >> A separate bug caused Renovate's "is this branch modified by a human?" >> check to fail so that the PR was not actually closed. >> >> What I've done: >> >> I have upgraded solrbot to the latest Renovate version (v43.x), which >> includes a fix for the seconds bug. >> I have also modified the cron schedule on which the two jobs (main and >> branch_9x) run. Earlier they ran simultaneously at midnight and every 4 >> hours. Obviously that may sometimes overwhelm maven with all the lookups. >> Now they run every 6 hours, with 3 hours skew, so 9x job starts midnight >> and the main-branch job start at 3am. Hopefully this will prevent the rate >> limiting. >> I'm also going to report a bug to the renovate project about maven's HTTP >> 403 should be treated as a temp problem. >> >> Jan >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > -- > http://www.needhamsoftware.com (work) > https://a.co/d/b2sZLD9 (my fantasy fiction book) > -- http://www.needhamsoftware.com (work) https://a.co/d/b2sZLD9 (my fantasy fiction book)
