v1.46.0 failing on ERROR key not found: "password"

Question

v1.46.0 failing on ERROR key not found: "password"

sblatnick opened this issue a year ago · 5 comments

Log based on v1.46.1 which is also failing but for an additional reason I'll report shortly.

12:24:04  updater | 2024/01/09 19:17:15 INFO Checking if javax.servlet:javax.servlet-api 4.0.1 needs updating
12:24:04    proxy | 2024/01/09 19:17:15 [003] POST http://host.docker.internal:8088/update_jobs/cli/record_update_job_error
12:24:04  {"data":{"error-type":"unknown_error","error-details":null},"type":"record_update_job_error"}
12:24:04    proxy | 2024/01/09 19:17:15 [003] 200 http://host.docker.internal:8088/update_jobs/cli/record_update_job_error
12:24:04  updater | 2024/01/09 19:17:15 ERROR Error processing javax.servlet:javax.servlet-api (KeyError)
12:24:04  updater | 2024/01/09 19:17:15 ERROR key not found: "password"
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/utils/auth_headers_finder.rb:24:in `fetch'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/utils/auth_headers_finder.rb:24:in `auth_headers'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker/version_finder.rb:291:in `auth_headers'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker/version_finder.rb:224:in `block in credentials_repository_details'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker/version_finder.rb:221:in `map'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker/version_finder.rb:221:in `credentials_repository_details'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker/version_finder.rb:193:in `repositories'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker/version_finder.rb:59:in `versions'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker/version_finder.rb:33:in `latest_version_details'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker.rb:107:in `latest_version_details'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/maven/lib/dependabot/maven/update_checker.rb:16:in `latest_version'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:177:in `all_versions_ignored?'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:80:in `check_and_create_pull_request'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:60:in `check_and_create_pr_with_error_handling'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:35:in `block in perform'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:35:in `each'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:35:in `perform'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:64:in `run'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:43:in `perform_job'
12:24:04  updater | 2024/01/09 19:17:15 ERROR /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:53:in `run'
12:24:04  updater | 2024/01/09 19:17:15 ERROR bin/update_files.rb:24:in `<main>'

Answer 1 · 2024-01-10T18:02:35.000Z

Tried v1.44.1 and the error disappears.

Answer 2 · 2024-01-19T14:02:39.000Z

👋 @sblatnick Can you share the job definition you're using when you encounter this error?

Answer 3 · 2024-01-19T15:31:29.000Z

job:
    package-manager: maven
    allowed-updates:
      - update-type: all
    source:
        provider: github
        repo: local/scan
        directory: /
credentials:
  - type: maven_repository
    url: https://nexus.redacted.org/repository
    username: redacted
    password: redacted

Command used:

/opt/dependabot update -f job.yaml --local ./ -o dependabot-results.yaml

I also think this might have happened without a job.yaml:

/opt/dependabot update maven local/scan --local ./ -o dependabot-results.yaml

Answer 4 · 2024-01-19T15:39:45.000Z

I may have fixed it with #242, can you try with v1.47.0?

My suspicion is that username is getting into the Updater and triggering code that should only be running with dependabot-script users.

Answer 5 · 2024-01-19T16:19:02.000Z

Tested and it appears to be fixed along with #230. Thanks!