Bump org.postgresql:postgresql from 42.7.1 to 42.7.2 in /artipie-main#7
Closed
dependabot[bot] wants to merge 189 commits into
Closed
Bump org.postgresql:postgresql from 42.7.1 to 42.7.2 in /artipie-main#7dependabot[bot] wants to merge 189 commits into
dependabot[bot] wants to merge 189 commits into
Conversation
Conda+minIO S3 upload tests
* feat: removed ppom usage * correct release settings
* feat: move asto
* feat: move asto * revert s3 update * fix: corrected docs
* fix: release version 17 * simplify composer AstoRepositoryAddJsonTest
* feat: move asto * revert s3 update * correct docker ubuntu release script * fix: correct release scripts and description
* deps: update vulnerable guava
* feat: move asto * revert s3 update * correct docker ubuntu release script * fix: removed unused servlet slice * correct npm test
* Conda adapter uploading tests with S3 storage * Fix possible crash due to NPE * Conda S3 tests data * Core review fixes * Cache test image, like in conan IT tests in artipie-main * added asto-s3 in test scope --------- Co-authored-by: Alena <olena.gerasimova@gmail.com>
* Rollback ServletSliceWrap
…edWriter.close() isn't propagated.
Helm tests fix
* Changes for cloudArtifact
* docker-perm: expose image name
fix for missing dependencies httpcore5/httpcore5-h2 (artipie#1447)
Disable some hexpm-adapter tests due to the issue
…ion tests and smoke tests
…acts Debian delete artifacts
…-format Debian invalid date format fix
pypi adapter - implementation of delete artifacts
ASTO S3 - added aws sts dependency
Auto1 Fork - Technical Feature Summary Database & Infrastructure PostgreSQL Migration Migrated metadata storage from file-based to PostgreSQL Added ARM64 architecture support for Docker images Storage Layouts Implemented configurable storage layouts for repositories Allows custom path structures for artifact organization S3 Express Support Added support for S3 Express One Zone storage class ~10x lower latency for single-AZ workloads Authentication & Authorization Bearer Token Authentication Enabled Bearer auth across all repository types Configurable log.level in settings Okta OIDC Integration Full Okta authentication with MFA support (TOTP + push) Domain-based routing for multi-tenant setups JWT token validation and refresh Keycloak Setup Complete Keycloak integration for OAuth/OIDC Environment variable substitution in configuration Repository Features Dynamic Repository Creation REST API for creating, updating, and deleting repositories at runtime No restart required for configuration changes Virtual Repository (Group) Aggregate multiple local and proxy repositories Single endpoint for unified artifact access Global Prefixes Configure path prefixes across repositories Supports migration scenarios Cooldown System (Supply Chain Security) Core Implementation Blocks package versions newer than configurable age (default: 72h) Prevents supply chain attacks via fresh package injection Per-Adapter Support NPM, Maven, PyPI, Docker, Go, Composer, Gradle Release date extraction from upstream metadata Metadata Filtering Filters blocked versions from package listings Binary search optimization for large version sets 3-tier cache (L1 in-memory, L2 Redis, L3 PostgreSQL) Negative Cache Caches "allowed" decisions to reduce upstream calls Token generation enhancement for cache keys Package Manager Adapters NPM Full CLI compatibility (install, publish, audit, search) Semver resolution fixes Request deduplication for high-concurrency scenarios Security audit and vulnerability checks for proxy PyPI PEP 503 (Simple Repository API) implementation Proxy optimizations Maven Basic auth and anonymous access fixes Checksum validation (MD5, SHA-1, SHA-256, SHA-512) Metadata and plugin artifact handling PHP Composer Complete Composer adapter implementation Satis support for private packages Go Modules Go module proxy implementation GOPROXY protocol support Gradle Gradle plugin repository support Performance tuning for parallel builds Docker Revamped Docker adapter Streaming optimization for large layers Multi-platform manifest support Import CLI (Rust) Rust Migration Migrated import CLI from Java to Rust for performance ~10x faster bulk imports Features Bulk artifact import from upstream registries Retry mechanism with exponential backoff S3 multipart upload optimization Performance Optimizations Reactive Streams Backpressure Proper backpressure handling for large file transfers Prevents memory exhaustion under load File Streaming Streaming downloads without full buffering Large file download fixes (>2GB) Connection reset handling S3 Storage Memory-optimized multipart uploads Parallel downloads with configurable chunk size Retry improvements for transient failures HikariCP Connection Pool Database connection pooling Configurable pool size and timeouts Cache Optimization Removed blocking calls during cache writes Enhanced cooldown filtering performance Version sorting optimizations Thread Pool Tuning Configurable worker thread pools Optimized for high-concurrency workloads HTTP Server HTTP/2 Support HTTP/2 over TLS (h2) HTTP/2 over cleartext (h2c) for AWS NLB HTTP/3 Support QUIC protocol support (experimental) Fixes for HTTP/3 edge cases Jetty 12.1.x Upgrade Upgraded to Jetty 12.1.x Improved connection handling Vert.x Connection Leak Fix Fixed resource leaks in HTTP client Proper connection cleanup on errors Observability Elastic APM Integration Distributed tracing for requests Transaction and span tracking Error capture and reporting Prometheus Metrics Request counts, latencies, cache hit rates Cooldown block counts JVM and system metrics ECS JSON Logging Structured logging for Elasticsearch/Kibana Configurable log levels Request correlation IDs Operations Directory Listing Performance Optimized large directory listings Pagination support Config Watcher Content-based change detection for hot reload Avoids unnecessary reloads on file touch Testcontainers Upgrade Updated integration test framework Improved test reliability
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.1 to 42.7.2. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.1...REL42.7.2) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-version: 42.7.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/maven/artipie-main/org.postgresql-postgresql-42.7.2
branch
aydasraf
added a commit
that referenced
this pull request
May 13, 2026
The PrefetchDispatcher/Coordinator chain fires N upstream GETs per cache write recursively (one per direct dep in a POM / packument). With per-host caps of 16 (maven) / 32 (npm) and no requests-per-second gate, a cold-cache walk amplifies outbound RPS ~5× above the foreground client's rate, tripping Maven Central's per-IP rate limiter (RCA in analysis/03-findings.md #1, #7). Removed across the stack: pantera-main/.../prefetch/ — Coordinate, PrefetchTask, PrefetchMetrics, PrefetchCircuitBreaker, PrefetchCoordinator, PrefetchDispatcher, parser/ subpackage (7 files: MavenPomParser, NpmCompositeParser, NpmPackumentParser, NpmPackageParser, NpmMetadataLookup, CachedNpmMetadataLookup, PrefetchParser). pantera-main/.../api/v1/PrefetchStatsHandler — the 24h sliding-window /api/v1/prefetch/stats endpoint that read PrefetchMetrics. AsyncApiVerticle no longer takes the metrics ref through its constructor chain. pantera-main/.../settings/runtime/PrefetchTuning + CircuitBreakerTuning — typed snapshots whose only consumers were the deleted PrefetchCoordinator and PrefetchCircuitBreaker. SettingsKey enum trimmed to the three http_client.* keys that still have live consumers. SettingsHandler validateRuntime falls through any prefetch.* key (no longer in catalog). RuntimeSettingsCache — Snapshot trimmed to {http, raw}; prefetchTuning() and circuitBreakerTuning() accessors removed. RepoConfig.prefetchEnabled + RepositorySlices.{prefetchEnabledFor, upstreamUrlOf, repoTypeOf, npmProxyStorages} — accessors whose only consumer was the dispatcher. VertxMain.installPrefetch — boot wiring (~190 LOC) deleted; the PrefetchCoordinator/Dispatcher shutdown blocks removed; field declarations replaced with an M2 comment. The CacheWriteCallbackRegistry.clear() call is kept so a future Phase 4c observed-coordinate prewarming hook can install a consumer without leaking it across restarts. NpmProxyAdapter — NpmCacheWriteBridge removed; the NpmProxy ctor now receives null for cacheWriteHook + packumentWriteHook. The hook surface on NpmProxy is retained for the same future-prewarming reason. DB: V128__drop_prefetch_settings_keys.sql — DELETE FROM settings WHERE key LIKE 'prefetch.%'. Removes any rows the v2.1.x SettingsBootstrap or admin PATCHes left behind so the /settings/runtime listing does not surface dangling keys with no consumer. UI: Deleted: PrefetchPanel.vue (+ test), api/prefetch.ts. RepoEditView no longer mounts PrefetchPanel; settings.prefetch read/write logic removed. SettingsView Pre-fetch card deleted; PREFETCH_KEYS / RUNTIME_INT_RANGES / RUNTIME_LABELS / RUNTIME_HELP slimmed to the three http_client.* keys. api/runtimeSettings.ts: RuntimeSettingKey union and SPEC_DEFAULTS trimmed; test rewritten to match. Upstream-failure circuit-breaker card's subtitle no longer references the deleted pre-fetch drop-rate breaker (the two were always distinct). Cache pipeline (preserved): BaseCachedProxySlice/ProxyCacheWriter retain the onCacheWrite hook surface backed by CacheWriteCallbackRegistry's NO_OP sentinel. Javadoc updated to call out the prefetch consumer's removal and reserve the slot for Phase 4c (2.3.0). Tests: RuntimeSettingsCacheTest, SettingsKeyTest, RepoConfigTest, SettingsHandlerRuntimeTest, RepositoryHandlerTest, BaseCachedProxySliceHookTest, ProxyCacheWriterHookTest — prefetch-specific assertions deleted; remaining assertions still cover the foreground behaviour they shipped to pin. pantera-main unit tests pass (22 in the impacted set); pantera-core hook tests pass (11). Scope per analysis/plan/v1/PLAN.md M2 + user's 2026-05-13 explicit greenfield authorization for v2.2.0 major-version cleanup.
aydasraf
added a commit
that referenced
this pull request
May 13, 2026
… gate Adds a structural fix for the dominant amplification source the v2.2.0 investigation identified (analysis/03-findings.md #3, #7, #9 + RCA-7): Pantera had no requests-per-second cap on its outbound traffic, so any adapter could push past the per-IP budget Cloudflare-fronted registries (Maven Central, npm public) enforce. The new module wraps every per-host Jetty client slice — for every adapter, for every caller_tag — with a token bucket plus a 429-and- Retry-After gate. The bucket caps steady-state RPS; the gate fail-fasts during the back-off window after upstream throttles us. New module: http-client/.../ratelimit/ RateLimitConfig - Per-host config: refill rate (tokens/sec) and burst capacity - Defaults: repo1.maven.org 20 req/s burst 40 — Cloudflare per-IP budget starts 429-ing ~25-30 req/s registry.npmjs.org 30 req/s burst 60 — npm's CDN tolerates more any other host 10 req/s burst 20 — conservative default - Builder lets the perf harness inject test configs without touching production defaults UpstreamRateLimiter (interface + Default impl) - Per-host Bucket state via ConcurrentHashMap + AtomicReference CAS. O(1) hot-path; no locks. - tryAcquire(host): consumes a token if the gate is open and the bucket has > 1.0 tokens. Returns false in either failure mode so the caller can fail-fast. - recordRateLimit(host, retryAfter): closes the gate for retryAfter (defaults to 30 s when retryAfter is zero — for 429s with no header). Concurrent close attempts keep the LATER deadline so a burst of 429s does not shrink the window. - recordResponse(host, status, retryAfter): 429 always gates; 503 only gates with Retry-After (503 without is treated as a transient server error, not a throttle signal). - gateOpenUntil(host) exposes the deadline so foreground responses can carry the right Retry-After through to the client. RetryAfter - Parses both RFC 7231 forms: delta-seconds and IMF-fixdate. - Malformed / blank / null → Duration.ZERO. - Past HTTP-date → Duration.ZERO (a deadline in the past is not a forward delay). RateLimitedClientSlice - Decorator that wraps any Slice (placed by JettyClientSlices around every per-host JettyClientSlice). Per outbound: 1. Inspect the gate. Closed → synthesise 429 + Retry-After pointing at the gate deadline, do NOT call the wrapped slice. 2. Otherwise tryAcquire. Empty bucket → synthesise 429 + Retry-After 1 s (the bucket refills continuously; the next attempt has a token within a fraction of a second). 3. Token acquired → delegate. On the response, check status — a 429 / 503-with-Retry-After closes the gate. - Synthesised 429s carry X-Pantera-Rate-Limited: true so future cluster-wide propagation and the cache slice can distinguish self-imposed from upstream-imposed. Wiring: JettyClientSlices.slice() now wraps every JettyClientSlice in the rate-limited decorator. Loopback hosts (localhost, 127.x.x.x, ::1) bypass the limiter — they are exclusively dev / test fixtures and the limiter would otherwise throttle the harness. A second constructor overload accepts an explicit UpstreamRateLimiter for tests / perf harness injection; production callers use the existing 4-arg ctor which constructs a JVM-default limiter from RateLimitConfig.defaults(). Metric: pantera_outbound_rate_limited_total{upstream_host, reason} reason ∈ {gate_closed, bucket_empty} Differs from pantera_proxy_429_total: this one fires when WE deny the outbound; the existing 429 counter fires when the upstream denies us. Operators want both — non-zero of either means somebody is throttling somebody. Alert: PanteraOutboundGateStuckClosed — warn after 10 min of sustained gate_closed events on a host. Means our gate's back-off window is not opening, i.e., the upstream is still 429-ing through our limit. Operator action: drop the per-host token rate. Foreground propagation: BaseCachedProxySlice already preserves 4xx verbatim (status + Retry-After) — verified in pantera-core line 1189-1193. The synthesised 429 flows through to mvn/npm unchanged so those tools honour their own back-off behaviour. Tests (14 unit, all green): UpstreamRateLimiterTest - acquiresBurstTokensWithoutWaiting — burst drain - refillsAtConfiguredRate — 10/s rate with TestClock stepping - gateBlocksDespiteAvailableTokens — gate trumps tokens - recordRateLimitUsesDefaultDurationWhenAbsent — zero → 30 s - hostsAreIndependent — gating maven does not affect npm - recordResponseOnlyGatesOn429 — 200/503-no-RA never gate RetryAfterTest - parses delta-seconds, parses HTTP-date, past date → 0, null/blank → 0, malformed → 0 RateLimitedClientSliceTest - gatedRequestNeverReachesWrappedSlice - upstream429ClosesTheGate (second call short-circuits) - emptyBucketSynthesises429WithOneSecondRetryAfter JettyClientSlicesTest - shouldProduce* now asserts RateLimitedClientSlice for non- loopback, JettyClientSlice for localhost — pins the new wrapping contract. Toxiproxy-mediated integration / perf-fixture test is M6's scope per analysis/plan/v1/PLAN.md (perf-gate CI workflow). The unit tests cover the core behaviour; the integration test will exercise it end-to-end against a rate-limited stub.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps org.postgresql:postgresql from 42.7.1 to 42.7.2.
Release notes
Sourced from org.postgresql:postgresql's releases.
Changelog
Sourced from org.postgresql:postgresql's changelog.
Commits
06abfb7Merge pull request from GHSA-24rp-q3w6-vc5693b0fcbMerge pull request from GHSA-24rp-q3w6-vc56a408946Revert "WIP speed up getDate (#3108)" (#3125)f5d6e3fWIP speed up getDate (#3108)4e6a501chore(deps): update release-drafter/release-drafter action to v60b90367chore(deps): update dependency gradle to v8.64075f70chore(deps): update oracle-actions/setup-java action to v1.3.38de5bebfix(deps): update junit5 monorepo to v5.10.26f741ddfix(deps): update dependency checkstyle to v10.13.007e0535fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.p...You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.