Skip to content

chore: use correct method for finding missing versions of java PURLs #1156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 18, 2025
Merged

chore: use correct method for finding missing versions of java PURLs #1156

merged 3 commits into from
Aug 18, 2025

Conversation

@benmss
Copy link
Member

@benmss benmss commented Aug 18, 2025

Summary

This PR fixes an issue with the Java Repo Finder caused by the remnants of a bad merge.

Description of changes

The Java Repo Finder was failing to find the repository of the PURL pkg:maven/io.vertx/vertx-auth-common, thereby causing the related integration test to fail. The trigger for this outcome was an issue with the deps.dev results for the latest version of the vertx-auth-common artefact, v5.0.3. However, the Java Repo Finder should not have been relying on this API call to report the correct repository. Previously, Java artefacts required a PURL to have a version as the method of repository finding involves a direct retrieval of the related POM. This was later changed so that deps.dev would be used in these cases to find the version before the POM retrieval occurred but it seems that this change may not have been correctly merged, as the Java Repo Finder contained two version checking blocks in quick succession, the first of which would prevent deps.dev being used only for finding the version (the second block), and instead leading to deps.dev being used as part of the fallback option, meaning version and repository finding. This went unnoticed as this behaviour typically produces the same results. It was only due to the error with the latest version of the above artefact that this caused a discrepancy.

This PR fixes the Java Repo Finder to correctly seek missing versions. It also changes the related integration test: disabling the fallback option so that the correct behaviour is confirmed by the test passing.

benmss added 2 commits August 18, 2025 12:35
@benmss
fix: use correct method for finding missing versions of java PURLs
6d2a1f0 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss
chore: update test with explanation
4ce2298 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss benmss self-assigned this Aug 18, 2025
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Aug 18, 2025
@benmss
chore: update test result
6e87f23 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@behnazh-w behnazh-w changed the title fix: use correct method for finding missing versions of java PURLs chore: use correct method for finding missing versions of java PURLs Aug 18, 2025
@benmss benmss marked this pull request as ready for review August 18, 2025 04:58
@benmss benmss merged commit d2f3e39 into main Aug 18, 2025
11 checks passed
@benmss benmss deleted the benmss/fix-java-repo-finder-no-version branch August 18, 2025 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@behnazh-w behnazh-w behnazh-w approved these changes

+1 more reviewer

@tromai tromai tromai approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@benmss benmss

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benmss @behnazh-w @tromai