-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RetireJS checks frequently fail due to corrupt jsrepository.json file #2642
Comments
The log file would be the gradle build log file - so adding |
I am experiencing the same issue starting today. As suggested, I even removed the entire ~/.m2/repository/org/owasp/dependency-check-utils/5.3.2/ directory to try to fix the corrupted jsrepository.json file, but I get the same error for every build:
|
Indeed, I just saw the very same issue happening here. Started googling it and found this Github issue. For us it happened in our Jenkins server, which has multiple executors that can execute builds. I think a few builds were running in parallel and indeed one build was writing the file, while another was probably reading it in-the-middle-of-a-write. Probably some locking is required while reading/writing the related json file? It should be impossible to read a partially written JSON file. |
@brettcooper sorry for the late reply - your error has nothing to do with the H2 lock file - the error you are seeing is related to NodeJS and the fact that there is no package.lock file. @henrykuijpers can't believe I did not put a lock file on the json repository. That is a very quick update and I'll have that implemented shortly. |
@brettcooper sorry - I meant |
Thank you so much @jeremylong ! Looking forward to seeing the fix. :) |
Describe the bug
I frequently get this stack trace failing the dependency check:
I delete the file manually and that does make the next check pass, but then randomly it corrupts itself again in the future.
Version of dependency-check used
The problem occurs using version 5.3.2.1 of the Gradle plugin.
Log file
I'm unable to find any logs other than the stack trace I get in the build itself.
To Reproduce
To determine.
It happens frequently in our multi-project build, but not at all in one of my simpler single-project builds, so I'm thinking it might require a multi-project build to reproduce it, but haven't determined anything specific yet, and our own build is private so I can't just post it. :(
When I see the build running, I notice that the checks are running on multiple subprojects at the same time. This could be a hint - maybe one of them reads the file while another one is actively writing data into it?
Expected behavior
Any updates to any file should be done atomically so that it isn't possible for someone to find the file in a half-initialised state.
If the file is corrupt, it should be deleted and then treated as if it didn't exist.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: