GithubMetaAnalyzer throws exception "No commit found for SHA: 3.1.0" #4945
Description
Current Behavior
An exception is raised in the logs:
2025-05-12 00:00:00 ERROR [GithubMetaAnalyzer] Request failure
org.kohsuke.github.HttpException: {"message":"No commit found for SHA: 3.1.0","documentation_url":"https://docs.github.com/rest/commits/commits#get-a-commit","status":"422"}
at org.kohsuke.github.GitHubConnectorResponseErrorHandler$1.onError(GitHubConnectorResponseErrorHandler.java:72)
at org.kohsuke.github.GitHubClient.detectKnownErrors(GitHubClient.java:504)
at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:464)
at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:427)
at org.kohsuke.github.Requester.fetch(Requester.java:85)
at org.kohsuke.github.GHRepository.getCommit(GHRepository.java:2093)
at org.dependencytrack.tasks.repositories.GithubMetaAnalyzer.analyze(GithubMetaAnalyzer.java:152)
at org.dependencytrack.tasks.repositories.RepositoryMetaAnalyzerTask.analyze(RepositoryMetaAnalyzerTask.java:193)
at org.dependencytrack.tasks.repositories.RepositoryMetaAnalyzerTask.lambda$analyze$0(RepositoryMetaAnalyzerTask.java:137)
at io.github.resilience4j.retry.Retry.lambda$decorateCallable$5(Retry.java:237)
at io.github.resilience4j.retry.Retry.executeCallable(Retry.java:373)
at org.dependencytrack.util.CacheStampedeBlocker.readThroughOrPopulateCache(CacheStampedeBlocker.java:201)
at org.dependencytrack.tasks.repositories.RepositoryMetaAnalyzerTask.analyze(RepositoryMetaAnalyzerTask.java:142)
at org.dependencytrack.tasks.repositories.RepositoryMetaAnalyzerTask.inform(RepositoryMetaAnalyzerTask.java:113)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
This is apparently for the component:
pkg:github/google/[email protected]
Steps to Reproduce
- Recommended: enable verbose apiserver logs.
- Should be reproductible by creating a component:
- Component name:
gtm-session-fetcher - Version:
3.1.0 - Package URL (PURL):
pkg:github/google/[email protected] - Classifier:
Library
- Wait for the GithubMetaAnalyzer task to be run.
- The exception should be visible in the logs.
Expected Behavior
No exception in logs for GithubMetaAnalyzer task.
Dependency-Track Version
4.13.2
Dependency-Track Distribution
Container Image
Database Server
Microsoft SQL Server
Database Server Version
No response
Browser
Microsoft Edge
Checklist
- I have read and understand the contributing guidelines
- I have checked the existing issues for whether this defect was already reported