[WARNING] Unable to save property 'retirejs.checked' with a value of '1705521321' to the database

[danshome]

Describe the bug After upgrading to 9.0.9 we are getting the following warning...

[WARNING] Unable to save property 'retirejs.checked' with a value of '1705521321' to the database

Version of dependency-check used The problem occurs using version 9.0.9 of the maven plugin.

Log file ... [INFO] Finished NVD CVE Analyzer (0 seconds) [WARNING] Unable to save property 'retirejs.checked' with a value of '1705521321' to the database Unable to save property 'retirejs.checked' with a value of '1705521321' to the database

[INFO] Finished RetireJS Analyzer (0 seconds) ...

To Reproduce

 <configuration>
            <!--suppress UnresolvedMavenProperty -->
            <nvdApiKey>mykey</nvdApiKey>
            <dataDirectory>${ossindex.datadirectory}</dataDirectory>
            <ossIndexServerId>ossindex</ossIndexServerId>
            <ossindexAnalyzerUseCache>true</ossindexAnalyzerUseCache>
            <ossindexAnalyzerEnabled>true</ossindexAnalyzerEnabled>
            <nexusAnalyzerEnabled>false</nexusAnalyzerEnabled>
            <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
            <format>ALL</format>
            <skipRuntimeScope>false</skipRuntimeScope>
            <skipProvidedScope>true</skipProvidedScope>
            <failBuildOnCVSS>7</failBuildOnCVSS>
            <autoUpdate>true</autoUpdate>
            <retireJsForceUpdate>true</retireJsForceUpdate>
            <nodeAuditSkipDevDependencies>true</nodeAuditSkipDevDependencies>
            <nodePackageSkipDevDependencies>true</nodePackageSkipDevDependencies>
            <suppressionFiles>
              <!--suppress UnresolvedMavenProperty -->
              <suppressionFile>${superpom.basedir}/project-suppression.xml</suppressionFile>
            </suppressionFiles>
          </configuration>

Expected behavior We aren't expecting any warnings.

Additional context N/A

[amandel]

We are experiencing the same issue. For me, the reason is that the modified date is now stored in the central database, where the database user utilized for the scan intentionally lacks permission to write.

This also disrupts the update handling of the retire.js and the hosted suppression file. Although the file is stored somewhere on the local filesystem, the update timestamp is kept in the central and shared database. This change was introduced in #6260.

[danshome]

We've also been experiencing this exception at random and haven't had a build pass since updating to 9.0.9 with retireJS enabled. What's interesting is that if you look at the filesystem, the jsrepository.json in the ossindex folder has the exact same timestamp as the time the last exception was thrown. We use parallel builds, so I wonder if it might be a thread contention issue, because I will often see this exception thrown twice simultaneously in two separate modules.

22:57:20 [ERROR] Failed to initialize the RetireJS repo 22:57:20 org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo 22:57:20 at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo (RetireJSDataSource.java:152) 22:57:20 at org.owasp.dependencycheck.data.update.RetireJSDataSource.update (RetireJSDataSource.java:95) 22:57:20 at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:906) 22:57:20 at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:711) 22:57:20 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:637) 22:57:20 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1943) 22:57:20 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1126) 22:57:20 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126) 22:57:20 at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328) 22:57:20 at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316) 22:57:20 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212) 22:57:20 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174) 22:57:20 at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75) 22:57:20 at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162) 22:57:20 at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39) 22:57:20 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159) 22:57:20 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105) 22:57:20 at org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder$1.call (MultiThreadedBuilder.java:193) 22:57:20 at org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder$1.call (MultiThreadedBuilder.java:180) 22:57:20 at java.util.concurrent.FutureTask.run (FutureTask.java:317) 22:57:20 at java.util.concurrent.Executors$RunnableAdapter.call (Executors.java:572) 22:57:20 at java.util.concurrent.FutureTask.run (FutureTask.java:317) 22:57:20 at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144) 22:57:20 at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642) 22:57:20 at java.lang.Thread.run (Thread.java:1583) 22:57:20 Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to '/tmp/ossindexdb/jsrepository.json'; Error downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.