rzo1 commented on PR #1038: URL: https://github.com/apache/opennlp/pull/1038#issuecomment-4423483746
> @rzo1 I wonder why dependabot action did not run dep update checks for the `main` branch, at all. Any clue? You can look in the GH action workflow for [dependabot which has in its logs]( https://github.com/apache/opennlp/actions/runs/25650407115/job/75287426380): ```bash proxy | 2026/05/11 04:32:51 [214] GET [https://repo.maven.apache.org:443/maven2/org/slf4j/slf4j-api/maven-metadata.xml](https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/maven-metadata.xml) proxy | 2026/05/11 04:32:51 [214] 403 [https://repo.maven.apache.org:443/maven2/org/slf4j/slf4j-api/maven-metadata.xml](https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/maven-metadata.xml) proxy | 2026/05/11 04:32:51 [214] Remote response: This IP has been blocked for excessive or automated consumption of Maven Central in violation of the Terms of Service (https://central.sonatype.org/terms.html). Scraping, catalog enumeration, and systematic mirroring are prohibited. Evasion attempts — including IP rotation, user-agent spoofing, or proxy circumvention — will result in escalated enforcement. Contact [email protected] to discuss compliant access. ``` The opennlp-2.x jobs that did succeed clearly came out of a different proxy egress (or ran before the block tripped). It's a per-IP block on Sonatype's side and Dependabot's proxy pool is shared/rotating. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
