Yea, not sure sonatype does this on purpose, may be some corner case proxy behavior? Claude thought it might be rate limit. So ideally sonatype fix but renovate could adapt to real life too. My discussion entry: https://github.com/renovatebot/renovate/discussions/43213
Jan > 10. mai 2026 kl. 18:09 skrev Gus Heck <[email protected]>: > > This sounds like a bug where Maven Central returns the wrong response code. > Dependabot is probably doing the right thing. 403 is usually for when the > user is known to the server but is found to have insufficient > authorization. Insufficient authoriation would not be a transient problem. > 429 (Too many requests) should be used for rate limiting. > https://datatracker.ietf.org/doc/html/rfc6585 > > In theory, Sonatype should fix their software... (and others like > artifactory, or internal proxies within orgs might be getting it right?) > > On Sat, May 9, 2026 at 8:39 PM Jan Høydahl <[email protected]> wrote: > >> Hi all, >> >> You may have noticed the flood of automated emails from solrbot to issues@ >> yesterday about many branch_9x Renovate PRs being flagged as "abandoned". >> Then some hours later, on the next solrbot run, they were flipped back. >> >> Turns out this is due to a bug in the version of Renovate we were running >> (v41.82.10): >> >> Maven Central returned HTTP 403 errors (likely rate-limiting) during a >> scheduled run. Renovate mistakenly treated this as "no updates available" >> rather than a transient registry error, causing existing open PRs to be >> incorrectly classified >> as abandoned. >> >> A separate bug caused Renovate's "is this branch modified by a human?" >> check to fail so that the PR was not actually closed. >> >> What I've done: >> >> I have upgraded solrbot to the latest Renovate version (v43.x), which >> includes a fix for the seconds bug. >> I have also modified the cron schedule on which the two jobs (main and >> branch_9x) run. Earlier they ran simultaneously at midnight and every 4 >> hours. Obviously that may sometimes overwhelm maven with all the lookups. >> Now they run every 6 hours, with 3 hours skew, so 9x job starts midnight >> and the main-branch job start at 3am. Hopefully this will prevent the rate >> limiting. >> I'm also going to report a bug to the renovate project about maven's HTTP >> 403 should be treated as a temp problem. >> >> Jan >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > -- > http://www.needhamsoftware.com (work) > https://a.co/d/b2sZLD9 (my fantasy fiction book) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
