Revert update to 0.288.0 and ignore future updates (#1492)

Reverts #1488 and #1482 then disable updates for `dependabot-omnibus` because we are no longer investing as much in it.

Fixes: #1489

.github/dependabot.yml

@@ -30,6 +30,8 @@ updates:
         exclude-patterns: ['rubocop-rspec']
       sentry:
         patterns: ['sentry-*']
+    ignore:
+      - dependency-name: 'dependabot-omnibus'
 
   - package-ecosystem: 'docker'
     directories: ['**/*']

updater/Gemfile

@@ -8,7 +8,7 @@ source "https://rubygems.org"
 # They are so many, our reference won't be found for it to be updated.
 # Hence adding the branch.
 
-gem "dependabot-omnibus", "~>0.288.0"
+gem "dependabot-omnibus", "~>0.285.0"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", branch: "main"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", tag: "v0.232.0"
 # gem "dependabot-omnibus", github: "dependabot/dependabot-core", ref: "ffde6f6"

updater/Gemfile.lock

@@ -5,11 +5,11 @@ GEM
       public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1013.0)
-    aws-sdk-codecommit (1.80.0)
+    aws-partitions (1.1003.0)
+    aws-sdk-codecommit (1.79.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-core (3.213.0)
+    aws-sdk-core (3.212.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
@@ -22,7 +22,7 @@ GEM
     base64 (0.2.0)
     bigdecimal (3.1.8)
     citrus (3.0.2)
-    commonmarker (0.23.11)
+    commonmarker (0.23.10)
     concurrent-ruby (1.3.4)
     crack (1.0.0)
       bigdecimal
@@ -31,12 +31,12 @@ GEM
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
-    dependabot-bundler (0.288.0)
-      dependabot-common (= 0.288.0)
+    dependabot-bundler (0.285.0)
+      dependabot-common (= 0.285.0)
       parallel (~> 1.24)
-    dependabot-cargo (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-common (0.288.0)
+    dependabot-cargo (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-common (0.285.0)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
@@ -56,64 +56,64 @@ GEM
       sorbet-runtime (~> 0.5.11577)
       stackprof (~> 0.2.16)
       toml-rb (>= 1.1.2, < 4.0)
-    dependabot-composer (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-devcontainers (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-docker (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-dotnet_sdk (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-elm (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-git_submodules (0.288.0)
-      dependabot-common (= 0.288.0)
+    dependabot-composer (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-devcontainers (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-docker (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-dotnet_sdk (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-elm (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-git_submodules (0.285.0)
+      dependabot-common (= 0.285.0)
       parseconfig (~> 1.0, < 1.1.0)
-    dependabot-github_actions (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-go_modules (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-gradle (0.288.0)
-      dependabot-common (= 0.288.0)
-      dependabot-maven (= 0.288.0)
-    dependabot-hex (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-maven (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-npm_and_yarn (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-nuget (0.288.0)
-      dependabot-common (= 0.288.0)
+    dependabot-github_actions (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-go_modules (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-gradle (0.285.0)
+      dependabot-common (= 0.285.0)
+      dependabot-maven (= 0.285.0)
+    dependabot-hex (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-maven (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-npm_and_yarn (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-nuget (0.285.0)
+      dependabot-common (= 0.285.0)
       rubyzip (>= 2.3.2, < 3.0)
-    dependabot-omnibus (0.288.0)
-      dependabot-bundler (= 0.288.0)
-      dependabot-cargo (= 0.288.0)
-      dependabot-common (= 0.288.0)
-      dependabot-composer (= 0.288.0)
-      dependabot-devcontainers (= 0.288.0)
-      dependabot-docker (= 0.288.0)
-      dependabot-dotnet_sdk (= 0.288.0)
-      dependabot-elm (= 0.288.0)
-      dependabot-git_submodules (= 0.288.0)
-      dependabot-github_actions (= 0.288.0)
-      dependabot-go_modules (= 0.288.0)
-      dependabot-gradle (= 0.288.0)
-      dependabot-hex (= 0.288.0)
-      dependabot-maven (= 0.288.0)
-      dependabot-npm_and_yarn (= 0.288.0)
-      dependabot-nuget (= 0.288.0)
-      dependabot-pub (= 0.288.0)
-      dependabot-python (= 0.288.0)
-      dependabot-swift (= 0.288.0)
-      dependabot-terraform (= 0.288.0)
-    dependabot-pub (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-python (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-swift (0.288.0)
-      dependabot-common (= 0.288.0)
-    dependabot-terraform (0.288.0)
-      dependabot-common (= 0.288.0)
+    dependabot-omnibus (0.285.0)
+      dependabot-bundler (= 0.285.0)
+      dependabot-cargo (= 0.285.0)
+      dependabot-common (= 0.285.0)
+      dependabot-composer (= 0.285.0)
+      dependabot-devcontainers (= 0.285.0)
+      dependabot-docker (= 0.285.0)
+      dependabot-dotnet_sdk (= 0.285.0)
+      dependabot-elm (= 0.285.0)
+      dependabot-git_submodules (= 0.285.0)
+      dependabot-github_actions (= 0.285.0)
+      dependabot-go_modules (= 0.285.0)
+      dependabot-gradle (= 0.285.0)
+      dependabot-hex (= 0.285.0)
+      dependabot-maven (= 0.285.0)
+      dependabot-npm_and_yarn (= 0.285.0)
+      dependabot-nuget (= 0.285.0)
+      dependabot-pub (= 0.285.0)
+      dependabot-python (= 0.285.0)
+      dependabot-swift (= 0.285.0)
+      dependabot-terraform (= 0.285.0)
+    dependabot-pub (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-python (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-swift (0.285.0)
+      dependabot-common (= 0.285.0)
+    dependabot-terraform (0.285.0)
+      dependabot-common (= 0.285.0)
     diff-lcs (1.5.1)
     docile (1.4.1)
     docker_registry2 (1.18.2)
@@ -198,7 +198,7 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2024.1105)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.8)
+    mini_portile2 (2.8.7)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     netrc (0.11.0)
@@ -358,7 +358,7 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    sorbet-runtime (0.5.11663)
+    sorbet-runtime (0.5.11645)
     stackprof (0.2.26)
     stringio (3.1.2)
     terminal-table (3.0.2)
@@ -397,7 +397,7 @@ PLATFORMS
 
 DEPENDENCIES
   debug (~> 1.9.2)
-  dependabot-omnibus (~> 0.288.0)
+  dependabot-omnibus (~> 0.285.0)
   flamegraph (~> 0.9.5)
   gpgme (~> 2.0)
   http (~> 5.2)

updater/lib/dependabot/api_client.rb

@@ -21,8 +21,6 @@ class ApiError < StandardError; end
   class ApiClient
     extend T::Sig
 
-    MAX_REQUEST_RETRIES = 3
-
     sig { params(base_url: String, job_id: T.any(String, Integer), job_token: String).void }
     def initialize(base_url, job_id, job_token)
       @base_url = base_url
@@ -45,7 +43,7 @@ def create_pull_request(dependency_change, base_commit_sha)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -74,7 +72,7 @@ def update_pull_request(dependency_change, base_commit_sha)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -94,7 +92,7 @@ def close_pull_request(dependency_names, reason)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -121,7 +119,7 @@ def record_update_job_error(error_type:, error_details:)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -156,7 +154,7 @@ def record_update_job_warning(warn_type:, warn_title:, warn_description:)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -182,7 +180,7 @@ def record_update_job_unknown_error(error_type:, error_details:)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -202,7 +200,7 @@ def mark_job_as_processed(base_commit_sha)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -226,7 +224,7 @@ def update_dependency_list(dependencies, dependency_files)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -245,7 +243,7 @@ def record_ecosystem_versions(ecosystem_versions)
       rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError
         retry_count ||= 0
         retry_count += 1
-        raise if retry_count > MAX_REQUEST_RETRIES
+        raise if retry_count > 3
 
         sleep(rand(3.0..10.0))
         retry
@@ -276,86 +274,8 @@ def increment_metric(metric, tags:)
       end
     end
 
-    sig { params(ecosystem: T.nilable(Ecosystem)).void }
-    def record_ecosystem_meta(ecosystem)
-      return unless Dependabot::Experiments.enabled?(:enable_record_ecosystem_meta)
-
-      return if ecosystem.nil?
-
-      begin
-        ::Dependabot::OpenTelemetry.tracer.in_span("record_ecosystem_meta", kind: :internal) do |_span|
-          api_url = "#{base_url}/update_jobs/#{job_id}/record_ecosystem_meta"
-
-          body = {
-            data: [
-              {
-                ecosystem: {
-                  name: ecosystem.name,
-                  package_manager: version_manager_json(ecosystem.package_manager),
-                  language: version_manager_json(ecosystem.language)
-                }
-              }
-            ]
-          }
-
-          retry_count = 0
-
-          begin
-            response = http_client.post(api_url, json: body)
-            raise ApiError, response.body if response.code >= 400
-          rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError, ApiError => e
-            retry_count += 1
-            if retry_count <= MAX_REQUEST_RETRIES
-              sleep(rand(3.0..10.0))
-              retry
-            else
-              Dependabot.logger.error(
-                "Failed to record ecosystem meta after #{MAX_REQUEST_RETRIES} retries: #{e.message}"
-              )
-            end
-          end
-        end
-      rescue StandardError => e
-        Dependabot.logger.error("Failed to record ecosystem meta: #{e.message}")
-      end
-    end
-
     private
 
-    # Update return type to allow returning a Hash or nil
-    sig do
-      params(version_manager: T.nilable(Dependabot::Ecosystem::VersionManager))
-        .returns(T.nilable(T::Hash[String, T.untyped]))
-    end
-    def version_manager_json(version_manager)
-      return nil unless version_manager
-
-      {
-        name: version_manager.name,
-        raw_version: version_manager.version.to_semver.to_s,
-        version: version_manager.version.to_s,
-        requirement: version_manager_requirement_json(version_manager)
-      }
-    end
-
-    # Update return type to allow returning a Hash or nil
-    sig do
-      params(version_manager: Dependabot::Ecosystem::VersionManager)
-        .returns(T.nilable(T::Hash[String, T.untyped]))
-    end
-    def version_manager_requirement_json(version_manager)
-      requirement = version_manager.requirement
-      return nil unless requirement
-
-      {
-        raw_constraint: requirement.constraints.join(", "),
-        min_raw_version: requirement.min_version&.to_semver.to_s,
-        min_version: requirement.min_version&.to_s,
-        max_raw_version: requirement.max_version&.to_semver.to_s,
-        max_version: requirement.max_version&.to_s
-      }
-    end
-
     sig { returns(String) }
     attr_reader :base_url
 

updater/lib/dependabot/service.rb

@@ -38,8 +38,7 @@ def initialize(client:)
     def_delegators :client,
                    :mark_job_as_processed,
                    :record_ecosystem_versions,
-                   :increment_metric,
-                   :record_ecosystem_meta
+                   :increment_metric
 
     sig { void }
     def wait_for_calls_to_finish