In my company we use Nexus as a package manager for private nuget packages. Recently we introduced Github Dependabot integration for scanning & updating the packages.
For some unknown reason, packages listed in the Nexus repos cannot be updated. In the logs I found information that dependabot can’t find newer version, even if it exists in the Nexus repository.
Without that, a search for q=foo could easily turn up all sorts of other packages that happen to have ‘foo’ in the name (or possibly even other attributes, like the description).
Having said that, I would expect that you should at least get all the versions of Company.3rdParty.XYZ in your results.
Out of curiosity, could you try the id: version of the query, does that produce what you expect?
But regardless, it would be helpful to know your context. What version of Repository is this, and what database are you running against? (OrientDB, PostgreSQL, or H2?) Is this an HA cluster? There are slightly different search implementations involved.
Hello @mprescott and thank you for taking a look on the issue.
I tried to reproduce the problem and i was not able to do so. However, i have a repro of a very similar problem - returning invalid version for the package.
I get the following response, with information that the latest version of the package is 4.23.0 - which is out of dated for a very long time. The library is available at 9.14.0 stable and 9.15 beta.
Why 4.23.0 is presented in the query endpoint? We also noticed that the value changes from time to time when we rebuild the repository index.
When it comes to our repository, we use OSS 3.47.1-01 with OrientDb running on Windows Server 2012 R2
EDIT:
after rebuilding index for 6th or 7th time from two different accounts we were able to get the latest version returned from the endpoint, so it looks like a caching problem.