[YARN2] ort analyze fails with StackoverflowError #11298
Description
Describe the bug
Running ort analyze -i $PROJECTDIR -o $ORTOUTPUT fails with StackoverflowError in the resolve dependencies step.
We use a narrowed down setup of https://backstage.io/.
I already tried increasing the Thread Stack Size using -Xss512M (default is 1024K). The run took longer but still failed in the end.
To Reproduce
Steps to reproduce the behavior:
- Get the default backstage workspace
- install yarn packages
- run ort analyze..
- See error / cry
Expected behavior
ort to finish successfully
Console / log output
Add console and / or log output that shows the error and additional context.
No screenshots of plain text please, to keep text searchable.
root@4a4bd179790b:~/backstage# ort analyze -i $PROJECTDIR -o $ORTOUTPUT
Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.
______________________________
/ \_______ \__ ___/ The OSS Review Toolkit, version 75.0.0,
| | | | _/ | | built with JDK 21.0.9+10-LTS, running under Java 21.0.9.
| | | | | \ | | Executing 'analyze' as 'root' on Linux
\________/ |____|___/ |____| with 14 CPUs and a maximum of 6000 MiB of memory.
Environment variables:
HOME = /root
SHELL = /bin/bash
TERM = xterm-256color
JAVA_HOME = /root/.sdkman/candidates/java/current
Looking for ORT configuration in the following file:
/root/.ort/config/config.yml (does not exist)
Looking for analyzer-specific configuration in the following files and directories:
/root/backstage/.ort.yml (does not exist)
/root/.ort/config/resolutions.yml (does not exist)
The following 27 package manager(s) are enabled:
Bazel, Bower, Bundler, Cargo, Carthage, CocoaPods, Composer, Conan, Gleam, GoMod, Gradle Inspector, Maven, NPM, NuGet, PIP, Pipenv, PNPM, Poetry, Pub, SBT, SpdxDocumentFile, Stack, Swift Package Manager, Tycho, Unmanaged, Yarn, Yarn 2+
The following 3 package curation provider(s) are enabled:
DefaultDir, DefaultFile, Spring
Analyzing project path:
/root/backstage
Found 1 Yarn2 definition file(s) at:
package.json
Found in total 1 definition file(s) from the following 1 package manager(s):
Yarn2
09:44:48.517 [DefaultDispatcher-worker-1] ERROR org.ossreviewtoolkit.analyzer.PackageManager - Yarn 2+ failed to resolve dependencies for path 'package.json': StackOverflowError: null
Wrote analyzer result to '/root/ort/analyzer-result.yml' (0.32 MiB) in 231.192750ms.
The analysis took 2m 24.316916887s.
Found 1 project(s) and 0 package(s) in total (not counting excluded ones).
Applied 0 curation(s) from 0 of 3 provider(s).
Resolved issues: 0 errors, 0 warnings, 0 hints.
Unresolved issues: 1 error, 0 warnings, 0 hints.
There is 1 unresolved issue with a severity equal to or greater than the WARNING threshold.Environment
Output of the ort requirements command (ensure to remove any sensitive information manually):
root@4a4bd179790b:~/backstage# ort requirements
Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.
______________________________
/ \_______ \__ ___/ The OSS Review Toolkit, version 75.0.0,
| | | | _/ | | built with JDK 21.0.9+10-LTS, running under Java 21.0.9.
| | | | | \ | | Executing 'requirements' as 'root' on Linux
\________/ |____|___/ |____| with 14 CPUs and a maximum of 6000 MiB of memory.
Environment variables:
HOME = /root
SHELL = /bin/bash
TERM = xterm-256color
JAVA_HOME = /root/.sdkman/candidates/java/current
Looking for ORT configuration in the following file:
/root/.ort/config/config.yml (does not exist)
Scanners:
- Askalono: Requires 'askalono' in no specific version. Tool not found.
- Licensee: Requires 'licensee' in no specific version. Tool not found.
- ScanCode: Requires 'scancode' in version >=30.0.0. Tool not found.
PackageManagers:
- Bazel: Requires 'bazel' in version >=7.0.0. Tool not found.
- Bower: Requires 'bower' in version >=1.8.8. Tool not found.
- Buildozer: Requires 'buildozer' in no specific version. Tool not found.
- Cargo: Requires 'cargo' in no specific version. Tool not found.
- CocoaPods: Requires 'pod' in version >=1.11.0. Tool not found.
- Composer: Requires 'composer' in version >=1.5.0. Tool not found.
- Conan: Requires 'conan' in version >=1.44.0 and <3.0.0. Tool not found.
- Gleam: Requires 'gleam' in no specific version. Tool not found.
- Go: Requires 'go' in version >=1.21.1. Tool not found.
* Npm: Requires 'npm' in version >=6.0.0 and <12.0.0. Found version 11.6.2.
- NuGetInspector: Requires 'nuget-inspector' in no specific version. Tool not found.
- Pipenv: Requires 'pipenv' in version >=2018.10.9. Tool not found.
+ Pnpm: Requires 'pnpm' in version >=5.0.0 and <11.0.0. Could not determine the version.
- Poetry: Requires 'poetry' in no specific version. Tool not found.
- Pub: Requires 'dart' in version >=2.10.0. Tool not found.
- PythonInspector: Requires 'python-inspector' in version >=0.9.2. Tool not found.
- Sbt: Requires 'sbt' in version >=1.3.3. Tool not found.
- Stack: Requires 'stack' in version >=2.1.1. Tool not found.
- Swift: Requires 'swift' in no specific version. Tool not found.
+ Yarn: Requires 'yarn' in version >=1.3.0 and <1.23.0. Found version 4.4.1.
VersionControlSystems:
- Git: Requires 'git' in version >=2.29.0. Tool not found.
- GitRepo: Requires 'repo' in no specific version. Tool not found.
- Mercurial: Requires 'hg' in no specific version. Tool not found.
Prefix legend:
- The tool was not found in the PATH environment.
+ The tool was found in the PATH environment, but not in the required version.
* The tool was found in the PATH environment in the required version.
Not all tools requirements were satisfied:
! Some tools were not found in their required versions.
! For some tools the version could not be determined.
! Some tools were not found at all.
Or manually specify:
- ORT version: 75.0.0
- Java version: 21
- OS: Linux
And specify (relevant parts of) your ORT configuration (config.yml):
none / default
Additional context
To ease up debugging / reproduction, I attached the project with just enough files kept.