fix: remove redundant calls from PreFetch

[michaelkedar]

In every DependencyClient we have, MatchingVersions() is just a call to Versions() plus semver matching, which is computationally expensive. It also was being called on every edge of the pre-fetched graphs.

Removed it to reduce CPU usage and hopefully improve performance with Maven resolution / Guided Remediation.

I've also skipped fetching things with MavenDependencyOrigin set (e.g. dependencyManagement dependencies) since there's potentially hundreds of them.

[cuixq]

Thanks Michael! Do you know how much this could improve the performance?

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.25%. Comparing base (3653a1d) to head (7afd12d).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1456      +/-   ##
==========================================
- Coverage   67.27%   67.25%   -0.02%     
==========================================
  Files         192      192              
  Lines       18144    18133      -11     
==========================================
- Hits        12207    12196      -11     
  Misses       5291     5291              
  Partials      646      646              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[michaelkedar]

I'm not exactly sure - it would help CPU usage and the number of goroutines running, but I'm not sure how this translates to run time.

[spencerschrock]

Do you know how much this could improve the performance?
but I'm not sure how this translates to run time.

For my specific use case, on my specific machine (sample repo I was using to debug), performance is:

v1.9.0: ~2 min
v1.9.1: ~12 min
#1436: ~8 min
This PR: ~8min
cherry picking both PRs: ~8min

[michaelkedar]

I added another change to this PR that should hopefully reduce the number of calls for Maven specifically.

[spencerschrock]

I added another change to this PR that should hopefully reduce the number of calls for Maven specifically.

Much faster, even more than 1.9.0! Thanks!

[spencerschrock]

I will note I'm getting more extraction errors on some repos (such as https://github.com/SpringCloud/spring-cloud-gray) though. I'm not a big Maven dev, so I'm not sure which is valid/right.

Scanning dir /tmp/spring-cloud/
Error during extraction: (extracting as vcs/gitrepo) worktree not available in a bare repository
Error during extraction: (extracting as java/pomxml) failed resolving {Maven:cn.springcloud.gray:spring-cloud-gray-client[Concrete:${revision}] {}}: failed parsing version constraint 'Maven:org.springframework:spring-jcl[Requirement:]': invalid `>` in `>=0.0.0`
Error during extraction: (extracting as java/pomxml) failed resolving {Maven:cn.springcloud.gray:spring-cloud-gray-client-netflix[Concrete:${revision}] {}}: failed parsing version constraint 'Maven:org.springframework:spring-jcl[Requirement:]': invalid `>` in `>=0.0.0`
Scanned /tmp/spring-cloud/spring-cloud-gray-code-component/pom.xml file and found 1 package
Scanned /tmp/spring-cloud/spring-cloud-gray-core/pom.xml file and found 1 package
...

[michaelkedar]

Hmm those errors seems like it would have been introduced in v1.9.1 - might need to look into that further.