-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: update octokit #360
feat: update octokit #360
Conversation
@nwalters512, I recommend bumping the major version here and providing support for the last 2 major versions. Thoughts? |
@jugaltheshah, as this is a breaking change, let's bump the major version. |
That was the intent with the "breaking change" in the PR description though come to think of it, I'm not sure if that's a custom option that this repo doesn't have enabled. Regardless, I'll update the PR title, which should do the same. Please be sure to squash & merge this PR so semantic bot will cut a new major release |
Need to confirm that this is the expected behavior. |
@jugaltheshah, mind squashing the commits down prior to merging this down. In addition, can you follow the message commit format is specified in [1]. References |
Is the breaking change the difference in how By "providing support for the last 2 major versions", do you mean backporting future changes to v1? I don't think that'll be necessary. |
That's an interesting question actually. I'm actually now questioning if we actually need to mark this as breaking. Yes, the reason this PR is currently breaking is the difference in how So then if we keep cc @aorinevo |
Netrc should still work, right? It would potentially start to degrade during the brownout period and then be fully non-functional when username/password is deprecated. I'm still in favor of doing a major version bump. |
Security and bug fixes only for the last major version - no backporting of features/enhancements. |
Using username & password against the Github REST API was already deprecated as of November 13th, 2020 per this doc. I think what's causing some confusion here is that Github deprecated using username:password auth, but not basic auth via username:token with token used like a password. So if your Github username & password were user1:password123, using those against the Github API won't work. However, if you generate a personal access token on Gihub.com and use user1:token123 against the Github API, I believe this will still work (this is what I still need to confirm). They did this for compatibility with clients that only support basic auth. Of course we don't actually need a username since tokens are associated with users already, so really we'd just need to assume a password provided is a token. So we have a couple options:
We could err on the side of caution here and release a major version regardless, but just wanted to present the options as I saw them. |
Ah, I see now. That makes sense. I'm in favor of option 2 and keeping this a minor bump. |
Many thanks for this contribution @jugaltheshah! 🚢 |
# [1.13.0](v1.12.0...v1.13.0) (2021-01-14) ### Features * update octokit ([#360](#360)) ([5604e4f](5604e4f))
🎉 This PR is included in version 1.13.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
* feat: update octokit.
# [1.13.0](NerdWalletOSS/shepherd@v1.12.0...v1.13.0) (2021-01-14) ### Features * update octokit ([NerdWalletOSS#360](NerdWalletOSS#360)) ([5604e4f](NerdWalletOSS@5604e4f))
Deprecated - Github username & password auth:
As Github has deprecated REST API auth via username & password, this no longer works as an auth mechanism. After this PR, shepherd will still support auth via
.netrc
, but the.netrc.password
field should supply a token instead of a Github password.Updates:
"@octokit/rest": "^15.18.1"
->"@octokit/rest": "^18.0.12",
,octokit.pullRequests.update
->octokit.pulls.update