You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
this poses a problem related to github rate limit.
assuming a user like dependabot creates a lot of PRs, and for each PR we check if the user is a member of an org on the list - we will exhaust the rate limit.
when using the
org-listfeature of the plugin, each PR author will be checked if they are members of the organizations in that list.given that jenkins is defined as an authenticated user, the returned status will be 404 (according to https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user)
this poses a problem related to github rate limit.
assuming a user like dependabot creates a lot of PRs, and for each PR we check if the user is a member of an org on the list - we will exhaust the rate limit.
even when using the conditional requests feature (for reference, we make ~100k requests to the github api per hour), this will still cause us to hit rate limit, as only a 304 return status will not count against the rate limit.
essentially this causes organizations with multiple repos to be "attacked" by simply having too many open PRs from dependabot 😄
internal reference: https://issues.redhat.com/browse/APPSRE-4423
The text was updated successfully, but these errors were encountered: