Skip to content

Bump @octokit/request, @octokit/plugin-throttling and @octokit/rest #419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mlahargou merged 10 commits into from
Mar 4, 2025
Merged

Bump @octokit/request, @octokit/plugin-throttling and @octokit/rest #419

mlahargou merged 10 commits into from
Mar 4, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 14, 2025
edited by mlahargou
Loading

Bumps @octokit/request to 9.2.1 and updates ancestor dependencies @octokit/request, @octokit/plugin-throttling and @octokit/rest. These dependencies need to be updated together.

Updates @octokit/request from 5.6.3 to 9.2.1

Release notes

Sourced from @​octokit/request's releases.

v9.2.1

9.2.1 (2025-02-13)

Bug Fixes

  • mitigate ReDos vulnerabilities & lint (#738) (6bb29ba)

v9.2.0

9.2.0 (2025-01-16)

Features

  • correctly parse response bodies as JSON where the Content-Type is application/scim+json (#731) (00bf316)

v9.1.4

9.1.4 (2024-12-29)

Bug Fixes

  • deps: bump @octokit/types to fix deno compat (#730) (324ffef)

v9.1.3

9.1.3 (2024-07-14)

Bug Fixes

v9.1.2

9.1.2 (2024-07-13)

Bug Fixes

  • refactor: async await instead of Promise chain (#711) (611b275)

v9.1.1

9.1.1 (2024-04-15)

Bug Fixes

  • pkg: add default fallback to exports (#688) (9866c41)

v9.1.0

9.1.0 (2024-04-09)

... (truncated)

Commits
  • 6bb29ba fix: mitigate ReDos vulnerabilities & lint (#738)
  • 34ff07e Merge commit from fork
  • a0e96b3 chore(deps): update dependency esbuild to ^0.25.0 (#736)
  • d27daa7 build(deps-dev): bump vitest and @​vitest/coverage-v8 (#735)
  • bc07c8a build(deps): bump vite from 5.4.6 to 6.0.11 (#734)
  • 4266a84 build(deps-dev): bump undici from 6.19.2 to 6.21.1 (#733)
  • c2d27a2 chore(deps): update vitest monorepo to v3 (major) (#732)
  • 00bf316 feat: correctly parse response bodies as JSON where the Content-Type is `appl...
  • 324ffef fix(deps): bump @octokit/types to fix deno compat (#730)
  • 70bf3e2 chore(deps): update dependency prettier to v3.4.2 (#729)
  • Additional commits viewable in compare view

Updates @octokit/plugin-throttling from 3.6.2 to 9.4.0

Release notes

Sourced from @​octokit/plugin-throttling's releases.

v9.4.0

9.4.0 (2025-01-08)

Features

  • new action runner groups endpoints, new code scanning alerts autofix endpoints, new sub-issues endpoints, new private registries enpoints, new code security endpoints (#762) (2dab79a)

v9.3.3

9.3.3 (2025-01-07)

Bug Fixes

  • deps: bump Octokit deps to fix Deno compat (#761) (553f0b4)

v9.3.2

9.3.2 (2024-10-04)

Bug Fixes

  • handle 429 status code when being throttled (#740) (128ecb6)

v9.3.1

9.3.1 (2024-07-14)

Bug Fixes

v9.3.0

9.3.0 (2024-04-29)

Features

v9.2.1

9.2.1 (2024-04-23)

Bug Fixes

v9.2.0

9.2.0 (2024-04-15)

... (truncated)

Commits
  • 2dab79a feat: new action runner groups endpoints, new code scanning alerts autofix en...
  • 553f0b4 fix(deps): bump Octokit deps to fix Deno compat (#761)
  • 2a6e70a build(deps): lock file maintenance (#760)
  • 1028270 build(deps): lock file maintenance (#759)
  • e150c35 build(deps): lock file maintenance (#758)
  • a5eabc5 chore(deps): update dependency prettier to v3.4.2 (#756)
  • c1b2b54 build(deps): lock file maintenance (#757)
  • c4b3e9b build(deps): lock file maintenance (#755)
  • a439606 chore(deps): update dependency prettier to v3.4.1 (#753)
  • a53d18f build(deps): lock file maintenance (#751)
  • Additional commits viewable in compare view

Updates @octokit/rest from 19.0.7 to 21.1.0

Release notes

Sourced from @​octokit/rest's releases.

v21.1.0

21.1.0 (2025-01-08)

Features

  • new endpoints, bump Octokit deps to fix Deno (#477) (908b1c8)

v21.0.2

21.0.2 (2024-08-16)

Bug Fixes

v21.0.1

21.0.1 (2024-07-17)

Bug Fixes

v21.0.0

21.0.0 (2024-06-20)

Features

BREAKING CHANGES

  • package is now ESM

v21.0.0-beta.4

21.0.0-beta.4 (2024-06-19)

Bug Fixes

v21.0.0-beta.3

21.0.0-beta.3 (2024-04-30)

Features

... (truncated)

Commits
  • 908b1c8 feat: new endpoints, bump Octokit deps to fix Deno (#477)
  • 751b522 chore(deps): update dependency fetch-mock to v12 (#470)
  • 5ad12fd chore(deps): update dependency @​types/node to v22 (#472)
  • c88980a ci(action): update actions/checkout digest to 11bd719 (#469)
  • 94443df ci(action): update actions/checkout digest to eef6144 (#467)
  • c59fcf6 chore(deps): update dependency @​octokit/tsconfig to v4 (#464)
  • 2f97e4c build(deps): Bump body-parser and express (#465)
  • 2dec6cc chore(deps): update dependency esbuild to ^0.24.0 (#463)
  • 9a80f06 fix(docs): update to react 18 and latest gatsby deps (#462)
  • 3b5a8e8 chore(deps): update dependency fetch-mock to v11 (#459)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

QA:

Ensure everything is working. I changed many files to convert this project to ESM.

On Deploy:

cp /mnt/ebs/etc/pulldasher-dev.config.js /mnt/ebs/etc/pulldasher-dev.config.js.bak
cp /mnt/ebs/etc/pulldasher.config.js  /mnt/ebs/etc/pulldasher.config.js.bak
mv /mnt/ebs/etc/pulldasher-dev.config-dev.js /mnt/ebs/etc/pulldasher-dev.config.js 
mv /mnt/ebs/etc/pulldasher.config-dev.js /mnt/ebs/etc/pulldasher.config.js

We will also need to update the /home/ifixit/ifixit_scripts/update-pulldasher-dev script to point at the config.js instead of config-dev.js.

@dependabot
Bump @octokit/request, @octokit/plugin-throttling and @octokit/rest
444c5e3 
Bumps [@octokit/request](https://github.com/octokit/request.js) to 9.2.1 and updates ancestor dependencies [@octokit/request](https://github.com/octokit/request.js), [@octokit/plugin-throttling](https://github.com/octokit/plugin-throttling.js) and [@octokit/rest](https://github.com/octokit/rest.js). These dependencies need to be updated together.


Updates `@octokit/request` from 5.6.3 to 9.2.1
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](octokit/request.js@v5.6.3...v9.2.1)

Updates `@octokit/plugin-throttling` from 3.6.2 to 9.4.0
- [Release notes](https://github.com/octokit/plugin-throttling.js/releases)
- [Commits](octokit/plugin-throttling.js@v3.6.2...v9.4.0)

Updates `@octokit/rest` from 19.0.7 to 21.1.0
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](octokit/rest.js@v19.0.7...v21.1.0)

---
updated-dependencies:
- dependency-name: "@octokit/request"
  dependency-type: indirect
- dependency-name: "@octokit/plugin-throttling"
  dependency-type: direct:production
- dependency-name: "@octokit/rest"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 14, 2025
@mlahargou
Copy link
Member

mlahargou commented Feb 17, 2025

CR 📱

QA should boot it up on pulldasher-dev and make sure it still works. Quite a few major upgrades.

@kthaler kthaler self-assigned this Feb 19, 2025
@kthaler kthaler added QAing Under QA team review and removed QAing Under QA team review labels Feb 19, 2025
@erinemay erinemay added the QAing Under QA team review label Feb 19, 2025
@erinemay
Copy link

erinemay commented Feb 20, 2025
edited
Loading

I'm getting 503
image

Where do logs live?

When I switch back to master and run the command, it works again.

Details 

emay@cominor.com  (dependabot/npm_and_yarn/multi-9a5426680f) 16:56:19 pulldasher-dev > /home/ifixit/ifixit_scripts/update-pulldasher-dev --run .
Building and deploying the state of .
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon  8.544MB
Step 1/8 : FROM node:16-alpine
---> 2573171e0124
Step 2/8 : RUN mkdir -p /opt/pulldasher
---> Using cache
---> 8d36eefcac28
Step 3/8 : WORKDIR /opt/pulldasher
---> Using cache
---> f523fb92feec
Step 4/8 : COPY . /opt/pulldasher
---> 4d88b94eff6c
Step 5/8 : RUN npm install --unsafe-perm
---> Running in b8b9bcfca6d8
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/auth-token@5.1.2',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/core@6.1.4',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/endpoint@10.1.3',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/graphql@8.2.0',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/plugin-paginate-rest@11.4.2',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/plugin-request-log@5.3.1',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/plugin-rest-endpoint-methods@13.3.1',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/plugin-throttling@9.4.0',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/request@9.2.1',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/request-error@6.1.7',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/rest@21.1.0',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }
> pulldasher@0.0.1 postinstall
> npm run build

> pulldasher@0.0.1 build
> webpack --config ./frontend/webpack.prod.config.js

assets by status 1.24 MiB [big]
  asset main.js 667 KiB [emitted] [minimized] [big] (name: main) 2 related assets
  asset pull-card-demo.js 603 KiB [emitted] [minimized] [big] (name: pull-card-demo) 2 related assets
asset ./pull-card-demo.html 408 bytes [emitted]
asset index.html 398 bytes [emitted]
orphan modules 3.65 MiB [orphan] 1166 modules
runtime modules 4.37 KiB 14 modules
cacheable modules 5.33 MiB
  modules by path ./node_modules/ 213 KiB 28 modules
  modules by path ./frontend/ 5.12 MiB
    modules by path ./frontend/src/theme/*.less 26.3 KiB
      ./node_modules/css-loader/dist/cjs.js!./node_modules/less-loader/dist/cjs.js!./frontend/src/theme/base.less 1.68 KiB [built] [code generated]
      ./node_modules/css-loader/dist/cjs.js!./node_modules/less-loader/dist/cjs.js!./frontend/src/theme/day_theme.less 12.2 KiB [built] [code generated]
      ./node_modules/css-loader/dist/cjs.js!./node_modules/less-loader/dist/cjs.js!./frontend/src/theme/night_theme.less 12.4 KiB [built] [code generated]
    ./frontend/src/index.tsx + 505 modules 2.62 MiB [built] [code generated]
    ./frontend/test/pull-card-demo.tsx + 477 modules 2.47 MiB [built] [code generated]

WARNING in asset size limit: The following asset(s) exceed the recommended size limit (244 KiB).
This can impact web performance.
Assets:
  main.js (667 KiB)
  pull-card-demo.js (603 KiB)

WARNING in entrypoint size limit: The following entrypoint(s) combined asset size exceeds the recommended limit (244 KiB). This can impact web performance.
Entrypoints:
  main (667 KiB)
      main.js
  pull-card-demo (603 KiB)
      pull-card-demo.js

WARNING in webpack performance recommendations:
You can limit the size of your bundles by using import() or require.ensure to lazy load some parts of your application.
For more info visit https://webpack.js.org/guides/code-splitting/

webpack 5.94.0 compiled with 3 warnings in 31051 ms

added 942 packages, and audited 943 packages in 41s

139 packages are looking for funding
  run `npm fund` for details

8 vulnerabilities (2 moderate, 6 high)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
npm notice
npm notice New major version of npm available! 8.19.4 -> 11.1.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v11.1.0>
npm notice Run `npm install -g npm@11.1.0` to update!
npm notice
Removing intermediate container b8b9bcfca6d8
 ---> d1f0d457b85f
Step 6/8 : ENV DEBUG=pulldasher:*
 ---> Running in c0eb5f68a769
Removing intermediate container c0eb5f68a769
 ---> 361eaa4e9142
Step 7/8 : EXPOSE 8080
 ---> Running in d53c5ca567ca
Removing intermediate container d53c5ca567ca
 ---> f05bbb8b9a5d
Step 8/8 : CMD ["bin/pulldasher"]
 ---> Running in aab218ef5240
Removing intermediate container aab218ef5240
 ---> eeee043cc0fb
Successfully built eeee043cc0fb
Successfully tagged pulldasher-dev:444c5e3
pulldasher-dev
f07c32a21a82e1747425c84c1236b08e898243465f714a71f

edit: dev_block ❔

@erinemay erinemay removed the QAing Under QA team review label Feb 20, 2025
@mlahargou
Copy link
Member

mlahargou commented Feb 20, 2025

Where do logs live?

You posted them :)

This looks like the culprit:


npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@octokit/rest@21.1.0',
npm WARN EBADENGINE   required: { node: '>= 18' },
npm WARN EBADENGINE   current: { node: 'v16.20.2', npm: '8.19.4' }
npm WARN EBADENGINE }

We probably have to upgrade the Dockerfile to an upgraded node version.

@mlahargou
Copy link
Member

mlahargou commented Feb 20, 2025
edited
Loading

Okay, for testing, I've updated the update-pulldasher-dev script to point to /mnt/ebs/etc/pulldasher-dev.config-dev.js which is the new config. When we deploy this, we will need to:

cp /mnt/ebs/etc/pulldasher-dev.config.js /mnt/ebs/etc/pulldasher-dev.config.js.bak
cp /mnt/ebs/etc/pulldasher.config.js  /mnt/ebs/etc/pulldasher.config.js.bak
mv /mnt/ebs/etc/pulldasher-dev.config-dev.js /mnt/ebs/etc/pulldasher-dev.config.js 
mv /mnt/ebs/etc/pulldasher.config-dev.js /mnt/ebs/etc/pulldasher.config.js

We will also need to update the /home/ifixit/ifixit_scripts/update-pulldasher-dev script to point at the config.js instead of config-dev.js.

@mlahargou
Copy link
Member

mlahargou commented Feb 21, 2025

un_dev_block 📱

@jordycosta
Copy link
Member

jordycosta commented Feb 21, 2025
edited by mlahargou
Loading

QA 🟢

Not seeing any apparent issues with Pulldasher-Dev

deploy_block 🟨 on #419 (comment)

When we deploy this, we will need to:

cp /mnt/ebs/etc/pulldasher-dev.config.js /mnt/ebs/etc/pulldasher-dev.config.js.bak
cp /mnt/ebs/etc/pulldasher.config.js  /mnt/ebs/etc/pulldasher.config.js.bak
mv /mnt/ebs/etc/pulldasher-dev.config-dev.js /mnt/ebs/etc/pulldasher-dev.config.js 
mv /mnt/ebs/etc/pulldasher.config-dev.js /mnt/ebs/etc/pulldasher.config.js  

We will also need to update the /home/ifixit/ifixit_scripts/update-pulldasher-dev script to point at the config.js instead of config-dev.js.

@mlahargou
Copy link
Member

mlahargou commented Mar 4, 2025

@danielbeardsley think you could CR this? You've done most of the work on this repo.

@danielbeardsley
Copy link
Member

danielbeardsley commented Mar 4, 2025

CR 👍

Wow! Well done! Thanks for doing this!

I assume you've tested it on pulldasher-dev.cominor.com?

@mlahargou
Copy link
Member

mlahargou commented Mar 4, 2025

I assume you've tested it on pulldasher-dev.cominor.com?

Yes. QA did as well.

@mlahargou mlahargou merged commit 7188367 into master Mar 4, 2025
1 check passed
@mlahargou mlahargou deleted the dependabot/npm_and_yarn/multi-9a5426680f branch March 4, 2025 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kthaler kthaler

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mlahargou @erinemay @jordycosta @danielbeardsley @kthaler