mheap
Bump @octokit/rest from 18.12.0 to 20.1.1
Bumps @octokit/rest from 18.12.0 to 20.1.1.
Release notes
Sourced from @octokit/rest's releases.
v20.1.1
20.1.1 (2024-05-03)
Bug Fixes
v20.1.0
20.1.0 (2024-04-03)
Features
v20.0.2
20.0.2 (2023-09-25)
Bug Fixes
v20.0.1
20.0.1 (2023-07-11)
Bug Fixes
v20.0.0
20.0.0 (2023-07-11)
Features
BREAKING CHANGES
- Drop support for NodeJS v14, v16
- Remove previews support for the REST API
- remove agent option from
octokit.request()v20.0.0-beta.5
20.0.0-beta.5 (2023-07-10)
... (truncated)
Commits
7058346fix: update REST endpoints (#428)b4e2102ci(action): update actions/checkout digest to 0ad4b8f (#426)9d99a65ci(action): update actions/checkout digest to 1d96c77 (#425)c751cb5ci(action): update actions/add-to-project action to v1.0.1 (#424)792bb39chore(deps): update dependency undici to v6.11.1 [security] (#421)9adf1a4feat(security): Add provenance (#420)9ab9253ci(action): update actions/add-to-project action to v1335f2d2ci(action): update actions/add-to-project action to v0.6.1 (#418)8f0efe0build(deps-dev): Bump follow-redirects from 1.15.4 to 1.15.6 (#416)5bf5fa6build(deps-dev): Bump follow-redirects from 1.15.4 to 1.15.6 in /docs (#415)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
This upgrade would resolve the deprecation warning about punycode seen when using this tool:
(node:282386) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
running with --trace-deprecation gives (for example):
(node:282619) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
at node:punycode:3:9
at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:399:7)
at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:338:10)
at loadBuiltinModule (node:internal/modules/helpers:99:7)
at Module._load (node:internal/modules/cjs/loader:1099:17)
at TracingChannel.traceSync (node:diagnostics_channel:315:14)
at wrapModuleLoad (node:internal/modules/cjs/loader:217:24)
at Module.require (node:internal/modules/cjs/loader:1339:12)
at require (node:internal/modules/helpers:126:16)
at Object.<anonymous> (.../node_modules/whatwg-url/lib/url-state-machine.js:2:18)
checking where whatwg-url shows up I found:
$ npm ls whatwg-url
[email protected] .../pin-github-action
└─┬ @octokit/[email protected]
└─┬ @octokit/[email protected]
└─┬ @octokit/[email protected]
└─┬ [email protected]
└── [email protected]
and indeed, trying to run this project with this update makes the initial deprecation warning go away, seemingly as a result of dropping whatwg-url:
$ npm ls whatwg-url
[email protected] .../pin-github-action
└── (empty)
This isn't as easy as it appears sadly 😢
Octokit has moved to ESM modules away from CommonJS, which means some fairly involved work to update the rest of the project
I see :disappointed: A quick (and dirty?) solution could be to await import("@octokit/rest") inside the return Promise. It's already async so this shouldn't be a problem.
The following diff works for me when running the application:
-const { Octokit } = require("@octokit/rest");
-const github = new Octokit({
- auth: process.env.GH_ADMIN_TOKEN,
-});
-
let debug = () => {};
module.exports = function (action, log) {
debug = log.extend("find-ref-on-github");
return new Promise(async function (resolve, reject) {
+ const { Octokit } = await import("@octokit/rest");
+ const github = new Octokit({
+ auth: process.env.GH_ADMIN_TOKEN,
+ });
+
const owner = action.owner;
However, when running tests Jest complains that it needs --experimental-vm-modules which can be solved by running e.g. NODE_OPTIONS="--experimental-vm-modules" npm run test.
Alternatively, I'm also willing to look into porting the codebase to ESM, but that will take some more time.
ESM is no longer an issue, but we make heavy use of nock in the tests to check behaviour. Octokit 18->20 switches to fetch via undici, which is not yet supported by nock https://github.com/nock/nock/issues/2183
We could switch to the undici MockAgent, but it doesn't seem worth the investment for no change in behaviour.