Email Reply Runs all Commands

[dav-is]

If I directly reply to an email it appends the dependabot message to the bottom of it automatically. For some reason it will run all the commands that were listed in the Commands section.

This is where it happened to me: https://github.com/dav-is/connordav.is/pull/34

[greysteil]

Woah, that's the first time I've ever seen that. I'll get it fixed right away.

Out of interest what email client are you using?

[dav-is]

Zoho but this behavior is common in any email client I've used. It's easier to just reply to a notification email than to open GitHub.

Thanks again!

[greysteil]

Thanks. GitHub has logic that removes the previous email bodies from the comment, but it looks like it's not being applied for some reason, so Dependabot is getting the full previous email text back. I'm guessing that's due to a transformation that Zoho applies, but Dependabot should be more robust to this regardless!

[dav-is]

That's interesting... I've always noticed the ellipse after my email responses when using Gmail, Inbox, Apple Mail, and now Zoho. It does seem like the "view it on GitHub" and "mute the thread" links have been removed. I feel like it might be there for content in case someone might have edited the comment.

---- On Tue, 20 Nov 2018 11:08:46 -0800 notifications@github.com wrote ----

Thanks. GitHub has logic that removes the previous email bodies from the comment, but it looks like it's not being applied for some reason, so Dependabot is getting the full previous email text back. I'm guessing that's due to a transformation that Zoho applies, but Dependabot should be more robust to this regardless!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[greysteil]

It definitely looks different to me coming from your email - the email notification I got for you last comment, for example, included the full text of my previous post. That doesn’t normally happen (probably isn’t happening for you for this email reply, for example.).

Either way, Dependabot needs fixing here!

On 20 Nov 2018, at 19:14, Connor Davis notifications@github.com wrote:

That's interesting... I've always noticed the ellipse after my email responses when using Gmail, Inbox, Apple Mail, and now Zoho. It does seem like the "view it on GitHub" and "mute the thread" links have been removed. I feel like it might be there for content in case someone might have edited the comment.

---- On Tue, 20 Nov 2018 11:08:46 -0800 notifications@github.com wrote ----

Thanks. GitHub has logic that removes the previous email bodies from the comment, but it looks like it's not being applied for some reason, so Dependabot is getting the full previous email text back. I'm guessing that's due to a transformation that Zoho applies, but Dependabot should be more robust to this regardless!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dependabot/feedback/issues/277#issuecomment-440396513, or mute the thread https://github.com/notifications/unsubscribe-auth/ABF4KbRuwgpU0xLqyGzlOOads5J046eaks5uxFSqgaJpZM4Yru-9.

[greysteil]

I mean, unless GitHub just changed something and broke this, which is also possible.

[greysteil]

FYI, you can see the difference in comment style between our two email clients by looking at the API response here. It looks like Zoho doesn't insert > characters, which is what's tripping Dependabot up.

[dav-is]

It looks like your email client revealed your mute thread link 🤔 looks like GitHub has some work to do

[greysteil]

Indeed! In the meantime I've added some sanitization logic on our side that should ensure this doesn't happen again. Thanks for reporting this, and apologies for the bug!