search

lalitkapoor / github-changes

Generate a changelog based on merged pull requests or commit messages
https://lalitkapoor.github.io/github-changes/
MIT License
676 stars 52 forks source link

[GitHub API] Deprecation notice for authentication via URL queryparameters #90

Closed 304NotModified closed 3 years ago

304NotModified commented 3 years ago

I get this message after using this awesome script these days.

Using 1.1.2

using this call:

github-changes -o NLog -r NLog.Extensions.Logging  --only-pulls --token <mytoken>  --use-commit-body --file changelog.md -b master --date-format '(YYYY/MM/DD)'

Hi @304NotModified,

On December 29th, 2020 at 00:59 (UTC) your personal access token (changes2) using NodeJS HTTP Client was used as part of a query parameter to access an endpoint through the GitHub API:

https://api.github.com/repositories/49987133/tags

Please use the Authorization HTTP header instead, as using the access_token query parameter is deprecated. If this token is being used by an app you don't have control over, be aware that it may stop working as a result of this deprecation.

Depending on your API usage, we'll be sending you this email reminder on a monthly basis for each token and User-Agent used in API calls made on your behalf. Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param for more information about suggested workarounds and removal dates.

Thanks, The GitHub Team

Is there some plan to change to the Authorization header?

TheJavaGuy commented 3 years ago

I'm almost sure this is due to the github-changes using very outdated dependency github at version 0.1.16. Latest version of github is 14.0.0, and even that is deprecated and moved to @octokit/rest (latest version being 18.0.12).

304NotModified commented 3 years ago

That's very useful information!

I see that https://github.com/lalitkapoor/github-changes/pull/83 also updates the dependency

Polite bump @lalitkapoor!

lalitkapoor commented 3 years ago

@304NotModified @TheJavaGuy Can you give the latest version (2.0.0) a try? I did a major bump because how auth happens has now changed and the older method is no longer supported (https://developer.github.com/changes/2020-02-14-deprecating-oauth-auth-endpoint/)

304NotModified commented 3 years ago

Thanks for the fast response!

When I do

npm install -g github-changes@lastest

it gives me

npm WARN @octokit/plugin-request-log@1.0.2 requires a peer of @octokit/core@>=3 but none is installed. You must install peer dependencies yourself.

Also when I do

npm list  -g --depth 0

I get

npm ERR! peer dep missing: @octokit/core@>=3, required by @octokit/plugin-request-log@1.0.2

304NotModified commented 3 years ago

The good news, if I also run npm install -g @octokit/core then github-changes -o NLog -r NLog.Extensions.Logging --only-pulls --token <mytoken> --use-commit-body --file changelog.md -b master --date-format '(YYYY/MM/DD)', 2.0.0 will give the exact same result as 1.1.2 :) (tested this with git)

The bad news, there are many warnings printed:

This is just a part, I guess it prints this for every call

 [@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead
{ Deprecation: [@octokit/rest] Setting the "new Octokit({ auth })" option to an object without also setting the "authStrategy" option is deprecated and will be removed in v17. See (https://octokit.github.io/rest.js/#authentication)
    at authenticationPlugin (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\@octokit\rest\plugins\authentication\index.js:58:5)
    at Octokit.plugins.forEach.pluginFunction (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\@octokit\rest\lib\constructor.js:26:37)
    at Array.forEach (<anonymous>)
    at new Octokit (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\@octokit\rest\lib\constructor.js:26:11)
    at new DeprecatedOctokit (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\@octokit\rest\index.js:29:10)
    at Object.<anonymous> (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\bin\index.js:69:14)
    at Module._compile (internal/modules/cjs/loader.js:689:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
    at Module.load (internal/modules/cjs/loader.js:599:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
    at Function.Module._load (internal/modules/cjs/loader.js:530:3)
    at Function.Module.runMain (internal/modules/cjs/loader.js:742:12)
    at startup (internal/bootstrap/node.js:266:19)
    at bootstrapNodeJSCore (internal/bootstrap/node.js:596:3) name: 'Deprecation' }
{ Deprecation: [@octokit/rest] "commit_sha" parameter is deprecated for ".repos.getCommit()". Use "ref" instead
    at Object.keys.forEach.key (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\@octokit\plugin-rest-endpoint-methods\dist-node\index.js:13145:26)
    at Array.forEach (<anonymous>)
    at Object.patchedMethod [as getCommit] (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\@octokit\plugin-rest-endpoint-methods\dist-node\index.js:13142:26)
    at C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\bin\index.js:106:27
    at bound (domain.js:396:14)
    at runBound (domain.js:409:12)
    at tryCatcher (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\util.js:16:23)
    at MappingPromiseArray._promiseFulfilled (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\map.js:68:38)
    at MappingPromiseArray.PromiseArray._iterate (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\promise_array.js:115:31)
    at MappingPromiseArray.init (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\promise_array.js:79:10)
    at bound (domain.js:396:14)
    at MappingPromiseArray.runBound (domain.js:409:12)
    at Promise._settlePromise (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\promise.js:601:21)
    at Promise._settlePromise0 (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\promise.js:649:10)
    at Promise._settlePromises (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\promise.js:729:18)
    at _drainQueueStep (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\bluebird\js\release\async.js:93:12) name: 'Deprecation' }
{ Deprecation: [@octokit/rest] "commit_sha" parameter is deprecated for ".repos.getCommit()". Use "ref" instead
    at Object.keys.forEach.key (C:\Users\Julian\AppData\Roaming\npm\node_modules\github-changes\node_modules\@octokit\plugin-rest-endpoint-methods\dist-node\index.js:13145:26)

...
TheJavaGuy commented 3 years ago

Thanks @lalitkapoor!

I can confirm what @304NotModified said - after executing npm install -g @octokit/core, npm install -g github-changes and finally running a command like github-changes -o TheJavaGuy -r request-master..., changelog file is successfully generated but with dozens of warnings printed in console:

{ Deprecation: [@octokit/rest] "commit_sha" parameter is deprecated for ".repos.getCommit()". Use "ref" instead
    at Object.keys.forEach.key (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\@octokit\plugin-rest-endpoint-methods\dist-node\index.js:13145:26)
    at Array.forEach (<anonymous>)
    at Object.patchedMethod [as getCommit] (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\@octokit\plugin-rest-endpoint-methods\dist-node\index.js:13142:26)
    at C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\bin\index.js:106:27
    at bound (domain.js:402:14)
    at runBound (domain.js:415:12)
    at tryCatcher (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\util.js:16:23)
    at MappingPromiseArray._promiseFulfilled (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\map.js:68:38)
    at MappingPromiseArray.PromiseArray._iterate (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\promise_array.js:115:31)
    at MappingPromiseArray.init (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\promise_array.js:79:10)
    at bound (domain.js:402:14)
    at MappingPromiseArray.runBound (domain.js:415:12)
    at Promise._settlePromise (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\promise.js:601:21)
    at Promise._settlePromise0 (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\promise.js:649:10)
    at Promise._settlePromises (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\promise.js:729:18)
    at _drainQueueStep (C:\Programs\node-v10.19.0-win-x64\node_modules\github-changes\node_modules\bluebird\js\release\async.js:93:12) name: 'Deprecation' }

If we can help in any more ways just let us know!

lalitkapoor commented 3 years ago

Thanks! I’ll take a look into these soon.

lalitkapoor commented 3 years ago

@TheJavaGuy @304NotModified can you give 2.0.1 a try? I upgraded the dependencies again to the latest and am not using the deprecated fields. I didn't need to install @octokit/core though. so please let me know if you're still seeing a peer dependency issue.

TheJavaGuy commented 3 years ago

2.0.1 works like a charm, no warning no nothing :) I uninstalled @octokit/core before installing 2.0.1 and it worked nonetheless. Thanks a million @lalitkapoor!