Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: v8 #418

Merged
merged 6 commits into from
Jun 14, 2023
Merged

feat: v8 #418

merged 6 commits into from
Jun 14, 2023

Conversation

wolfy1339
Copy link
Member

@wolfy1339 wolfy1339 commented May 22, 2023
edited
Loading

BREAKING CHANGE: Drop support for NodeJS v14, v16
BREAKING CHANGE: remove previews logic for the REST API

@wolfy1339
ci: stop testing against NodeJS v14, v16 (#415)
4822b96 
BREAKING CHANGE: Drop support for NodeJS v14, v16
@wolfy1339 wolfy1339 added Type: Breaking change Used to note any change that requires a major version bump Type: Feature New feature or request labels May 22, 2023
@wolfy1339 wolfy1339 marked this pull request as ready for review June 13, 2023 22:44
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 13, 2023
View reviewed changes
src/parse.ts
if (url.endsWith("/graphql")) {
if (options.mediaType.previews?.length) {
const previewsFromAcceptHeader =
headers.accept.match(/[\w-]+(?=-preview)/g) || ([] as string[]);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on [library input](2) may run slow on strings with many repetitions of '-'.
@wolfy1339
Copy link
Member Author

Ready to go 🚀

@kfcampbell
Copy link
Member

Are you of the opinion that this security alert doesn't matter, since all our headers are coming from GitHub anyway and therefore won't be problematic in the way the CodeQL alert thinks?

@wolfy1339
Copy link
Member Author

I think it's safe to mark it as won't fix, for the reasons you said

@wolfy1339 wolfy1339 merged commit 376276d into main Jun 14, 2023
@wolfy1339 wolfy1339 deleted the beta branch June 14, 2023 18:54
@github-actions
Copy link

🎉 This PR is included in version 8.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kfcampbell kfcampbell kfcampbell approved these changes

Assignees
No one assigned
Labels
released Type: Breaking change Used to note any change that requires a major version bump Type: Feature New feature or request
Projects
🧰 Octokit Active
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wolfy1339 @kfcampbell