-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace octonode with octokit #383
Comments
Octonode is now introducing moderate security vulnerabilities.
|
Use Octokit instead of making Axios requests to raw.githubusercontent.com. See #383.
Added as part of a test for phetsims/rosetta#383.
Added as part of test for phetsims/rosetta#383.
Part of tests for phetsims/rosetta#383.
In the above commits, I added a class We also get string files from GitHub that are in the sim repos. In the above commits, I added a module Before we can do more testing, I need to use Octokit for |
I think we can also close #376 once this fix is deployed. |
Don't forget to close #343 when this fix is deployed. |
Instead of issuing a request to raw.githubusercontent.com. For #383.
Done in 7a47a60. |
Deployed in 6021626 (2.0.7). |
This is done. Closing. |
In Rosetta 1.0, we were using a library called octonode for interacting with GitHub's API. It's possible that Rosetta 1.0 was written prior to the release of octokit, which is GitHub's official library for interacting with GitHub's API.
We continued using octonode in Rosetta 2.0 because it was easier than switching to something new. (We were already making a lot of changes in the transition from 1.0 to 2.0.)
I don't think this should be a high priority because octonode works (and if it ain't broke don't fix it), but there are a few advantages I see to using octokit instead of octonode:
long term storage of pl/energy-skate-park failed
#376 (comment))The text was updated successfully, but these errors were encountered: