Environment

code --version:

1.79.1
4cb974a7aed77a74c7813bdccd99ee0d04901215
x64

go version:

go version go1.20.5 linux/amd64

gh --version:

gh version 2.30.0 (2023-05-30)
https://github.com/cli/cli/releases/tag/v2.30.0

gh-dependabot version: v0.10.12

Problem

I use the extension inside vscode terminal emulator, so it may be vscode problem - something related to direct input or something like that. However, this is critical issue since I've already merged 2 PR unintentionally, while typing in filter mode.

Expected behavior

When entering filter mode, all key bindings should be disabled because otherwise you can do some phantom things while you are simply typing something.

Actual behavior

When entering filter mode all key bindings are still enabled.

Token storage change in latest release of gh

This is a message from the GitHub CLI team, maintainers of gh, writing to inform you that the most recent release of gh contains changes which may affect your extension. The latest release introduces the feature of storing authentication tokens in the system keyring (encrypted storage) instead of in a plain text file.
The keyrings that are supported are:

• Keychain on macOS

• GNOME Keyring on Linux (Secret Service dbus interface)

• Wincred on Windows

This has huge security benefits for the users of our tool and was one of our oldest outstanding issues. Unfortunately this change has the potential to break extensions that rely on utilizing the users authentication token to work.

In order to have continued compatibility with gh there are some actions you, as an extension author, need to take. These actions will depend on the implementation of your extension.

Extensions built in Go using go-gh:

1. Upgrade your go-gh version to v1.2.1, the latest version.

   • This can be done using go get github.com/cli/[email protected]

2. Verify that in your extension retrieval of the user authentication token is done using the auth.TokenForHost function.

   • If you were previously accessing the authentication token using any other method it will no longer work.
   • Automatic resolution of the authentication token when using the API clients will continue to work without changes.

All other extensions:

1. Verify that in your extension retrieval of the user authentication token is done by shelling out to the gh auth token command.

   • If you were previously accessing the authentication token using the gh config get command, reading the configuration file directly, or any other methods it will no longer work.

As of right now storing the authentication token in the system keyring is an opt-in feature, but in the near future it will be required and at that point if the changes above are not made then your extension will be broken for all users. If you have any questions/concerns about this change please feel free to open a discussion in the gh repo.

Thanks,
The GitHub CLI Team

Environment:

MacOS:

11.6.4 BigSur

go version:

go version go1.20.4 darwin/arm64

gh --version:

gh version 2.30.0 (2023-05-30)
https://github.com/cli/cli/releases/tag/v2.30.0

gh-dependabot version:

v0.10.12

Expected behaviour:

1. You write gh dependabot -h.
2. You get standard help command output.

Real behaviour:

1. You write gh dependabot -h.
2. You get {path-to-gh-dependabot-extension}: line 8: realpath: command not found no Go files in {current-path} .

Reason:

So, the problem is that MacOS doesn't have built-in realpath command, which is called directly in the Makefile.

Temp fix:

Install coreutils from brew with brew install coreutils.

First of all, thank you for this utility. It's handy for quickly going through dependency updates across many repositories.

When I open a PR in a browser, I notice that the list of PRs goes back to the previous page. This seems to be because the same keyboard shortcut is used for both actions:

https://github.com/charmbracelet/bubbles/blob/e857875f2a75bd9ed464585dd53d5065e4dbe61f/list/keys.go#L45-L48

I don't know if it's possible to change/remove the keyboard shortcut for the list. If not, I would suggest changing the keyboard shortcut for opening the page in the browser to some other letter, although I don't have a good overview of which letters may or may not be in use.

Right now you cannot view PRs that aren't assigned to you