einride / gh-dependabot Goto Github PK
View Code? Open in Web Editor NEWGitHub CLI extension for reviewing Dependabot PRs.
License: MIT License
GitHub CLI extension for reviewing Dependabot PRs.
License: MIT License
code --version:
1.79.1
4cb974a7aed77a74c7813bdccd99ee0d04901215
x64
go version:
go version go1.20.5 linux/amd64
gh --version:
gh version 2.30.0 (2023-05-30)
https://github.com/cli/cli/releases/tag/v2.30.0
gh-dependabot version: v0.10.12
I use the extension inside vscode terminal emulator, so it may be vscode problem - something related to direct input or something like that. However, this is critical issue since I've already merged 2 PR unintentionally, while typing in filter mode.
When entering filter mode, all key bindings should be disabled because otherwise you can do some phantom things while you are simply typing something.
When entering filter mode all key bindings are still enabled.
First of all, thank you for this utility. It's handy for quickly going through dependency updates across many repositories.
When I open a PR in a browser, I notice that the list of PRs goes back to the previous page. This seems to be because the same keyboard shortcut is used for both actions:
Lines 49 to 52 in 14bb44f
I don't know if it's possible to change/remove the keyboard shortcut for the list. If not, I would suggest changing the keyboard shortcut for opening the page in the browser to some other letter, although I don't have a good overview of which letters may or may not be in use.
11.6.4 BigSur
go version go1.20.4 darwin/arm64
gh version 2.30.0 (2023-05-30)
https://github.com/cli/cli/releases/tag/v2.30.0
v0.10.12
gh dependabot -h
.gh dependabot -h
.{path-to-gh-dependabot-extension}: line 8: realpath: command not found no Go files in {current-path}
.So, the problem is that MacOS doesn't have built-in realpath
command, which is called directly in the Makefile.
Install coreutils from brew with brew install coreutils
.
Right now you cannot view PRs that aren't assigned to you
This is a message from the GitHub CLI team, maintainers of gh
, writing to inform you that the most recent release of gh
contains changes which may affect your extension. The latest release introduces the feature of storing authentication tokens in the system keyring (encrypted storage) instead of in a plain text file.
The keyrings that are supported are:
Keychain on macOS
GNOME Keyring on Linux (Secret Service dbus interface)
Wincred on Windows
This has huge security benefits for the users of our tool and was one of our oldest outstanding issues. Unfortunately this change has the potential to break extensions that rely on utilizing the users authentication token to work.
In order to have continued compatibility with gh
there are some actions you, as an extension author, need to take. These actions will depend on the implementation of your extension.
Upgrade your go-gh
version to v1.2.1, the latest version.
go get github.com/cli/[email protected]
Verify that in your extension retrieval of the user authentication token is done using the auth.TokenForHost
function.
Verify that in your extension retrieval of the user authentication token is done by shelling out to the gh auth token
command.
gh config get
command, reading the configuration file directly, or any other methods it will no longer work.As of right now storing the authentication token in the system keyring is an opt-in feature, but in the near future it will be required and at that point if the changes above are not made then your extension will be broken for all users. If you have any questions/concerns about this change please feel free to open a discussion in the gh repo.
Thanks,
The GitHub CLI Team
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.