The devDependency webpack-bundle-analyzer was updated from 3.0.4 to 3.1.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

webpack-bundle-analyzer is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

This is the error and no-one has yet been able to fix it. Maybe sometime later it will be obvious how to fix the issue

Type '(<T extends GraphQlQueryResponse>(query: string | Parameters, options?: Parameters | undefined) => Promise<{ [key: string]: any; } | null>) & { defaults: (newDefaults: Parameters) => graphql; endpoint: endpoint; }' is not assignable to type 'graphql'.
  Type 'Promise<{ [key: string]: any; } | null>' is not assignable to type 'Promise<GraphQlQueryResponse>'.
    Type '{ [key: string]: any; } | null' is not assignable to type 'GraphQlQueryResponse'.
      Type 'null' is not assignable to type 'GraphQlQueryResponse'.

The devDependency mocha was updated from 6.0.2 to 6.1.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

mocha is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Problem

After upgrading to the latest version 4.5.6 a NodeJS serverless Azure Function now complains about
isPlainObject is not a function at Object.keys.forEach.key

If I revert the package.json dependency back to 4.5.4 then it continues to work as it once did.

Error

2020-09-15T11:38:06.357 [Error] Executed 'Functions.IsActiveSponsor' (Failed, Id=aaee2f87-29b6-43d9-8f2f-92c964e370bf, Duration=11ms)Result: FailureException: Worker was unable to load function IsActiveSponsor: 'TypeError: isPlainObject is not a function'
Stack: TypeError: isPlainObject is not a functionat Object.keys.forEach.key (D:\home\site\wwwroot\node_modules\@octokit\endpoint\dist-node\index.js:24:9)
  at Array.forEach (<anonymous>)
  at mergeDeep (D:\home\site\wwwroot\node_modules\@octokit\endpoint\dist-node\index.js:23:24)
  at merge (D:\home\site\wwwroot\node_modules\@octokit\endpoint\dist-node\index.js:52:25)
  at withDefaults (D:\home\site\wwwroot\node_modules\@octokit\endpoint\dist-node\index.js:348:20)
  at Object.<anonymous> (D:\home\site\wwwroot\node_modules\@octokit\endpoint\dist-node\index.js:376:18)
  at Module._compile (internal/modules/cjs/loader.js:778:30)
  at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
  at Module.load (internal/modules/cjs/loader.js:653:32)
  at tryModuleLoad (internal/modules/cjs/loader.js:593:12)

The devDependency webpack was updated from 4.39.1 to 4.39.2.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

webpack is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

I use Octokit like this:

import {Octokit} from '@octokit/rest';

export class Git {
  readonly octokit: Octokit;

  constructor(auth: string) {
    this.octokit = new Octokit({ auth });
  }
}

And I'd like to use graphql.js in a similar manner. But currently, graphql import is not of graphql type.
So, I have to use something like this:

import {graphql} from '@octokit/graphql';
import {graphql as Graphql} from '@octokit/graphql/dist-types/types';

export class Git {
  readonly graphql: Graphql;

  constructor(auth: string) {
    this.graphql = graphql.defaults({
      headers: {
        authorization: `token secret123`,
      },
    });
  }
}

It would be cool if they were more consistent.

So, I'm trying to migrate from using the request object from @octokit/rest.js to make graphql calls like this:

const query = `mutation createLabel {
    createLabel(input: {
      repositoryId: "<repoID>",
      name: "<labelname>",
      color: "<labelcolor>",
      description: "<labeldescription>"
    }) {
      label {
        id
      }
    }}
      `;
    console.log(query)
    const resp = await octokit.request("POST /graphql",{query})

That works like a champ. But trying to re-factor to use this:

const query = `mutation createLabel {
    createLabel(input: {
      repositoryId: "<repoID>",
      name: "<labelname>",
      color: "<labelcolor>",
      description: "<labeldescription>"
    }) {
      label {
        id
      }
    }}
      `;
    console.log(query)
    const resp = await graphql(query)

That does NOT work. It gives me the following error:
GraphqlError: Field 'createLabel' doesn't exist on type 'Mutation'

What am I doing wrong??

I want to search for all the merged PRs in a repository. So I tested below query here which was working fine.

query openPRs($query: String!, $next: String)
{
  search(query: $query, first:10, after:$next, type: ISSUE ){
    edges{
      node{
        ... on PullRequest{
          reviewDecision
          title
          url
          author{
            login
          }
        }
      }
    }
    pageInfo {
        hasNextPage
        endCursor
    }
  }
}

With the parameter

{"query": "repo:octokit/graphql.js is:pr is:merged"}

When I tried to use the same query in graphql.js it gives me an error telling Parse error on "repo" (IDENTIFIER) at [1, 1]

Code Snippet

const QUERY_YOUR_OPEN_PRS = 
`query openPRs($query: String!, $next: String)
{
  search(query: $query, first:10, after:$next, type: ISSUE ){
    edges{
      node{
        ... on PullRequest{
	reviewDecision
	title
         url
        }
      }
    }
    pageInfo {
        hasNextPage
        endCursor
    }
  }
}`;

export async function openPRs(accessToken, owner="octokit", repo="graphql.js", ep="https://api.github.com") {
	const graphqlWithAuth = graphql.defaults({
		baseUrl: ep,
		headers: {
			authorization: "token " + accessToken,
		},
	});
	const result = {
		"REVIEW_REQUIRED":[],
		"APPROVED":[],
		"CHANGES_REQUESTED":[]
	}
	try{
		let nextCursor = null;
		const query = `repo:${owner}/${repo} is:pr is:merged`
		while(true){
			const response = await graphqlWithAuth(QUERY_YOUR_OPEN_PRS, {
				query: query,
				next: nextCursor
			});
			response.data.search.edges.forEach(item => {
				const url = item.node.url;
				const title = item.node.title;
				result[item.node.reviewDecision].push({"url": url, "title": title})
			});
			if(!response.data.pageInfo.hasNextPage){
				break;
			}else{
				nextCursor = response.data.pageInfo.endCursor;
			}
		}
		
	}catch(error){
		console.log("Request failed:", error.request);
		console.log(error.message);
	}
	console.log("openPRs",result);
	return result;
}

Suppose someone is using this library to adding a star to a repository, where the repository ID comes from user input. If they don't know about GraphQL variables and they're being careless, they might implement it like this:

async function addStar(repoId) {
  const graphql = require('@octokit/graphql').defaults({
    headers: {
      authorization: `token secret123`
    }
  });

  const results = await graphql(`
    mutation {
      addStar(input: {clientMutationId: "x", starrableId: "${repoId}"}) {
        clientMutationId
      }
    }
  `);
}

This example code is vulnerable to a "GraphQL injection" attack, where someone could modify the structure of the query or perform additional actions by supplying malicious user input. (This works in a similar manner to a SQL injection attack.) For example, a malicious user could provide the following string in this case to maliciously add a topic to a repository:

some-repo-id"}) {
		clientMutationId
  }
  updateTopics(input: {clientMutationId: "y", topicNames:["evil-topic"], repositoryId: "some-other-repo-id

...which would result in the following malicious query getting executed after string concatenation happens:

mutation {
  addStar(input: {clientMutationId: "x", starrableId: "some-repo-id"}) {
		clientMutationId
  }
  updateTopics(input: {clientMutationId: "y", topicNames:["evil-topic"], repositoryId: "some-other-repo-id"}) {
		clientMutationId
  }
}

It's true that there's a way to rewrite this function to be safer (by using GraphQL variables), and similarly SQL engines usually allow for prepared statements. However, in SQL's case, developers still frequently shoot themselves in the foot and add injection vulnerabilities by using string concatenation, either by mistake or due to not knowing better. As a result, the broad consensus is that it's better if SQL libraries prevent string concatenation entirely (e.g. by not accepting strings as arguments). I think it would be a good idea if this library did a similar thing for GraphQL queries.

What would you think about the following alternative API?

// note: tagged template, not a regular function call
//                          ↓
const results = await graphql`
  mutation {
    addStar(input: {clientMutationId: "x", starrableId: ${repoId}}) {
      clientMutationId
    }
  }
`;

The library would expose a template tag function which either escapes embedded expressions or replaces them all embedded expressions with GraphQL variables, and adds them to the query appropriately. As far as I can tell, this would make it extremely difficult for someone to shoot themself in the foot and introduce an injection attack, because there would be no easy way to concatenate a string while still calling a template tag function.

If someone needed to use additional arguments (e.g. headers), they could use graphql.defaults:

const results = await graphql.defaults({ /* ... */ })`
  mutation { ... }
`

(With this design, you would probably want to guard against someone accidentally calling graphql(`foo`) or graphql([`foo`]) instead of graphql`foo` . This could be accomplished by making sure the first argument to the graphql function is an array with a raw property.)

Thanks for considering -- I don't mean to drop into the issue tracker and tell you how you should be designing your library. That said, I think a change like this would prevent a significant number of security bugs, and it would be easier to make earlier before compatibility is too big a concern.

The dependency @octokit/request was updated from 2.3.0 to 2.4.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@octokit/request is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

compare setup in https://github.com/octokit/request.js/.

Would love some help with this one :)

Opened a related issue in the Pika builder repo: issue 83. This is something that should be fixed in the plugin-ts-standard-pkg repository. In the meantime, I think we need a patch solution here.

The Issue
In graphql 4.0.0, submodule definition files were generated to 'dist-types' by the pika builder. Developers will only get access to the the definitions for index.d.ts because of where and how the source files were generated.

Solutions

• Add all the submodules as exports to index.ts. This requires a major version bump when the exports are eventually removed from index.ts. This pattern could also run into naming collisions.
• Copy the generated d.ts files to node-src directory. This should probably be done in a post-build script.

The type signature of the graphql call says the result is a GraphQlQueryResponse, which is defined as:

A object that has a data attribute and an optional errors attribute.

However, the implementation of the graphql call returns something entirely different:

It returns the contents of the data attribute and passes the errors by throwing an exception.

This behaviour is very confusing, as the type information is lying about the implementation. This resulted in some downtime on my application after an update of probot, as I presumed in my tests and mocks that the type information is correct. Refactorings were made to accomodate the new type signature of the graphql call, however the graphql call is the part that is mocked in tests.

Since this is something that I think more people would run into, I'm a bit doubtful the above findings are indeed correct. This problem did not seem to be reported yet? Am I doing something wrong?

I thought the implementation would need to look something like:

return request(requestOptions).then(response => response.data)

Hey I am using github graphql for an interesting feature, I am fetching all repos in an organisation, then going over each repo and checking if a certain package is used.

This is enterprise github, also means that everything runs behind a vpc in aws.
When I run the query locally, everything works fine, but once I run it in aws lambda, I get this error below, but the funny thing is that this error is only appearing after a few times that the query is running. so my query is using pagination, for some pages it will work, but then it will fail.
Can you please explain what is wrong here? (limit is not the issue, I'm barely using 20 requests, limit is at 60000)

{
    "name": "HttpError",
    "status": 403,
    "headers": {
        "access-control-allow-origin": "*",
        "access-control-expose-headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type",
        "connection": "close",
        "content-encoding": "gzip",
        "content-security-policy": "default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.git.autodesk.com media.git.autodesk.com www.githubstatus.com git.autodesk.com; font-src assets.git.autodesk.com; form-action 'self' git.autodesk.com gist.git.autodesk.com; frame-ancestors 'none'; frame-src render.git.autodesk.com; img-src * data:; manifest-src 'self'; media-src 'none'; script-src assets.git.autodesk.com; style-src 'unsafe-inline' assets.git.autodesk.com",
        "content-type": "application/json; charset=utf-8",
        "date": "Sun, 02 Aug 2020 06:48:34 GMT",
        "gh-limited-by": "time-based",
        "gh-limited-group": "api",
        "referrer-policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
        "retry-after": "60",
        "server": "GitHub.com",
        "status": "403 Forbidden",
        "strict-transport-security": "max-age=31536000; includeSubdomains",
        "transfer-encoding": "chunked",
        "x-content-type-options": "nosniff",
        "x-frame-options": "deny",
        "x-github-media-type": "github.v3; format=json",
        "x-github-request-id": "cf91f874-4f3e-452f-b3e1-288b01fff0c7",
        "x-runtime-rack": "0.015880",
        "x-xss-protection": "1; mode=block"
    },
    "request": {
        "method": "POST",
        "url": "https://git.autodesk.com/api/graphql",
        "headers": {
            "accept": "application/vnd.github.v3+json",
            "user-agent": "octokit-graphql.js/4.5.1 Node.js/10.21.0 (Linux 4.14; x64)",
            "authorization": "Bearer [REDACTED]",
            "content-type": "application/json; charset=utf-8"
        },
        "body": "{\"query\":\"\\nquery SearchMostTop10Star($queryString: String!, $pageSize: Int!) {\\n  rateLimit {\\n    limit\\n    cost\\n    remaining\\n    resetAt\\n  }\\n  search(query: $queryString, type: REPOSITORY, first: $pageSize , after: \\\"Y3Vyc29yOjcwMA==\\\") {\\n    pageInfo {\\n      endCursor\\n      hasNextPage\\n    }\\n    repositoryCount\\n    edges {\\n      node {\\n        ... on Repository {\\n          name\\n          url\\n          defaultBranchRef {\\n            name\\n            target {\\n              ... on Commit {\\n                tree {\\n                  entries {\\n                    name\\n                    object {\\n                      ... on Blob {\\n                        text\\n                      }\\n                      ... on Tree {\\n                        entries {\\n                          name\\n                          type\\n                          object {\\n                            ... on Blob {\\n                              text\\n                            }\\n                          }\\n                        }\\n                      }\\n                    }\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      }\\n    }\\n  }\\n}\\n\",\"variables\":{\"queryString\":\"org:BIM360\",\"pageSize\":100}}"
    },
    "documentation_url": "https://developer.github.com/v3/#abuse-rate-limits"
}

I also get this error

ERROR	{ HttpError: You have triggered an abuse detection mechanism. Please wait a few minutes before you try again.
    at response.text.then.message (/var/task/node_modules/@octokit/request/dist-node/index.js:66:23)
    at process._tickCallback (internal/process/next_tick.js:68:7)
  name: 'HttpError',
  status: 403,
  headers:
   { 'access-control-allow-origin': '*',
     'access-control-expose-headers':
      'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type',
     connection: 'close',
     'content-encoding': 'gzip',
     'content-security-policy':
      'default-src \'none\'; base-uri \'self\'; block-all-mixed-content; connect-src \'self\' uploads.git.autodesk.com media.git.autodesk.com www.githubstatus.com git.autodesk.com; font-src assets.git.autodesk.com; form-action \'self\' git.autodesk.com gist.git.autodesk.com; frame-ancestors \'none\'; frame-src render.git.autodesk.com; img-src * data:; manifest-src \'self\'; media-src \'none\'; script-src assets.git.autodesk.com; style-src \'unsafe-inline\' assets.git.autodesk.com',
     'content-type': 'application/json; charset=utf-8',
     date: 'Sun, 02 Aug 2020 07:19:26 GMT',
     'gh-limited-by': 'time-based',
     'gh-limited-group': 'api',
     'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
     'retry-after': '60',
     server: 'GitHub.com',
     status: '403 Forbidden',
     'strict-transport-security': 'max-age=31536000; includeSubdomains',
     'transfer-encoding': 'chunked',
     'x-content-type-options': 'nosniff',
     'x-frame-options': 'deny',
     'x-github-media-type': 'github.v3; format=json',
     'x-github-request-id': 'ccd7a053-e6af-4e64-9ae2-c2ce85343a24',
     'x-runtime-rack': '0.007449',
     'x-xss-protection': '1; mode=block' },
  request:
   { method: 'POST',
     url: 'https://git.autodesk.com/api/graphql',
     headers:
      { accept: 'application/vnd.github.v3+json',
        'user-agent': 'octokit-graphql.js/4.5.1 Node.js/10.21.0 (Linux 4.14; x64)',
        authorization: 'Bearer [REDACTED]',
        'content-type': 'application/json; charset=utf-8' },
     body:
      '{"query":"\\nquery SearchMostTop10Star($queryString: String!, $pageSize: Int!) {\\n  rateLimit {\\n    limit\\n    cost\\n    remaining\\n    resetAt\\n  }\\n  search(query: $queryString, type: REPOSITORY, first: $pageSize , after: \\"Y3Vyc29yOjgwMA==\\") {\\n    pageInfo {\\n      endCursor\\n      hasNextPage\\n    }\\n    repositoryCount\\n    edges {\\n      node {\\n        ... on Repository {\\n          name\\n          url\\n          defaultBranchRef {\\n            name\\n            target {\\n              ... on Commit {\\n                tree {\\n                  entries {\\n                    name\\n                    object {\\n                      ... on Blob {\\n                        text\\n                      }\\n                      ... on Tree {\\n                        entries {\\n                          name\\n                          type\\n                          object {\\n                            ... on Blob {\\n                              text\\n                            }\\n                          }\\n                        }\\n                      }\\n                    }\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      }\\n    }\\n  }\\n}\\n","variables":{"queryString":"org:BIM360","pageSize":100}}' },
  documentation_url: 'https://developer.github.com/v3/#abuse-rate-limits' }

The structure of the graphql looks like:
search(first:10, type:ISSUE, query:"<string>") {...}
but to parameterize it I would do:

query: `search(first:10 type:ISSUE $query String!) {...}`,
query: <string>
}

But clearly that doesn't work...

This is a follow up issue to octokit/auth-app.js#111 @lencioni

Minimal test case to reproduce the problem

const { createAppAuth } = require("@octokit/auth-app");
const { request } = require("@octokit/request");
const { graphql } = require("@octokit/graphql");

const GITHUB_BASE_URL = "https://ghe.io";

test();

function test() {
  const auth = createAppAuth({
    id: process.env.APP_ID,
    privateKey: process.env.PRIVATE_KEY,
    installationId: process.env.INSTALLATION_ID,
  });
  const graphqlWithAuth = graphql.defaults({
    baseUrl: `${process.env.HOST}/api`,
    request: {
      hook: auth.hook,
    },
  });

  graphqlWithAuth(
    `query {
      viewer {
        login
      }
    }`
  ).then(console.log, (error) => {
    console.log(error);
    process.exit(1);
  });
}

The script currently fails with 406

The problem is that using auth.hook will utilize the request instance that it was passed into. That means that the @octokit/auth-app instance will use ${process.env.HOST}/api as baseURL which will result it sending the request to create an installation access token to

POST https://[GHES HOST]/api/app/installations/83/access_tokens

But the correct URL is

POST https://[GHES HOST]/api/v3/app/installations/83/access_tokens

I will workaround it by updating the README to set baseUrl to https://[GHES host]/api/v3 instead of https://[GHES host]/api, and then replacing the /api/v3 suffix in the baseUrl with just /api for the GraphQL requests only.

This will resolve the problem at hand. The real fix to this is to remove any suffix from the baseUrl option across all Octokit packages, and add it only as needed. We have been bitten by this several times in the past. This will require much more work and might introduce breaking changes, so I'll address that later.

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Cannot push to the Git repository.

semantic-release cannot push the version tag to the branch master on the remote Git repository with URL https://x-access-token:[secure]@github.com/octokit/graphql.js.git.

This can be caused by:

• a misconfiguration of the repositoryUrl option
• the repository being unavailable
• or missing push permission for the user configured via the Git credentials on your CI environment

Good luck with your project ✨

Your semantic-release bot 📦🚀

In some cases the API might return partial data with an error, e.g.:

{
  "data": {
    "repository": {
      "ref": null
    }
  },
  "errors": [
    {
      "type": "INVALID_CURSOR_ARGUMENTS",
      "path": [
        "repository",
        "ref",
        "target",
        "history"
      ],
      "locations": [
        {
          "line": 6,
          "column": 11
        }
      ],
      "message": "`123` does not appear to be a valid cursor."
    }
  ]
}

https://github.com/octokit/graphql.js/blob/master/lib/graphql.js#L30 suggests that when the API returns partial data and an error it will just return the data. Now my question is, how can I know that the API returns an error? As far as I can see I can't get access to the error object.

Is there any baked-in solution that allows to wait if rate-limit exceeded?

Or just any rate-limit interaction?

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

No npm token specified.

An npm token must be created and set in the NPM_TOKEN environment variable on your CI environment.

Please make sure to create an npm token and to set it in the NPM_TOKEN environment variable on your CI environment. The token must allow to publish to the registry https://registry.npmjs.org/.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Hi,
Would it be possible to extend the graphQL API to allow sorting the list of pull requests by mergedAt?

This would be very helpful in automating the creation of CHANGELOG files since it would allow us to:

1. Use the API to fetch the createdAt timestamp of the last release
2. Get the list of PRs sorted by mergedAt and iterate through that list, saving each PR until we find the first PR with mergedAt timestamp before the timestamp of the last release.

This would save us from having to fetch all the PRs.

Thank you.

The devDependency webpack was updated from 4.38.0 to 4.39.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

webpack is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Hello, I've been using @octokit/rest for a while, and started porting my code to graphql, but I'm missing the typings that were super useful (https://github.com/octokit/rest.js/blob/master/scripts/templates/index.d.ts.tpl)
Would you consider adding something similar for graphql?

Follow up to probot/probot#484

GraphQL returns great error messages:

GraphQLError: [{"message":"Resource not accessible by integration","type":"FORBIDDEN","path":["resource","author","hovercard"],"locations":[{"line":11,"column":15}]}]

We should take advantage of that and make them B-E-A-utiful!

There was an error in your GraphQL Query:

on line 11, column 15:
              ... on User {
                hovercard {
                
                ^-- FORBIDDEN: Resource not accessible by integration

I think we probably shouldn't put this into @octokit/graphql itself, but an Octokit plugin, because the JSON response message can be processed more easily by other tooling. But either way, if anyone would like to work on it, I'd be happy to collaborate

The devDependency semantic-release was updated from 15.13.20 to 15.13.21.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

semantic-release is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency semantic-release was updated from 15.13.18 to 15.13.19.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

semantic-release is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Hi

I'm trying to run some of the examples from the readme and I'm seeing some odd return types:

Example:

const { repository } = await graphql(`
    {
      repository(owner: "octokit", name: "graphql.js") {
        issues(last: 3) {
          edges {
            node {
              title
            }
          }
        }
      }
    }
);

The error I get is:

Property 'respoitory' does not exist on type 'GraphQlQueryResponseData'.ts(2339)

I understand that since the query is provided dynamically it is not possible for Typescript to determine the exact return type. I'd therefore expect it to be possible to provide a data return type like:

const { respoitory } = await graphql<{ repository: { ... }}>(

What is the suggested approach?

Thanks!

Hi,

I'm a little confused about where to report this issue, but since this package is the top level dependency I'm importing, I'll start here and see where I end up.

I'm having trouble using this library in a Create React App app. When I make a query, you call @octokit/request, which calls is-plain-object. In node, that's fine, but in my web app I'm getting isPlainObject is not a function. In this case, isPlainObject is an object on which the property default is the function. I think this is some confusion about module importing. Since you're not exporting a webpacked copy of @octokit/request, I guess webpack runs on your code too, and since webpack prefers commonjs libraries, it's pulling in the commonjs copy of is-plain-object, which your code doesn't handle.

I'm also using @octokit/rest, but that pulls in const request = require('@octokit/request/lib/request'), rather than const request = require('@octokit/request'), which might avoid the issue somehow.

Maybe also related: @octokit/rest is using "is-plain-object": "^3.0.0" via "@octokit/request": "3.0.2", whereas @octokit/graphql is using
"is-plain-object": "^2.0.4" via "@octokit/request": "^3.0.0", which seems significant given that is-plain-object ships a cjs export in 3.0.0 but not in 2.0.4.

I'm also using @octokit/rest, which works fine, but I'm still on v15, which doesn't use @octokit/request. When I upgrade to @octokit/rest@16, I get the same problem.

Looking forward to hearing if you have any thoughts. More than happy to go to other repos if issues are more relevant there.

Best,

Hugh

🆕🐥☝ First Timers Only.

This issue is reserved for people who never contributed to Open Source before. We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you 💝

About First Timers Only.

🤔 What you will need to know.

The Pika CDN is now Skypack, see https://www.pika.dev/cdn. The CDN at https://cdn.pika.dev/ no longer works, all URLs must be replaced with the new CDN: https://cdn.skypack.dev/. We currently recommend using cdn.pika.dev to import the library into the browser, but that no longer works. Replacing it with cdn.skypack.dev will make it work again.

📋 Step by Step

• 🙋 Claim this issue: Comment below.

  More than one person can work on this issue, don't worry if it's already claimed.

• 📝 Update the file \README.md (press the little pen Icon) and edit as shown below:

@@ -29,11 +29,11 @@
 Browsers
 </th><td width=100%>
 
-Load `@octokit/graphql` directly from [cdn.pika.dev](https://cdn.pika.dev)
+Load `@octokit/graphql` directly from [cdn.skypack.dev](https://cdn.skypack.dev)
 
 ```html
 <script type="module">
-  import { endpoint } from "https://cdn.pika.dev/@octokit/graphql";
+  import { endpoint } from "https://cdn.skypack.dev/@octokit/graphql";
 </script>
 ```
 

• 💾 Commit your changes

• 🔀 Start a Pull Request. There are two ways how you can start a pull request:

  1. If you are familiar with the terminal or would like to learn it, here is a great tutorial on how to send a pull request using the terminal.
  2. You can edit files directly in your browser

• 🏁 Done Ask for a review :)

If there are more than one pull requests with the correct change, we will merge the first one, but attribute the change to all authors who made the same change using @Co-authored-by, so yo can be sure your contribution will count.

🤔❓ Questions

Leave a comment below!

This issue was created by First-Timers-Bot.

Use case

To be able to use more than one Github Schema Preview.

Type

bug 🐛

Issue

Right now, as far as I understand, there is not a way to pass more than one Accept header to use more than one Github Schema Preview.

Using mediaType attribute would be the way to go but apparently it is ignored when calling internally to @octokit/request:

Proposal

To support mediaType as a NON_VARIABLE key when parametrizing GraphQL

When hovering over the graphql method, it currently shows the description of @octokit/request, describing the route parameter. It should describe the query parameter instead

This issue contains a list of Renovate updates and their statuses.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

• build(deps): lock file maintenance

Other Branches

These updates are pending. To force PRs open, click the checkbox below.

• build(deps): update dependency trim-newlines to 3.0.1 [security]

• Check this box to trigger a request for Renovate to run again on this repository

The devDependency webpack was updated from 4.35.3 to 4.36.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

webpack is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency coveralls was updated from 3.0.5 to 3.0.6.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

coveralls is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency semantic-release was updated from 17.0.2 to 17.0.3.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

semantic-release is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency @types/node was updated from 12.12.1 to 12.12.2.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@types/node is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

When trying to use this library inside a Cloudflare Worker it crashes with following error message

Uncaught ReferenceError: navigator is not defined

This happens when adding

import { graphql } from "@octokit/graphql";

Good point! Maybe we could do a similar typescript verification test as we do in @octokit/rest?

https://github.com/octokit/rest.js/blob/fc62e6b98625830e1c60ba6c630306468b4c65a9/package.json#L66

Originally posted by @gr2m in #256 (comment)

Hi,

Unlike @octokit/rest or @octokit/graphql requests made when unauthenticated, requests made when authenticated lack the response headers.

In particular, this is of an issue to me because I am unable to obtain the x-github-request-id header in order to escalate certain problematic API responses to GitHub support without this field.

Repro:

const { graphql } = require("@octokit/graphql");
graphqlt = graphql.defaults({
  headers: {
    authorization: // pass in auth here
  },
});

async function run() {
  try {
    const pr = await graphqlt(`
      {
        viewer {
          bioHtm
        }
      }
    `);
  } catch (e) {
    // e lacks headers field
 // {
//   "errors": [
//     {
//       "path": ["query", "viewer", "bioHtm"],
//       "extensions": {
//         "code": "undefinedField",
//         "typeName": "User",
//         "fieldName": "bioHtm"
//       },
//       "locations": [{ "line": 4, "column": 11 }],
//       "message": "Field 'bioHtm' doesn't exist on type 'User'"
//     }
//   ],
//   "name": "GraphqlError",
//   "request": {
//     "query": "\n      {\n        viewer {\n          bioHtm\n        }\n      }\n    "
//   }
// }

  }
}

run();

Expected

Exception to be:

{
  "name": "HttpError",
  "status": 401,
  "headers": {
    "access-control-allow-origin": "*",
    "access-control-expose-headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset",
    "connection": "close",
    "content-length": "131",
    "content-security-policy": "default-src 'none'",
    "content-type": "application/json; charset=utf-8",
    "date": "Tue, 28 Jul 2020 03:06:05 GMT",
    "referrer-policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
    "server": "GitHub.com",
    "status": "401 Unauthorized",
    "strict-transport-security": "max-age=31536000; includeSubdomains; preload",
    "vary": "Accept-Encoding, Accept, X-Requested-With",
    "x-content-type-options": "nosniff",
    "x-frame-options": "deny",
    "x-github-media-type": "github.v3; format=json",
    "x-github-request-id": "E223:1639:25E79C5:4001008:5F1F961D",
    "x-ratelimit-limit": "0",
    "x-ratelimit-remaining": "0",
    "x-ratelimit-reset": "1595909165",
    "x-xss-protection": "1; mode=block"
  },
  "request": {
    "method": "POST",
    "url": "https://api.github.com/graphql",
    "headers": {
      "accept": "application/vnd.github.v3+json",
      "user-agent": "octokit-graphql.js/4.5.2 Node.js/12.18.2 (win32; x64)",
      "content-type": "application/json; charset=utf-8"
    },
    "body": "{\"query\":\"\\n      {\\n        viewer {\\n          bioHtm\\n        }\\n      }\\n    \"}"
  },
  "documentation_url": "https://developer.github.com/v3/#authentication"
}

You can actually get such an exception with this repro:

const { graphql } = require("@octokit/graphql");

async function run() {
  try {
    const pr = await graphql(`
      {
        viewer {
          bioHtm
        }
      }
    `);
    debugger;
  } catch (e) {
    debugger;

    console.dir(e);
  }
}

run();

The devDependency coveralls was updated from 3.0.4 to 3.0.5.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

coveralls is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency fetch-mock was updated from 7.5.0 to 7.5.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

fetch-mock is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Missing package.json file.

A package.json file at the root of your project is required to release on npm.

Please follow the npm guideline to create a valid package.json file.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Hi,

Please delete this issue if this isn't the right place to submit feature requests for the GitHub GraphQL API. If you can point me to the right place, even better!

I'm working on an app that displays all a users repositories in a sortable and filterable table so that they can easily identify issues with their repos setup, and prioritize fixes (like "all non-archived repos should be tagged and have <x security vulnerabilities"). I saw the new "used by" badge on GitHub repositories - great stuff! I would love to add a column for this to my app, because I think it would be a good heuristic for prioritizing fixes. I haven't been able to find a way to access this data with the GraphQL API - only dependencies (rather than dependents) are available.

FWIW, I've worked with triaging on public feature requests issue trackers for APIs, and I feel like I should clarify that this is really just a suggestion, and I don't expect it to happen soon, but it would be nice if it happened at all 😄

Thanks!

Hugh

The devDependency webpack was updated from 4.29.5 to 4.29.6.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

webpack is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Description

I'm experiencing an issue using a Preview Schema from Github. Even the request succeeds and it retrieves the data I'm expecting, it also replies with errors. Since there are errors, I can't use @octokit/graphql utility to get the response.

Already reported here to Github

Example Request

query($org: String!) {
    organization(login: $org) {
        repositories(first: 100) {
            nodes {
                name
                dependencyGraphManifests(first: 1) {
                    nodes {
                        dependenciesCount
                    }
                }
            }
        }
    }
}

Example Response

{
   "data": { "organization": ...}
   "errors": [ ... ]
}

Proposal

To add option when creating graphql(request, query,options) to skip this check:

Something like allowResponseErrors: true and set it as false by default.

Hey,

Understand that pagination in GraphQL isn't the same as pagination within REST. One thing that we had to do when using this library is to build our own helper function around how to handle retires/pagination when returning a subset of data which is large.

It would be great if this library could handle some of that an abstract that behind the scenes so we wouldn't have to build our own helper functions which lie on top of this library.

The function we built looked something like this:

const withPagination = (queryFunc, pluckCursor) => async (
  client,
  variables = {}
) => {
  const cursor = variables.cursor || null;
  return queryFunc(client, Object.assign({}, variables, { cursor })).then(
    async results => {
      const intermediate = Array.isArray(results) ? results : [results];
      const nextCursor = pluckCursor(results);
      if (!nextCursor) {
        return intermediate;
      }
      const nextResults = await withPagination(queryFunc, pluckCursor)(
        client,
        Object.assign({}, variables, { cursor: nextCursor })
      );
      return intermediate.concat(nextResults);
    }
  );
};

We would be happy to contribute back to this package, but first, want to understand your thoughts/motivate towards this feature/use case?

What happened?
When trying to import GraphQlQueryResponseData type from @octokit/graphql.js is not possible because it is not exposed. Only graphql interface inside types.ts is exported

What did you expect to happen?
To be able to import it directly from the lib without accessing dist-types/ folder

What the problem might be
Pika plugin when generating types exposure

The devDependency @types/node was updated from 12.12.15 to 12.12.16.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@types/node is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

This works:

const graphql = require('@octokit/graphql');

(async function() {
  await graphql(
    `
      query {
        viewer {
          login
        }
        rateLimit {
          limit
          cost
          remaining
          resetAt
        }
      }
    `, {headers: {authorization: 'bearer ASDJKLHDSFKLJSDHFSD'}})
}());

This fails with an HTTP 401:

const graphql = require('@octokit/graphql');

(async function() {
  graphql.defaults({headers: {authorization: 'bearer ASDJKLHDSFKLJSDHFSD'}});
  await graphql(
    `
      query {
        viewer {
          login
        }
        rateLimit {
          limit
          cost
          remaining
          resetAt
        }
      }
    `)
}());