Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: octokit.dependabot.listAlertsForRepo does not respect severity #458

Closed
1 task done
kunalnagar opened this issue Jul 27, 2024 · 6 comments
Closed
1 task done

[BUG]: octokit.dependabot.listAlertsForRepo does not respect severity #458

kunalnagar opened this issue Jul 27, 2024 · 6 comments
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented

Comments

@kunalnagar
Copy link

What happened?

Calling octokit.dependabot.listAlertsForRepo with a severity filter does not respect the passed in value. For e.g:

const response = await octokit.dependabot.listAlertsForRepo({
  owner: repositoryOwner,
  repo: repositoryName,
  state: 'open',
  severity: 'low',
  ecosystem: 'npm',
  per_page: 10,
})

returns a list of ALL severities, and not just low

image

Versions

Octokit.js 20.0.2 or even the latest 21.0.1
Node.js 20

Relevant log output

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@kunalnagar kunalnagar added Status: Triage This is being looked at and prioritized Type: Bug Something isn't working as documented labels Jul 27, 2024
@github-actions GitHub Actions
Copy link
Contributor

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@kunalnagar kunalnagar mentioned this issue Jul 27, 2024
Closed
@wolfy1339
Copy link
Member

wolfy1339 commented Jul 27, 2024
edited
Loading

We don't do anything specific with parameters. Every parameter that is defined in the code gets sent.

Can you reproduce the issue if you send the request manually using octokit.request()?

Has this parameter been added recently? We're behind on updates to the API from GitHub due to some issues.

octokit/openapi#452

@kunalnagar
Copy link
Author

kunalnagar commented Jul 27, 2024
edited
Loading

@wolfy1339

Can you reproduce the issue if you send the request manually using octokit.request()?

Yep, same result using octokit.request() as well:

Has this parameter been added recently?

Don't think so. I see it in the REST API as well as in the 20.0.2 version of octokit/rest

Context:
I was made aware of this issue via this GitHub action I maintain. Folks there seem to think it may be related to the way getInput works on actions/toolkit.

When I use it locally on a simple node.js app (outside of github actions context) it works great! So maybe something is going on with Actions? Do you think that might be the place to open this request? Thanks!

Here's a sample run that shows all severities being logged
Here's the commit just FYI

@kfcampbell kfcampbell moved this from 🆕 Triage to 🔥 Backlog in 🧰 Octokit Active Jul 29, 2024
@kfcampbell kfcampbell added Status: Up for grabs Issues that are ready to be worked on by anyone and removed Status: Triage This is being looked at and prioritized labels Jul 29, 2024
@kunalnagar
Copy link
Author

@kfcampbell @wolfy1339 - I did a bit more debugging and it seems that the culprit is the ecosystem key. If I pass in an empty string to ecosystem, it does not respect the severity param it seems. Hope this helps!

Screen.Recording.2024-08-03.at.9.49.24.PM.mov

@wolfy1339
Copy link
Member

Try reporting it over in https://github.com/orgs/community/discussions/categories/api-and-webhooks

This doesn't seem like an issue with octokit

@kunalnagar
Copy link
Author

@wolfy1339 - created: https://github.com/orgs/community/discussions/134561

Closing this issue out. Thank you for pointing me in the right direction 👍

@github-project-automation github-project-automation bot moved this from 🔥 Backlog to ✅ Done in 🧰 Octokit Active Aug 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Up for grabs Issues that are ready to be worked on by anyone Type: Bug Something isn't working as documented
Projects
🧰 Octokit Active
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kunalnagar @wolfy1339 @kfcampbell