Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yarn policies set-version with a GITHUB_TOKEN issues a deprecation notice email from GitHub #8227

Open
pixelastic opened this issue Jul 10, 2020 · 1 comment
Open

yarn policies set-version with a GITHUB_TOKEN issues a deprecation notice email from GitHub #8227

pixelastic opened this issue Jul 10, 2020 · 1 comment

Comments

@pixelastic
Copy link

Bug description

When I run GITHUB_TOKEN=XXXX yarn policies set-version to commit the latest yarn version inside my repo everything works correctly. Then, some time later, I will receive an email from GitHub similar to this (personal info removed):

Hi @pixelastic,

On June 25th, 2020 at 13:49 (UTC) your personal access token (XXXXXX) using yarn/1.21.1 npm/? node/v12.12.0 linux x64 was used as part of a query parameter to access an endpoint through the GitHub API:

https://api.github.com/repositories/49970642/releases

Please use the Authorization HTTP header instead, as using the access_token query parameter is deprecated. If this token is being used by an app you don't have control over, be aware that it may stop working as a result of this deprecation.

Depending on your API usage, we'll be sending you this email reminder on a monthly basis for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param for more information about suggested workarounds and removal dates.

Thanks,
The GitHub Team

When a GITHUB_TOKEN env variable is found, yarn uses it to do an authenticated call to the GitHub API (to bypass any rate limit as implemented here #6912).

But GitHub is deprecating passing the token as a query parameter; it should now be passed as a header instead, so this call triggers a warning that in turn sends an email.

Command

GITHUB_TOKEN=XXXX yarn policies set-version

What is the current behavior?
Local yarn version is correctly installed. No warning is displayed in the CLI interface. Everything seems to work correctly.

But a strange email will soon appear in one's inbox, and it can be confusing understanding where it is coming from. More importantly, the feature will stop working when GitHub completely stops accepting the token this way.

What is the expected behavior?
No deprecation notice email should be received. yarn should pass the token through a header instead of a query string.

Steps to Reproduce

  1. Run GITHUB_TOKEN=XXX yarn policies set-version in any repo (with a valid GITHUB_TOKEN)
  2. Wait (from a few minutes to a couple hours) for the email to arrive

Environment

  • Node Version: v12.12.0
  • Yarn v1 Version: 1.21.1
  • OS and version: Ubuntu 18.04.4 LTS
@dioptre
Copy link

dioptre commented Nov 2, 2021

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pixelastic @dioptre