Skip to content

Update octokit monorepo (major)#2844

Merged
gardener-prow[bot] merged 2 commits intomasterfrom
renovate/major-octokit-monorepo
Apr 24, 2026
Merged

Update octokit monorepo (major)#2844
gardener-prow[bot] merged 2 commits intomasterfrom
renovate/major-octokit-monorepo

Conversation

@gardener-ci-robot
Copy link
Copy Markdown
Contributor

@gardener-ci-robot gardener-ci-robot commented Mar 20, 2026
edited by coderabbitai Bot
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@octokit/auth-app ^6.0.4^8.0.0 age confidence
@octokit/core ^5.1.0^7.0.0 age confidence
@octokit/plugin-paginate-graphql ^4.0.1^6.0.0 age confidence
@octokit/plugin-paginate-rest ^9.2.1^14.0.0 age confidence
@octokit/plugin-request-log ^4.0.1^6.0.0 age confidence
@octokit/plugin-rest-endpoint-methods ^10.4.1^17.0.0 age confidence

Release Notes

octokit/auth-app.js (@​octokit/auth-app)

v8.2.0

Compare Source

Features
  • handling exp is too far in the future (#​699) (6201580)
  • Add enterprise installation route to JWT-authenticated routes (#​736) (5b218af)

v8.1.2

Compare Source

Bug Fixes

v8.1.1

Compare Source

Bug Fixes

v8.1.0

Compare Source

Features
  • support using a remote HSM or JWT signing service in lieu of private keys (#​712) (ef7a95d)

v8.0.2

Compare Source

Bug Fixes

v8.0.1

Compare Source

Bug Fixes

v8.0.0

Compare Source

Continuous Integration
BREAKING CHANGES

  • Drop support for NodeJS v18

  • build: set minimal node version in build script to v20

  • ci: stop testing against NodeJS v18

v7.2.2

Compare Source

Bug Fixes

v7.2.1

Compare Source

Bug Fixes

v7.2.0

Compare Source

Features

v7.1.5

Compare Source

Bug Fixes
  • deps: update octokit dependencies to mitigate ReDos vulnerability [security] (#​678) (499d1f6)

v7.1.4

Compare Source

Bug Fixes

v7.1.3

Compare Source

Bug Fixes

v7.1.2

Compare Source

Bug Fixes

v7.1.1

Compare Source

Bug Fixes
  • respect baseUrl passed as part of request parameters (#​641) (8478cac)

v7.1.0

Compare Source

Features

v7.0.0

Compare Source

Features
BREAKING CHANGES
  • package is now ESM
  • remove type "oauth" that was previously deprecated
octokit/core.js (@​octokit/core)

v7.0.6

Compare Source

Bug Fixes

v7.0.5

Compare Source

Bug Fixes

v7.0.4

Compare Source

Bug Fixes

v7.0.3

Compare Source

Bug Fixes
  • add createLogger to ensure that pino does not break (#​744) (0896c50)

v7.0.2

Compare Source

Bug Fixes

v7.0.1

Compare Source

Bug Fixes

v7.0.0

Compare Source

Continuous Integration
BREAKING CHANGES

  • Drop support for NodeJS v18

  • build: set minimal node version in build script to v20

  • ci: stop testing against NodeJS v18

v6.1.6

Compare Source

Bug Fixes
  • add createLogger to ensure that pino does not break (#​744) (78c6df8)

v6.1.5

Compare Source

Bug Fixes

v6.1.4

Compare Source

Bug Fixes
  • deps: bump Octokit dependencies vulnerable to ReDos (#​723) (582d8bd)

v6.1.3

Compare Source

Bug Fixes
  • deps: bump Octokit dependencies to fix Deno compat (#​715) (e2b21bb)

v6.1.2

Compare Source

Bug Fixes

v6.1.1

Compare Source

Bug Fixes

v6.1.0

Compare Source

Features

v6.0.1

Compare Source

Bug Fixes

v6.0.0

Compare Source

Features
BREAKING CHANGES
  • package is now ESM
  • You can no longer use the @octokit/core/dist-types/types.d import, instead migrate to @octokit/core/types
octokit/plugin-paginate-graphql.js (@​octokit/plugin-paginate-graphql)

v6.0.0

Compare Source

Continuous Integration
BREAKING CHANGES
  • Drop support for NodeJS v18

v5.2.4

Compare Source

Bug Fixes

v5.2.3

Compare Source

Bug Fixes

v5.2.2

Compare Source

Bug Fixes

v5.2.1

Compare Source

Bug Fixes

v5.2.0

Compare Source

Features

v5.1.0

Compare Source

Bug Fixes
Features

v5.0.0

Compare Source

Features
BREAKING CHANGES
  • change spelling of paginateGraphql export to paginateGraphQL
  • fix: add return type annotation
octokit/plugin-paginate-rest.js (@​octokit/plugin-paginate-rest)

v14.0.0

Compare Source

Features
  • add immutable releases, enterprise team membership, enterprise team organization endpoints (413e899)
BREAKING CHANGES
  • Remove GET /projects/{project_id}/columns
  • Remove GET /enterprises/{enterprise}/secret-scanning/alerts

v13.2.1

Compare Source

Bug Fixes

v13.2.0

Compare Source

Features
  • new Projects v2 endpoints, new code scanning dismissal endpoints, many other endpoints (#​690) (0e236cb)

v13.1.1

Compare Source

Bug Fixes
  • handle url in response when using pagination with compareCommits (#​686) (8e5da25)

v13.1.0

Compare Source

Features
  • add paginatantion support for compareCommits and compareCommitsWithBasehead (#​678) (6d8ea8a)

v13.0.1

Compare Source

Bug Fixes
  • deps: update @octokit/types - no new paginated endpoints (#​680) (8ec2713)

v13.0.0

Compare Source

Continuous Integration
BREAKING CHANGES

  • Drop support for NodeJS v18

  • build: set minimal node version in build script to v20

  • ci: stop testing against NodeJS v18

v12.0.0

Compare Source

Features
  • add new org campaigns endpoints and remove deprecated endpoints (#​671) (65d3d50)
BREAKING CHANGES
  • remove deprecated copilot usage endpoints

v11.6.0

Compare Source

Features
  • new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#​666) (1f44b54)

v11.5.0

Compare Source

Features
  • new GET /orgs/{org}/actions/hosted-runners, GET /orgs/{org}/actions/runner-groups/{runner_group_id}/hosted-runners, GET /orgs/{org}/rulesets/{ruleset_id}/history, GET /orgs/{org}/settings/network-configurations, GET /repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#​649) (ef30a05)

v11.4.3

Compare Source

Bug Fixes

v11.4.2

Compare Source

Bug Fixes

v11.4.1

Compare Source

Bug Fixes

v11.4.0

Compare Source

Features
  • new action runner groups endpoints, new code scanning alerts autofix endpoints, new sub-issues endpoints, new private registries enpoints, new code security endpoints, various description updates (#​646) (a73883f)

v11.3.6

Compare Source

Bug Fixes
  • types: bump @octokit/types to improve Deno compatibility (#​642) (acb6a6e)

v11.3.5

Compare Source

Bug Fixes
  • types: improve type extraction for namespaced responses and correct async iterator types (#​637) (e95444d)

v11.3.4

Compare Source

Bug Fixes

v11.3.3

Compare Source

This is the same release as v11.3.0

Bug Fixes

v11.3.1

Compare Source

**Special release to backport newer REST API to CJS users**

Reverts

v11.3.0

Compare Source

Features

v11.2.0

Compare Source

Features

v11.1.1

Compare Source

Bug Fixes

v11.1.0

Compare Source

Features

v11.0.1

Compare Source

Bug Fixes

v11.0.0

Compare Source

Features
BREAKING CHANGES
  • require owner/repo instead of repository_id for environment secrets and variables endpoints

v10.1.0

Compare Source

Features

v10.0.0

Compare Source

Features
BREAKING CHANGES
  • package is now ESM
octokit/plugin-request-log.js (@​octokit/plugin-request-log)

v6.0.0

Compare Source

Continuous Integration
BREAKING CHANGES

  • Drop support for NodeJS v18

  • build: set minimal node version in build script to v20

  • ci: stop testing against NodeJS v18

v5.3.1

Compare Source

Bug Fixes
  • dont throw if error does not have response attached (#​399) (ab4932c)

v5.3.0

Compare Source

Features

v5.2.0

Compare Source

Features

v5.1.1

Compare Source

Bug Fixes

v5.1.0

Compare Source

Features

v5.0.0

Compare Source

Features
BREAKING CHANGES

  • package is now ESM

  • docs(README): update for ESM

octokit/plugin-rest-endpoint-methods.js (@​octokit/plugin-rest-endpoint-methods)

v17.0.0

Compare Source

Features
  • add immutable releases, enterprise team membership, enterprise team organization, custom runner images, many type additions and improvements (#​831) (c82898a)
BREAKING CHANGES
  • Remove listAlertsForEnterprise
  • Several custom property endpoints changed ID

v16.1.1

Compare Source

Bug Fixes
  • deps: update @octokit/types, regenerate documentation (#​827) (75e649b)

v16.1.0

Compare Source

Features
  • new Projects v2 endpoints, new code scanning dismissal endpoints, many other endpoints (#​814) (0a8fdd9)

v16.0.0

Compare Source

Features
  • remove deprecated projects endpoints, remove deprecated copilot usage metric endpoints, add new billing.getGithubBillingUsageReportUser() and credentials.revoke() endpoint methods, private registry methods no longer in private beta, type update (#​803) (4196f01)
BREAKING CHANGES
  • remove deprecated projects v1 endpoints
  • remove deprecated copilot usage metrics endpoints

v15.0.0

Compare Source

Continuous Integration
BREAKING CHANGES

  • Drop support for NodeJS v18

  • build: set minimal node version in build script to v20

  • ci: stop testing against NodeJS v18

v14.0.0

Compare Source

Features
  • add new organization campaign endpoints, remove deprecated endpoints (#​797) (4c8a166)
BREAKING CHANGES
  • remove deprecated copilot metrics endpoints
  • remove deprecated legacy projects endpoints

v13.5.0

Compare Source

Features
  • new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#​792) (58d342e)

v13.4.0

Compare Source

Features
  • new /enterprises/{enterprise}/actions/hosted-runners, /orgs/{org}/actions/hosted-runners, /orgs/{org}/settings/network-configurations, /orgs/{org}/rulesets/{ruleset_id}/history,/repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#​791) (b3fe977)

v13.3.1

Compare Source

Bug Fixes
  • deps: bump @octokit/types - only changes to graphQL (#​783) (519a1ab)

v13.3.0

Compare Source

Features
  • new action runner groups endpoints, new code scanning alerts autofix endpoints, new sub-issues endpoints, new private registries enpoints, new code security endpoints, various description updates (#​777) (5e1ecd4)

v13.2.6

Compare Source

Bug Fixes

v13.2.5

Compare Source

Bug Fixes
  • typescript: bump octokit/types for types for request.request.signal (#​771) (24f5176)

v13.2.4

Compare Source

Bug Fixes

v13.2.2

Compare Source

**Special release to backport new REST API changes to v10/CJS users**

Reverts

v13.2.1

Compare Source

Bug Fixes

v13.2.0

Compare Source

Features

v13.1.1

Compare Source

Bug Fixes
  • pkg: correct path in default export fallback to point to the JS and not the types (#​736) (817060b)

v13.1.0

Compare Source

Features

v13.0.1

Compare Source

Bug Fixes

v13.0.0

Compare Source

Features
  • remove deprecated migration import endpoints and reorder bypass_actors.actor_type enum values to be in alphabetical order (#​731) (85bf1df)
BREAKING CHANGES
  • Remove deprecated migration import endpoints

v12.2.2

Compare Source

Bug Fixes

v12.2.1

Compare Source

Bug Fixes

v12.2.0

Compare Source

Features

v12.1.0

Compare Source

Features
  • security: A

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Summary by CodeRabbit

  • Chores
    • Updated GitHub API integration dependencies to the latest versions for improved performance, stability, and compatibility.

@gardener-ci-robot gardener-ci-robot added kind/enhancement Enhancement, improvement, extension renovate labels Mar 20, 2026
@gardener-prow gardener-prow Bot added cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Mar 20, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 20, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5f4e546b-2235-4339-b4f3-e8569b880f20

📥 Commits

Reviewing files that changed from the base of the PR and between 8d4247f and b5c67df.

⛔ Files ignored due to path filters (33)
  • .yarn/cache/@octokit-auth-app-npm-8.2.0-b1d8cf4b4b-7f1b113c9f.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-oauth-app-npm-9.0.3-fd038a20f9-1b47dc2a6e.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-oauth-device-npm-8.0.3-aefc84d867-2c43d131fb.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-oauth-user-npm-6.0.2-b867408436-7af66189e7.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-token-npm-6.0.0-ac9c37e484-32ecc904c5.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-core-npm-5.2.2-c3527b99ef-b4484d8555.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-core-npm-7.0.6-c27607b839-95a328ff7c.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-endpoint-npm-11.0.3-024b6878f4-3f9b67e692.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-endpoint-npm-9.0.6-7fb8efbd70-8e06197b21.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-graphql-npm-9.0.3-bef8b8b22c-58588d3fb2.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-oauth-authorization-url-npm-6.0.2-7e66c4af6b-8c06e538b3.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-oauth-authorization-url-npm-8.0.0-d5577573b3-ab4964bebd.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-oauth-methods-npm-6.0.2-70af7931c5-51d2f32188.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-openapi-types-npm-20.0.0-1aac079689-5176dcc3b9.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-openapi-types-npm-27.0.0-e607516b0f-602d1de033.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-paginate-graphql-npm-4.0.1-83b19b5121-d559cdc2b5.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-paginate-graphql-npm-6.0.0-3b58d029c0-3545537413.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-paginate-rest-npm-14.0.0-c3b530d1dc-841d79d4cc.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-request-log-npm-4.0.1-bc9d8da84b-6f556f8625.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-request-log-npm-6.0.0-08aa56610e-40e46ad0c7.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-rest-endpoint-methods-npm-17.0.0-c8aba83de2-cf9984d7cf.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-error-npm-5.1.1-f22d0f5771-dc9fc76ea5.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-error-npm-7.1.0-324ff2fadc-62b90a5454.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-npm-10.0.8-6db604af27-7ee384dbeb.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-npm-8.4.1-674ea8d5da-1a69dcb733.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-types-npm-12.6.0-3f6eea3eb3-0bea58bda4.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-types-npm-16.0.0-da01afac91-b8d41098ba.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@types-btoa-lite-npm-1.0.2-858b56e188-daffbb47e4.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@types-jsonwebtoken-npm-9.0.8-a3a60e33de-dd3ccea051.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@wolfy1339-lru-cache-npm-11.0.2-patch.1-4368de22dc-0279b18e46.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/before-after-hook-npm-4.0.0-a80bf6190d-9f8ae8d1b0.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/btoa-lite-npm-1.0.0-e85ee9286e-7a4f0568ae.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/deprecation-npm-2.3.1-e19c92d6e7-23d688ba66.zip is excluded by !**/.yarn/**, !**/*.zip
📒 Files selected for processing (1)
  • .pnp.cjs
🚧 Files skipped from review as they are similar to previous changes (1)
  • .pnp.cjs
📝 Walkthrough

Walkthrough

GitHub App Octokit packages are upgraded to newer major versions in backend/package.json. The Yarn Plug'n'Play runtime cache (.pnp.cjs) is updated to reflect these upgrades, including rewritten transitive dependency mappings, added/removed packages, and updated package locations.

Changes

Cohort / File(s) Summary
Package Dependency Declarations
backend/package.json		 Bumped multiple @octokit/* dependencies to new major versions (@octokit/auth-app, @octokit/core, @octokit/request, @octokit/request-error, @octokit/types, @octokit/plugin-paginate-graphql, @octokit/plugin-paginate-rest, @octokit/plugin-request-log, @octokit/plugin-rest-endpoint-methods). No code exports changed.
Yarn PnP Runtime Cache
.pnp.cjs		 Rewrote embedded dependency map entries for upgraded @octokit/* packages and their transitive deps; updated virtual selectors and packageLocation paths; added dependencies (fast-content-type-parse, json-with-bigint, toad-cache), removed obsolete packages (@types/btoa-lite, @types/jsonwebtoken, btoa-lite, deprecation, @wolfy1339/lru-cache), and bumped before-after-hook to 4.0.0.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

size/L

Suggested reviewers

  • holgerkoser
  • petersutter
  • klocke-io

Poem

🐰 I hopped through yarn and version trees,
Upgraded Octokit with nimble ease,
Caches refreshed, old leaves fall,
New deps scurry across the hall,
A tidy hop — the builds shall please! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is largely incomplete relative to the required template. It lacks required sections: 'How to categorize this PR' (area/kind labels), 'What this PR does / why we need it', 'Which issue(s) this PR fixes', 'Special notes for your reviewer', and 'Release note' details. Only the Renovate-generated changelog is present. Add missing required sections from the template: categorization labels (/area and /kind), explanation of changes, linked issues, reviewer notes, and complete release note information in the specified format.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Update octokit monorepo (major)' clearly and concisely describes the main change, which is updating multiple Octokit packages to major versions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/major-octokit-monorepo

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
.pnp.cjs (1)

3038-3054: Verify octokit.paginate() compatibility with these plugin version bumps.

The codebase uses these plugins conservatively—only basic octokit.paginate() calls via backend/lib/github/index.js:30 and centralized plugin setup in backend/lib/github/octokit.js:13,18. Before merge, compare the breaking changes in @octokit/plugin-paginate-rest@14.0.0 and @octokit/plugin-rest-endpoint-methods@17.0.0 against these two call sites.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.pnp.cjs around lines 3038 - 3054, Check
`@octokit/plugin-paginate-rest`@14.0.0 and
`@octokit/plugin-rest-endpoint-methods`@17.0.0 changelogs for breaking changes,
then verify and update any usages of octokit.paginate() and the centralized
Octokit plugin registration (the module that constructs/configures the Octokit
instance) to match the new APIs; adjust call signatures, import/plugin names, or
plugin registration order as required, run unit/integration tests, and fix any
failing calls discovered during this verification.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@backend/package.json`:
- Around line 42-47: Update the import of the GraphQL paginator in
backend/lib/github/octokit.js: replace the old symbol paginateGraphql with the
new export name paginateGraphQL, and update any usage sites to call
paginateGraphQL accordingly; then verify the import of legacyRestEndpointMethods
from `@octokit/plugin-rest-endpoint-methods` — if legacyRestEndpointMethods is no
longer exported in v17, switch to importing restEndpointMethods and update code
that relied on octokit.* to use octokit.rest.* (or adapt calls to the new method
locations), while confirming createAppAuth and octokit.paginate usage remain
compatible.

---

Nitpick comments:
In @.pnp.cjs:
- Around line 3038-3054: Check `@octokit/plugin-paginate-rest`@14.0.0 and
`@octokit/plugin-rest-endpoint-methods`@17.0.0 changelogs for breaking changes,
then verify and update any usages of octokit.paginate() and the centralized
Octokit plugin registration (the module that constructs/configures the Octokit
instance) to match the new APIs; adjust call signatures, import/plugin names, or
plugin registration order as required, run unit/integration tests, and fix any
failing calls discovered during this verification.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9d30d3e8-4822-4122-97db-5c467b2f6cc2

📥 Commits

Reviewing files that changed from the base of the PR and between 6927de7 and 8d4247f.

⛔ Files ignored due to path filters (40)
  • .yarn/cache/@octokit-auth-app-npm-8.1.2-d029b02913-0888176d84.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-oauth-app-npm-9.0.3-fd038a20f9-1b47dc2a6e.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-oauth-device-npm-8.0.3-aefc84d867-2c43d131fb.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-oauth-user-npm-6.0.2-b867408436-7af66189e7.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-auth-token-npm-6.0.0-ac9c37e484-32ecc904c5.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-core-npm-5.2.2-c3527b99ef-b4484d8555.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-core-npm-7.0.6-c27607b839-95a328ff7c.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-endpoint-npm-11.0.2-b6e189e2d4-878ac12fbc.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-endpoint-npm-9.0.6-7fb8efbd70-8e06197b21.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-graphql-npm-9.0.3-bef8b8b22c-58588d3fb2.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-oauth-authorization-url-npm-6.0.2-7e66c4af6b-8c06e538b3.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-oauth-authorization-url-npm-8.0.0-d5577573b3-ab4964bebd.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-oauth-methods-npm-6.0.2-70af7931c5-51d2f32188.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-openapi-types-npm-20.0.0-1aac079689-5176dcc3b9.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-openapi-types-npm-27.0.0-e607516b0f-602d1de033.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-paginate-graphql-npm-4.0.1-83b19b5121-d559cdc2b5.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-paginate-graphql-npm-6.0.0-3b58d029c0-3545537413.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-paginate-rest-npm-14.0.0-c3b530d1dc-841d79d4cc.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-request-log-npm-4.0.1-bc9d8da84b-6f556f8625.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-request-log-npm-6.0.0-08aa56610e-40e46ad0c7.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-plugin-rest-endpoint-methods-npm-17.0.0-c8aba83de2-cf9984d7cf.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-error-npm-5.1.1-f22d0f5771-dc9fc76ea5.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-error-npm-7.1.0-324ff2fadc-62b90a5454.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-npm-10.0.7-2c54d9bf8c-f789a75bf6.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-request-npm-8.4.1-674ea8d5da-1a69dcb733.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-types-npm-12.6.0-3f6eea3eb3-0bea58bda4.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@octokit-types-npm-16.0.0-da01afac91-b8d41098ba.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@types-btoa-lite-npm-1.0.2-858b56e188-daffbb47e4.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@types-jsonwebtoken-npm-9.0.8-a3a60e33de-dd3ccea051.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/@wolfy1339-lru-cache-npm-11.0.2-patch.1-4368de22dc-0279b18e46.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/before-after-hook-npm-4.0.0-a80bf6190d-9f8ae8d1b0.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/btoa-lite-npm-1.0.0-e85ee9286e-7a4f0568ae.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/deprecation-npm-2.3.1-e19c92d6e7-23d688ba66.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/fast-content-type-parse-npm-3.0.0-5ed865fa49-06251880c8.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/toad-cache-npm-3.7.0-ece522d0b8-7dae2782ee.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/universal-github-app-jwt-npm-1.2.0-6daf90b4dc-d89b6ff97b.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/universal-github-app-jwt-npm-2.2.2-399c37f264-7ae5f031fb.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/universal-user-agent-npm-6.0.1-0388aac597-5c9c46ffe1.zip is excluded by !**/.yarn/**, !**/*.zip
  • .yarn/cache/universal-user-agent-npm-7.0.3-8e08ccfc46-6043be466a.zip is excluded by !**/.yarn/**, !**/*.zip
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (2)
  • .pnp.cjs
  • backend/package.json

Comment thread backend/package.json
Comment on lines +42 to +47
"@octokit/auth-app": "^8.0.0",
"@octokit/core": "^7.0.0",
"@octokit/plugin-paginate-graphql": "^6.0.0",
"@octokit/plugin-paginate-rest": "^14.0.0",
"@octokit/plugin-request-log": "^6.0.0",
"@octokit/plugin-rest-endpoint-methods": "^17.0.0",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the usage patterns in the codebase match expected APIs

echo "=== Checking usage of legacyRestEndpointMethods ==="
rg -n 'legacyRestEndpointMethods' --type js

echo ""
echo "=== Checking graphql.paginate usage ==="
rg -n 'graphql\.paginate' --type js

echo ""
echo "=== Checking REST paginate usage ==="
rg -n '\.paginate\(' --type js

echo ""
echo "=== Checking createAppAuth usage ==="
rg -n 'createAppAuth' --type js -A 10

Repository: gardener/dashboard

Length of output: 2194

🌐 Web query:

@octokit/plugin-rest-endpoint-methods v17 legacyRestEndpointMethods export

💡 Result:

In @octokit/plugin-rest-endpoint-methods v17.0.0, the primary export is restEndpointMethods, which adds REST API endpoint methods to octokit.rest.. Usage example: js import { Octokit } from "@octokit/core"; import { restEndpointMethods } from "@octokit/plugin-rest-endpoint-methods"; const MyOctokit = Octokit.plugin(restEndpointMethods); const octokit = new MyOctokit({ auth: "secret123" }); octokit.rest.users.getAuthenticated; legacyRestEndpointMethods was introduced in v5.0.0 (2021) to restore pre-v5 behavior where methods were added directly to octokit. (not octokit.rest.*). It was intended as temporary and may be deprecated/removed in recent versions like v17; official docs emphasize restEndpointMethods and do not mention the legacy export. No explicit confirmation of removal in v17 changelogs, but absence from README and index.d.ts snippets suggests it's not prominently exported or recommended. Use restEndpointMethods for new code.

Citations:

🌐 Web query:

@octokit/plugin-rest-endpoint-methods v17 release notes changelog breaking changes

💡 Result:

The @octokit/plugin-rest-endpoint-methods v17.0.0 was released on October 31, 2025. No specific release notes or changelog are available on the GitHub releases page, which only lists up to v13.2.2 with details. NPM pages confirm the version exists, depends on @octokit/types ^16.0.0 (up from previous), and has no explicit changelog or breaking changes listed. As a semver-major release from v16, it likely includes breaking changes related to type updates or generated endpoint methods from updated GitHub REST API/OpenAPI specs, but no explicit details found in searched sources. Check commit history between v16 and v17 tags on GitHub for changes.

Citations:

🌐 Web query:

@octokit/plugin-paginate-graphql v6 breaking changes migration

💡 Result:

The primary breaking change in @octokit/plugin-paginate-graphql v6.0.0 (released May 20, 2025) is a change in the export name from 'paginateGraphql' to 'paginateGraphQL' (capital G). Additionally, it requires @octokit/core >=6 and uses conditional exports, which may require tsconfig.json adjustments like "moduleResolution": "bundler" or "node16/nodenext" for TypeScript users. Migration steps: 1. Update import: import { paginateGraphQL } from "@octokit/plugin-paginate-graphql"; (note capital G) 2. Ensure @octokit/core ^6.1.5 or later (peer dependency). 3. For TypeScript/ESM: Update tsconfig.json for conditional exports support. Example: { "compilerOptions": { "moduleResolution": "bundler" } } 4. Usage remains the same: const MyOctokit = Octokit.plugin(paginateGraphQL); const octokit = new MyOctokit({ auth: 'token' }); const { repository } = await octokit.graphql.paginate(/* query with $cursor */); No other major API changes noted. The plugin still supports single-resource pagination only (no nested/parallel), requires $cursor variable and pageInfo in queries. A similar export casing issue occurred in v5.0.0 but was fixed post-release.

Citations:

🌐 Web query:

@octokit/plugin-paginate-rest v14 breaking changes

💡 Result:

The breaking changes in @octokit/plugin-paginate-rest v14.0.0 (released October 31, 2025) are the removal of support for two GitHub REST API endpoints that were deprecated: - GET /enterprises/{enterprise}/secret-scanning/alerts - GET /projects/{project_id}/columns This reflects updates to match the GitHub API, where these endpoints have been removed. The release also adds support for new paginated endpoints: immutable releases, enterprise team membership, and enterprise team organization endpoints. No other breaking changes to the plugin's API or behavior are mentioned. There is a type mismatch issue noted between v14 and v15 in an open GitHub issue, but v15 is not yet released as of 2026-03-20. Official source: GitHub releases page for octokit/plugin-paginate-rest.js.

Citations:

🌐 Web query:

@octokit/auth-app v8 breaking changes createAppAuth

💡 Result:

The primary breaking change in @octokit/auth-app v8.0.0 (released 2025-05-20) is dropping support for Node.js v18. Continuous integration testing against Node.js v18 was stopped, and the minimum Node version in build scripts was set to v20. No breaking changes specific to createAppAuth were identified; it continues to be used identically for GitHub App authentication (e.g., import { createAppAuth } from "@octokit/auth-app"; const auth = createAppAuth({ appId: 1, privateKey: "..." });). Earlier v7 (2024-04-30) had ESM-only packaging and removal of deprecated "oauth" type, but v8 appears non-breaking beyond Node version.

Citations:

Update import statement for paginate-graphql export name change.

These major version upgrades introduce compatibility issues that require fixes:

  1. Critical: @octokit/plugin-paginate-graphql v6 changed the export from paginateGraphql to paginateGraphQL (capital G). Update the import at backend/lib/github/octokit.js:14 from paginateGraphql to paginateGraphQL.

  2. Verify: The legacyRestEndpointMethods import from @octokit/plugin-rest-endpoint-methods v17 at backend/lib/github/octokit.js:12. This export was introduced in v5.0.0 as a temporary backward-compatibility measure and is not documented in v17. Confirm it still exists in v17 or migrate to restEndpointMethods (which adds methods to octokit.rest.* instead of directly to octokit.*).

The REST pagination API (octokit.paginate()) and auth strategy (createAppAuth) patterns are compatible. Node.js 22 and ESM module type satisfy the new requirements.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@backend/package.json` around lines 42 - 47, Update the import of the GraphQL
paginator in backend/lib/github/octokit.js: replace the old symbol
paginateGraphql with the new export name paginateGraphQL, and update any usage
sites to call paginateGraphQL accordingly; then verify the import of
legacyRestEndpointMethods from `@octokit/plugin-rest-endpoint-methods` — if
legacyRestEndpointMethods is no longer exported in v17, switch to importing
restEndpointMethods and update code that relied on octokit.* to use
octokit.rest.* (or adapt calls to the new method locations), while confirming
createAppAuth and octokit.paginate usage remain compatible.

@gardener-ci-robot gardener-ci-robot force-pushed the renovate/major-octokit-monorepo branch 2 times, most recently from ce3e6e7 to 5836dd9 Compare April 16, 2026 09:20
@gardener-ci-robot gardener-ci-robot force-pushed the renovate/major-octokit-monorepo branch from 5836dd9 to 159a057 Compare April 24, 2026 13:48
@gardener-ci-robot
Copy link
Copy Markdown
Contributor Author

gardener-ci-robot commented Apr 24, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@grolu
Copy link
Copy Markdown
Member

grolu commented Apr 24, 2026

/lgtm
/approve

@gardener-prow gardener-prow Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 24, 2026
@gardener-prow
Copy link
Copy Markdown

gardener-prow Bot commented Apr 24, 2026

LGTM label has been added.

DetailsGit tree hash: 6bf39ee51915f61250f18a23d0a5d928574c3e40

@gardener-prow
Copy link
Copy Markdown

gardener-prow Bot commented Apr 24, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: grolu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 24, 2026
@gardener-prow gardener-prow Bot merged commit 9f8ac27 into master Apr 24, 2026
36 checks passed
@gardener-prow gardener-prow Bot deleted the renovate/major-octokit-monorepo branch April 24, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@grolu grolu Awaiting requested review from grolu grolu is a code owner

@holgerkoser holgerkoser Awaiting requested review from holgerkoser holgerkoser is a code owner

@klocke-io klocke-io Awaiting requested review from klocke-io klocke-io is a code owner

@petersutter petersutter Awaiting requested review from petersutter petersutter is a code owner

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/enhancement Enhancement, improvement, extension lgtm Indicates that a PR is ready to be merged. renovate size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gardener-ci-robot @grolu