Skip to content

Heads up: stricter validation coming soon to the Update a release API endpointΒ #992

@kytrinyx

Description

@kytrinyx

Hi πŸ‘‹ ,

I an engineer on the API team at GitHub. A colleague and I are currently going through GitHub's REST API, tightening up validations.

We noticed that google/go-github is passing undocumented parameters to the Edit a release endpoint.

In particular, we're receiving the following parameters which the endpoint doesn't know about:

  • assets
  • assets_url
  • author
  • created_at
  • html_url
  • id
  • node_id
  • published_at
  • tarball_url
  • url
  • zipball_url

// RepositoryRelease represents a GitHub release in a repository.
type RepositoryRelease struct {
ID *int64 `json:"id,omitempty"`
TagName *string `json:"tag_name,omitempty"`
TargetCommitish *string `json:"target_commitish,omitempty"`
Name *string `json:"name,omitempty"`
Body *string `json:"body,omitempty"`
Draft *bool `json:"draft,omitempty"`
Prerelease *bool `json:"prerelease,omitempty"`
CreatedAt *Timestamp `json:"created_at,omitempty"`
PublishedAt *Timestamp `json:"published_at,omitempty"`
URL *string `json:"url,omitempty"`
HTMLURL *string `json:"html_url,omitempty"`
AssetsURL *string `json:"assets_url,omitempty"`
Assets []ReleaseAsset `json:"assets,omitempty"`
UploadURL *string `json:"upload_url,omitempty"`
ZipballURL *string `json:"zipball_url,omitempty"`
TarballURL *string `json:"tarball_url,omitempty"`
Author *User `json:"author,omitempty"`
NodeID *string `json:"node_id,omitempty"`
}

Currently the backend code is ignoring unknown parameters, but we're shortly going to change the validation to return a 422 Unprocessable Entity if an undocumented parameter is passed.

We're still discussing our timeline for this, but wanted to give you a heads up so you're not caught by surprise. If you have an ETA for the fix and an idea of how long people would typically need in order to update their dependencies, that information would be very useful for us to have.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions