-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Description
Hi π ,
I an engineer on the API team at GitHub. A colleague and I are currently going through GitHub's REST API, tightening up validations.
We noticed that google/go-github is passing undocumented parameters to the Edit a release endpoint.
In particular, we're receiving the following parameters which the endpoint doesn't know about:
assets
assets_url
author
created_at
html_url
id
node_id
published_at
tarball_url
url
zipball_url
go-github/github/repos_releases.go
Lines 20 to 40 in 29a3681
// RepositoryRelease represents a GitHub release in a repository. | |
type RepositoryRelease struct { | |
ID *int64 `json:"id,omitempty"` | |
TagName *string `json:"tag_name,omitempty"` | |
TargetCommitish *string `json:"target_commitish,omitempty"` | |
Name *string `json:"name,omitempty"` | |
Body *string `json:"body,omitempty"` | |
Draft *bool `json:"draft,omitempty"` | |
Prerelease *bool `json:"prerelease,omitempty"` | |
CreatedAt *Timestamp `json:"created_at,omitempty"` | |
PublishedAt *Timestamp `json:"published_at,omitempty"` | |
URL *string `json:"url,omitempty"` | |
HTMLURL *string `json:"html_url,omitempty"` | |
AssetsURL *string `json:"assets_url,omitempty"` | |
Assets []ReleaseAsset `json:"assets,omitempty"` | |
UploadURL *string `json:"upload_url,omitempty"` | |
ZipballURL *string `json:"zipball_url,omitempty"` | |
TarballURL *string `json:"tarball_url,omitempty"` | |
Author *User `json:"author,omitempty"` | |
NodeID *string `json:"node_id,omitempty"` | |
} |
Currently the backend code is ignoring unknown parameters, but we're shortly going to change the validation to return a 422 Unprocessable Entity if an undocumented parameter is passed.
We're still discussing our timeline for this, but wanted to give you a heads up so you're not caught by surprise. If you have an ETA for the fix and an idea of how long people would typically need in order to update their dependencies, that information would be very useful for us to have.