profile
viewpoint
Seth Vargo sethvargo @Google Pittsburgh, PA https://www.sethvargo.com Engineer @google

googlecodelabs/tools 2934

Codelabs management & hosting tools

google-github-actions/setup-gcloud 1239

A GitHub Action for configuring the Google Cloud SDK. The Google Cloud SDK includes both the gcloud and gsutil binaries.

GoogleCloudPlatform/berglas 1058

A tool for managing secrets on Google Cloud

google/oauth2l 473

oauth2l ("oauth tool") is a simple CLI for interacting with Google API authentication.

GoogleCloudPlatform/gcr-cleaner 453

Delete untagged image refs in Google Container Registry or Artifact Registry

kelseyhightower/vault-on-google-kubernetes-engine 385

How to guide on running HashiCorp's Vault on Google Kubernetes Engine

hashicorp/waypoint-examples 279

Example Apps that can be deployed with Waypoint

google-github-actions/auth 263

GitHub Action for authenticating to Google Cloud with GitHub Actions OIDC tokens and Workload Identity Federation.

fastly/go-fastly 131

A golang Fastly API client library.

PullRequestReviewEvent

issue commentgoogle-github-actions/deploy-cloudrun

Sanitise service name and GCP-imposed rules

Untested, but something like this should work:

- id: 'slugify'
  run: |-
    node -c 'const input = "${{ my-input }}".replace(/W+/, '-').substring(0, 30); process.stdout.write("::set-output name=slug::"+x)'
erzz

comment created time in 13 hours

issue commentgoogle-github-actions/deploy-cloudrun

Sanitise service name and GCP-imposed rules

But isn't that the utility of an action?

An action, but I don't think this action. I'm a big fan of the "do one thing and do it right" philosophy.

  • option 1: I pull in yet another action based on a 200mb docker image to create slugs :D

I think it's possible to do this in significantly less than 200mb. It would require another action, but that seems to be pretty common in the Actions ecosystem. I can envision a "slugify" action being generally useful.

erzz

comment created time in 13 hours

issue commentgoogle-github-actions/get-gke-credentials

Action fails with Workload Identity Provider on a separate project

Thank you @czerasz-mineiros. That output tells me that gcloud is successfully authenticated as some-app@project-one.iam.gserviceaccount.com, which is the intended service account, right?

Is the gcloud ... get-credentials still failing even when the account is clearly set to some-app@project-one.iam.gserviceaccount.com? If so, that points to an IAM issue. Please make sure some-app@project-one.iam.gserviceaccount.com has clusterViewer or greater permissions on the target cluster. You should also ensure you don't have an organizational policies that prohibit cross-project authorization or enforce domain restricted sharing.

czerasz-mineiros

comment created time in 13 hours

push eventgoogle-github-actions/deploy-cloudrun

Seth Vargo

commit sha c995ada01b72ca483067549356ff4001514f86a2

bug: set project via a flag if specified Because /auth exports the project ID as an environment variable, that environment variable takes precedence over the core property. This previously worked because setup-gcloud didn't export said environment variable. To fix this, I updated the gcloud command to use the --project flag if a project ID was given. This has the added side-effect of being able to remove all the code to configure gcloud, since it was never really necessary.

view details

push time in 13 hours

push eventgoogle-github-actions/deploy-cloudrun

Seth Vargo

commit sha 6a33a65520b33b90c3a9b9ff098d0bb1caeb4af1

bug: set project via a flag if specified Because /auth exports the project ID as an environment variable, that environment variable takes precedence over the core property. This previously worked because setup-gcloud didn't export said environment variable. To fix this, I updated the gcloud command to use the --project flag if a project ID was given. This has the added side-effect of being able to remove all the code to configure gcloud, since it was never really necessary.

view details

push time in 14 hours

push eventgoogle-github-actions/deploy-cloudrun

Seth Vargo

commit sha d276857b64241a5238e376be156d2711dab8dd0d

bug: set project via a flag if specified Because /auth exports the project ID as an environment variable, that environment variable takes precedence over the core property. This previously worked because setup-gcloud didn't export said environment variable. To fix this, I updated the gcloud command to use the --project flag if a project ID was given. This has the added side-effect of being able to remove all the code to configure gcloud, since it was never really necessary.

view details

push time in 14 hours

issue commentgoogle-github-actions/deploy-cloudrun

Project ID ignored in 0.7.0

Okay, so I figured out what's going on here. auth sets an environment variable which takes precedence over the logic for how Cloud Run uses gcloud. The fix is to use the --project flag instead. I submitted #278.

knowhoper

comment created time in 14 hours

push eventgoogle-github-actions/deploy-cloudrun

Seth Vargo

commit sha f569f7e151cb4d0642a373d1a04c7b206ac333e7

bug: set project via a flag if specified Because /auth exports the project ID as an environment variable, that environment variable takes precedence over the core property. This previously worked because setup-gcloud didn't export said environment variable. To fix this, I updated the gcloud command to use the --project flag if a project ID was given. This has the added side-effect of being able to remove all the code to configure gcloud, since it was never really necessary.

view details

push time in 14 hours

PR opened google-github-actions/deploy-cloudrun

Set project via a flag if specified

Because /auth exports the project ID as an environment variable, that environment variable takes precedence over the core property. This previously worked because setup-gcloud didn't export said environment variable. To fix this, I updated the gcloud command to use the --project flag if a project ID was given. This has the added side-effect of being able to remove all the code to configure gcloud, since it was never really necessary.

Fixes #190

+4 -12

0 comment

1 changed file

pr created time in 14 hours

create barnchgoogle-github-actions/deploy-cloudrun

branch : sethvargo/project

created branch time in 14 hours

issue commentgoogle-github-actions/auth

Unable to authenticate using job_workflow_ref claim

Hi @ms185570

This could be a few things:

  1. I don't see a checkout step. If you are generating a credentials file to be used with other steps, you must call actions/checkout@v2 before auth.

  2. I don't see a step where you're actually installing gcloud. That means you're using the version of gcloud that is bundled on the Actions VMs, which might be outdated. I would recommend using google-github-actions/setup-gcloud to install the latest.

  3. If neither of those previous steps work, the first thing to try would be to ask the auth action to generate an oauth token. That will force an auth check in the auth action:

name: List services in GCP
on:
  workflow_call:

permissions:
  id-token: write

jobs:
  Get_OIDC_ID_token:
    runs-on: ubuntu-latest
    steps:
    - id: 'auth'
      name: 'Authenticate to GCP'
      uses: 'google-github-actions/auth@v0'
      with:
          workload_identity_provider: TODO
          service_account: TODO
          token_format: 'access_token' # <-- NEW

Note I removed the gcloud step for now and changed the auth pin to v0. I also removed create_credentials_file since that's the default behavior.

If that succeeds, it means authentication is configured correctly. If that fails, it means there's an issue with the Workload Identity Pool or Provider configuration.

ms185570

comment created time in 15 hours

push eventgoogle-github-actions/auth

Google GitHub Actions Bot

commit sha ac489d50bb70d86f5f140f3ab96624e9738b4244

Build dist (#114)

view details

push time in 3 days

PR merged google-github-actions/auth

Reviewers
chore: build dist

Build compiled Typescript

+1 -1

0 comment

1 changed file

google-github-actions-bot

pr closed time in 3 days

PullRequestReviewEvent

push eventgoogle-github-actions/auth

Google GitHub Actions Bot

commit sha 7a360a247cce1245c1d13bc63d8b2ac927d201c8

chore: release 0.5.0 (#112)

view details

push time in 3 days

PR merged google-github-actions/auth

Reviewers
chore: release 0.5.0

:robot: I have created a release *beep* *boop*

0.5.0 (2022-01-22)

Features


This PR was generated with Release Please. See documentation.

+10 -3

0 comment

3 changed files

google-github-actions-bot

pr closed time in 3 days

PullRequestReviewEvent

push eventgoogle-github-actions/auth

Google GitHub Actions Bot

commit sha 7b354992e5e98ab9cd1e1e29f76a3d4c9e739735

Build dist (#113)

view details

push time in 3 days

PR merged google-github-actions/auth

Reviewers
chore: build dist

Build compiled Typescript

+1 -1

0 comment

1 changed file

google-github-actions-bot

pr closed time in 3 days

PullRequestReviewEvent

push eventgoogle-github-actions/auth

Seth Vargo

commit sha 88fbfac1f69f9ad9e618d47557e10b449e9acd63

docs: note checkout must come first

view details

push time in 3 days

push eventGoogleCloudPlatform/berglas

RyuNen344

commit sha 089c390a3c88f7f679e8b92cc9bfc18fe6506a2d

[doc] update install command with go (#178) update doc, go install directly

view details

push time in 3 days

PR merged GoogleCloudPlatform/berglas

[doc] update install command with go

from go 1.16, go get install was deprecated

https://go.dev/doc/go-get-install-deprecation

+1 -2

0 comment

1 changed file

RyuNen344

pr closed time in 3 days

delete branch sethvargo/secrets-in-serverless

delete branch : dependabot/npm_and_yarn/hashicorp-vault/node/node-fetch-3.1.1

delete time in 3 days

push eventsethvargo/secrets-in-serverless

dependabot[bot]

commit sha b004a011b18e2a5067f8438c7784246ca5aa9905

Bump node-fetch from 2.6.1 to 3.1.1 in /hashicorp-vault/node (#11) Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 3.1.1. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v3.1.1) --- updated-dependencies: - dependency-name: node-fetch dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 3 days

PR merged sethvargo/secrets-in-serverless

Bump node-fetch from 2.6.1 to 3.1.1 in /hashicorp-vault/node dependencies

Bumps node-fetch from 2.6.1 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/releases">node-fetch's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2>Security patch release</h2> <p>Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred</p> <h2>What's Changed</h2> <ul> <li>core: update fetch-blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1371">node-fetch/node-fetch#1371</a></li> <li>docs: Fix typo around sending a file by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1381">node-fetch/node-fetch#1381</a></li> <li>core: (http.request): Cast URL to string before sending it to NodeJS core by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1378">node-fetch/node-fetch#1378</a></li> <li>core: handle errors from the request body stream by <a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li>core: Better handle wrong redirect header in a response by <a href="https://github.com/tasinet"><code>@​tasinet</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li>core: Don't use buffer to make a blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1402">node-fetch/node-fetch#1402</a></li> <li>docs: update readme for TS <code>@​types/node-fetch</code> by <a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li>core: Fix logical operator priority to disallow GET/HEAD with non-empty body by <a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li>core: Don't use global buffer by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1422">node-fetch/node-fetch#1422</a></li> <li>ci: fix main branch by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1429">node-fetch/node-fetch#1429</a></li> <li>core: use more node: protocol imports by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1428">node-fetch/node-fetch#1428</a></li> <li>core: Warn when using data by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1421">node-fetch/node-fetch#1421</a></li> <li>docs: Create SECURITY.md by <a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> <li>core: don't forward secure headers to 3th party by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1449">node-fetch/node-fetch#1449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li><a href="https://github.com/tasinet"><code>@​tasinet</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li><a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li><a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li><a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1">https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1</a></p> <h2>v3.1.0</h2> <h2>What's Changed</h2> <ul> <li>fix(Body): Discourage form-data and buffer() by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1212">node-fetch/node-fetch#1212</a></li> <li>fix: Pass url string to http.request by <a href="https://github.com/serverwentdown"><code>@​serverwentdown</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1268">node-fetch/node-fetch#1268</a></li> <li>Fix octocat image link by <a href="https://github.com/lakuapik"><code>@​lakuapik</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1281">node-fetch/node-fetch#1281</a></li> <li>fix(Body.body): Normalize <code>Body.body</code> into a <code>node:stream</code> by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/924">node-fetch/node-fetch#924</a></li> <li>docs(Headers): Add default Host request header to README.md file by <a href="https://github.com/robertoaceves"><code>@​robertoaceves</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1316">node-fetch/node-fetch#1316</a></li> <li>Update CHANGELOG.md by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1292">node-fetch/node-fetch#1292</a></li> <li>Add highWaterMark to cloned properties by <a href="https://github.com/davesidious"><code>@​davesidious</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1162">node-fetch/node-fetch#1162</a></li> <li>Update README.md to fix HTTPResponseError by <a href="https://github.com/thedanfernandez"><code>@​thedanfernandez</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1135">node-fetch/node-fetch#1135</a></li> <li>docs: switch <code>url</code> to <code>URL</code> by <a href="https://github.com/dhritzkiv"><code>@​dhritzkiv</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1318">node-fetch/node-fetch#1318</a></li> <li>fix(types): declare buffer() deprecated by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1345">node-fetch/node-fetch#1345</a></li> <li>chore: fix lint by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1348">node-fetch/node-fetch#1348</a></li> <li>refactor: use node: prefix for imports by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1346">node-fetch/node-fetch#1346</a></li> <li>Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1319">node-fetch/node-fetch#1319</a></li> <li>Bump mocha from 8.4.0 to 9.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1339">node-fetch/node-fetch#1339</a></li> <li>Referrer and Referrer Policy by <a href="https://github.com/tekwiz"><code>@​tekwiz</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1057">node-fetch/node-fetch#1057</a></li> <li>Add typing for Response.redirect(url, status) by <a href="https://github.com/c-w"><code>@​c-w</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1169">node-fetch/node-fetch#1169</a></li> <li>chore: Correct stuff in README.md by <a href="https://github.com/Jiralite"><code>@​Jiralite</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1361">node-fetch/node-fetch#1361</a></li> <li>docs: Improve clarity of "Loading and configuring" by <a href="https://github.com/serverwentdown"><code>@​serverwentdown</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1323">node-fetch/node-fetch#1323</a></li> <li>feat(Body): Added support for <code>BodyMixin.formData()</code> and constructing bodies with FormData by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1314">node-fetch/node-fetch#1314</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/blob/main/docs/CHANGELOG.md">node-fetch's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes will be recorded here.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and this project adheres to <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2>What's Changed</h2> <ul> <li>core: update fetch-blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1371">node-fetch/node-fetch#1371</a></li> <li>docs: Fix typo around sending a file by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1381">node-fetch/node-fetch#1381</a></li> <li>core: (http.request): Cast URL to string before sending it to NodeJS core by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1378">node-fetch/node-fetch#1378</a></li> <li>core: handle errors from the request body stream by <a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li>core: Better handle wrong redirect header in a response by <a href="https://github.com/tasinet"><code>@​tasinet</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li>core: Don't use buffer to make a blob by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1402">node-fetch/node-fetch#1402</a></li> <li>docs: update readme for TS <code>@​types/node-fetch</code> by <a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li>core: Fix logical operator priority to disallow GET/HEAD with non-empty body by <a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li>core: Don't use global buffer by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1422">node-fetch/node-fetch#1422</a></li> <li>ci: fix main branch by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1429">node-fetch/node-fetch#1429</a></li> <li>core: use more node: protocol imports by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1428">node-fetch/node-fetch#1428</a></li> <li>core: Warn when using data by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1421">node-fetch/node-fetch#1421</a></li> <li>docs: Create SECURITY.md by <a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> <li>core: don't forward secure headers to 3th party by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1449">node-fetch/node-fetch#1449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mdmitry01"><code>@​mdmitry01</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1392">node-fetch/node-fetch#1392</a></li> <li><a href="https://github.com/tasinet"><code>@​tasinet</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1387">node-fetch/node-fetch#1387</a></li> <li><a href="https://github.com/adamellsworth"><code>@​adamellsworth</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1405">node-fetch/node-fetch#1405</a></li> <li><a href="https://github.com/maxshirshin"><code>@​maxshirshin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1369">node-fetch/node-fetch#1369</a></li> <li><a href="https://github.com/JamieSlome"><code>@​JamieSlome</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1445">node-fetch/node-fetch#1445</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2">https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2</a></p> <h2>3.1.0</h2> <h2>What's Changed</h2> <ul> <li>fix(Body): Discourage form-data and buffer() by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1212">node-fetch/node-fetch#1212</a></li> <li>fix: Pass url string to http.request by <a href="https://github.com/serverwentdown"><code>@​serverwentdown</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1268">node-fetch/node-fetch#1268</a></li> <li>Fix octocat image link by <a href="https://github.com/lakuapik"><code>@​lakuapik</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1281">node-fetch/node-fetch#1281</a></li> <li>fix(Body.body): Normalize <code>Body.body</code> into a <code>node:stream</code> by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/924">node-fetch/node-fetch#924</a></li> <li>docs(Headers): Add default Host request header to README.md file by <a href="https://github.com/robertoaceves"><code>@​robertoaceves</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1316">node-fetch/node-fetch#1316</a></li> <li>Update CHANGELOG.md by <a href="https://github.com/jimmywarting"><code>@​jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1292">node-fetch/node-fetch#1292</a></li> <li>Add highWaterMark to cloned properties by <a href="https://github.com/davesidious"><code>@​davesidious</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1162">node-fetch/node-fetch#1162</a></li> <li>Update README.md to fix HTTPResponseError by <a href="https://github.com/thedanfernandez"><code>@​thedanfernandez</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1135">node-fetch/node-fetch#1135</a></li> <li>docs: switch <code>url</code> to <code>URL</code> by <a href="https://github.com/dhritzkiv"><code>@​dhritzkiv</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1318">node-fetch/node-fetch#1318</a></li> <li>fix(types): declare buffer() deprecated by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1345">node-fetch/node-fetch#1345</a></li> <li>chore: fix lint by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1348">node-fetch/node-fetch#1348</a></li> <li>refactor: use node: prefix for imports by <a href="https://github.com/dnalborczyk"><code>@​dnalborczyk</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1346">node-fetch/node-fetch#1346</a></li> <li>Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1319">node-fetch/node-fetch#1319</a></li> <li>Bump mocha from 8.4.0 to 9.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1339">node-fetch/node-fetch#1339</a></li> <li>Referrer and Referrer Policy by <a href="https://github.com/tekwiz"><code>@​tekwiz</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1057">node-fetch/node-fetch#1057</a></li> <li>Add typing for Response.redirect(url, status) by <a href="https://github.com/c-w"><code>@​c-w</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1169">node-fetch/node-fetch#1169</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10"><code>36e47e8</code></a> 3.1.1 release (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1451">#1451</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/5304f3f7f7778f1011b622bedcb0e4d3c04dba31"><code>5304f3f</code></a> Don't change relative location header on manual redirect (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1105">#1105</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80"><code>f5d3cf5</code></a> fix(Headers): don't forward secure headers to 3th party (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1449">#1449</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f2c3d563755d4d357df987fe871607e296463cef"><code>f2c3d56</code></a> Create SECURITY.md (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1445">#1445</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/4ae35388b078bddda238277142bf091898ce6fda"><code>4ae3538</code></a> core: Warn when using data (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1421">#1421</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/41f53b9065a00bc73d24215d42aacdcd284b199c"><code>41f53b9</code></a> fix: use more node: protocol imports (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1428">#1428</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f674875f98c4ef2970a9acf02324f520b1b77967"><code>f674875</code></a> ci: fix main branch (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1429">#1429</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1493d046bc0944886277b0b82dfdf78a7b9f7799"><code>1493d04</code></a> core: Don't use global buffer (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1422">#1422</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/eb33090b81442bc6af9f714a5158160856a1e2f2"><code>eb33090</code></a> Chore: Fix logical operator priority (regression) to disallow GET/HEAD with n...</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/7ba5bc9e0aff386ae0e00792d1ea2e2f7a4fd7d6"><code>7ba5bc9</code></a> update readme for TS <code>@​type/node-fetch</code> (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1405">#1405</a>)</li> <li>Additional commits viewable in <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.1...v3.1.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~endless">endless</a>, a new releaser for node-fetch since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+41 -4

0 comment

2 changed files

dependabot[bot]

pr closed time in 3 days

delete branch google-github-actions/auth

delete branch : sethvargo/16

delete time in 3 days

push eventgoogle-github-actions/auth

Seth Vargo

commit sha 54924dbbed2718579e1a91c9fc16a0b81c1ad8cb

feat: switch to use node version 16 (#110)

view details

push time in 3 days

more