There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: package.json
Error type: The renovate configuration file contains some invalid settings
Message: Invalid configuration option: @pika/pack, Invalid configuration option: author, Invalid configuration option: jest, Invalid configuration option: keywords, Invalid configuration option: license, Invalid configuration option: name, Invalid configuration option: packageRules[0].@octokit/types, Invalid configuration option: packageRules[1].@octokit/core, Invalid configuration option: packageRules[1].@octokit/request, Invalid configuration option: packageRules[1].@pika/pack, Invalid configuration option: packageRules[1].@pika/plugin-build-node, Invalid configuration option: packageRules[1].@pika/plugin-build-web, Invalid configuration option: packageRules[1].@pika/plugin-ts-standard-pkg, Invalid configuration option: packageRules[1].@types/fetch-mock, Invalid configuration option: packageRules[1].@types/jest, Invalid configuration option: packageRules[1].fetch-mock, Invalid configuration option: packageRules[1].jest, Invalid configuration option: packageRules[1].semantic-release, Invalid configuration option: packageRules[1].ts-jest, Invalid configuration option: packageRules[1].typescript, Invalid configuration option: publishConfig, Invalid configuration option: release, Invalid configuration option: renovate, Invalid configuration option: scripts, Invalid configuration option: version

The dependency @octokit/request was updated from 5.2.1 to 5.3.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@octokit/request is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Cannot push to the Git repository.

semantic-release cannot push the version tag to the branch master on the remote Git repository with URL https://x-access-token:[secure]@github.com/octokit/auth-token.js.

This can be caused by:

• a misconfiguration of the repositoryUrl option
• the repository being unavailable
• or missing push permission for the user configured via the Git credentials on your CI environment

Good luck with your project ✨

Your semantic-release bot 📦🚀

Describe the need

This code here:

does this:

but it links to https://github.com/octokit/auth-token.js/issues/CODE_OF_CONDUCT.md instead of https://github.com/octokit/auth-token.js#coc-ov-file

SDK Version

No response

API Version

No response

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

Following the instructions in the readme of this example code:

const TOKEN = "ghp_PersonalAccessToken01245678900000000";

const auth = createTokenAuth(TOKEN);
const authentication = await auth();

const response = await request("HEAD /", {
  headers: authentication.headers,
});
const scopes = response.headers["x-oauth-scopes"].split(/,\s+/);

if (scopes.length) {
  console.log(
    `"${TOKEN}" has ${scopes.length} scopes enabled: ${scopes.join(", ")}`
  );
} else {
  console.log(`"${TOKEN}" has no scopes enabled`);
}

I get this error:

const scopes = response.headers['x-oauth-scopes'].split(/,\s+/)
                                                    ^

TypeError: Cannot read properties of undefined (reading 'split')

Also, authentication.headers is always undefined. I don't know why it has to be set in the request, since there is no header property in the authentication object.
There is a closed but unanswered issue on the same topic: #205

Description

Node v10 has been deprecated so there is no need to keep giving support to it in our CI.

Context

You can find more details here

Follow up to #195. I've inquired with GitHub Support and am awaiting their response

What happened?
CodeQL Check Run on this PR fails and it's not possible to merge.

What did you expect to happen?
CodeQL Check Run should pass.

What the problem might be

Under Find more information section of the README, there is:

const response = await request("HEAD /", {
  headers: authentication.headers,
});

However, isn't the structure of authentication object:

{
  type: 'token',
  token: 'ghp_PersonalAccessToken01245678900000000',
  tokenType: 'oauth'
}

so where does the headers come from?

The devDependency @types/jest was updated from 24.0.23 to 24.0.24.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@types/jest is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

What’s missing?
Remove unnecessary step for CodeQL workflow:

Why?
Right now, when CodeQL workflow runs, it prints the following warning message:

  [CodeQL-Build](https://github.com/octokit/plugin-rest-endpoint-methods.js/runs/5705550731?check_suite_focus=true)
1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.

Example: https://github.com/octokit/auth-token.js/runs/5961724265?check_suite_focus=true

The devDependency @octokit/core was updated from 2.4.0 to 2.4.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@octokit/core is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency fetch-mock was updated from 7.5.0 to 7.5.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

fetch-mock is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

What happened?

Previously, I was using this type:

import type { Token } from "@octokit/auth-token/dist-types/types.js"

With the conversion to ESModules (I think), the file is no longer accessible, so I have to do with this:

// Module '"@octokit/auth-token"' declares 'Token' locally, but it is not exported. ts(2459)
import type { Token } from "@octokit/auth-token"

But the type forgot to be exported

Versions

"@octokit/auth-token": "^5.0.1",

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

The devDependency semantic-release was updated from 17.0.2 to 17.0.3.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

semantic-release is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

This issue contains a list of Renovate updates and their statuses.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to ignore the schedule.

• fix(deps): lock file maintenance

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• build(deps): update dependency jest to v26

• Check this box to trigger a request for Renovate to run again on this repository

🆕🐥☝ First Timers Only.

This issue is reserved for people who never contributed to Open Source before. We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you 💝

About First Timers Only.

🤔 What you will need to know.

The Pika CDN is now Skypack, see https://www.pika.dev/cdn. The CDN at https://cdn.pika.dev/ no longer works, all URLs must be replaced with the new CDN: https://cdn.skypack.dev/. We currently recommend using cdn.pika.dev to import the library into the browser, but that no longer works. Replacing it with cdn.skypack.dev will make it work again.

📋 Step by Step

• 🙋 Claim this issue: Comment below.

  More than one person can work on this issue, don't worry if it's already claimed.

• 📝 Update the file \README.md (press the little pen Icon) and edit as shown below:

@@ -33,11 +33,11 @@ It is useful if you want to support multiple authentication strategies, as it’
 Browsers
 </th><td width=100%>
 
-Load `@octokit/auth-token` directly from [cdn.pika.dev](https://cdn.pika.dev)
+Load `@octokit/auth-token` directly from [cdn.skypack.dev](https://cdn.skypack.dev)
 
 ```html
 <script type="module">
-  import { createTokenAuth } from "https://cdn.pika.dev/@octokit/auth-token";
+  import { createTokenAuth } from "https://cdn.skypack.dev/@octokit/auth-token";
 </script>
 ```
 

• 💾 Commit your changes

• 🔀 Start a Pull Request. There are two ways how you can start a pull request:

  1. If you are familiar with the terminal or would like to learn it, here is a great tutorial on how to send a pull request using the terminal.
  2. You can edit files directly in your browser

• 🏁 Done Ask for a review :)

If there are more than one pull requests with the correct change, we will merge the first one, but attribute the change to all authors who made the same change using @Co-authored-by, so yo can be sure your contribution will count.

🤔❓ Questions

Leave a comment below!

This issue was created by First-Timers-Bot.

Hello 👋
In the README on this repo, there is a string that Github Secret Scanning detects as a secret:

createTokenAuth("v1.d3d433526f780fbcc3129004e2731b3904ad0b86");

I expect this secret is either no longer valid or entirely fake, and so isn't a security concern. However, it does create an alert whenever someone vendors a version of this repo into their codebase.

Can this be modified so as to not trigger Github Secret Scanning somehow? I would propose a PR, but I'm not sure of the exact regex being used to detect Github App Installation Access Tokens.

Thank you!