[Snyk] Upgrade @octokit/rest from 16.43.2 to 21.1.0

[ekmixon]

Snyk has created this PR to upgrade @octokit/rest from 16.43.2 to 21.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 117 versions ahead of your current version.

• The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASHSET-1320032	686	Proof of Concept

Release notes

Package name: @octokit/rest

• 21.1.0 - 2025-01-08
  

  21.1.0 (2025-01-08)

  Features

  • new endpoints, bump Octokit deps to fix Deno (#477) (908b1c8)
• 21.0.2 - 2024-08-16
  

  21.0.2 (2024-08-16)

  Bug Fixes

  • docs: update to react 18 and latest gatsby deps (#462) (9a80f06), closes #216 #230 #460
• 21.0.1 - 2024-07-17
  

  21.0.1 (2024-07-17)

  Bug Fixes

  • update deps (#456) (93d5afb)
• 21.0.0 - 2024-06-20
  

  21.0.0 (2024-06-20)

  Features

  • v21 (#413) (12b6c65)

  BREAKING CHANGES

  • package is now ESM
• 21.0.0-beta.4 - 2024-06-19
  

  21.0.0-beta.4 (2024-06-19)

  Bug Fixes

  • update REST endpoints (#428) (7058346)
• 21.0.0-beta.3 - 2024-04-30
  

  21.0.0-beta.3 (2024-04-30)

  Features

  • security: Add provenance (#420) (9adf1a4)
• 21.0.0-beta.2 - 2024-04-16
  

  21.0.0-beta.2 (2024-04-16)

  Bug Fixes

  • deps: bump Octokit deps (5d8da12)
  • pkg: add a default fallback export (1b6e582)
• 21.0.0-beta.1 - 2024-03-05
  

  21.0.0-beta.1 (2024-03-05)

  Bug Fixes

  • add explicit type anotation (3ddd79e)

  • build: adapt for ESM (aad55f4)

  • bump deps (21f1aaa)

  • deps: bump deps (f179b0b)

  • deps: update octokit monorepo (aed67c2)

  • docs: update for ESM (42be65a)

  • Empty commit to trigger release (828467b)

  BREAKING CHANGES

  • package is now ESM
• 20.1.1 - 2024-05-03
  

  20.1.1 (2024-05-03)

  Bug Fixes

  • update REST endpoints (#428) (7058346)
• 20.1.0 - 2024-04-03
  

  20.1.0 (2024-04-03)

  Features

  • security: Add provenance (#420) (9adf1a4)
• 20.0.2 - 2023-09-25
• 20.0.1 - 2023-07-11
• 20.0.0 - 2023-07-11
• 20.0.0-beta.5 - 2023-07-10
• 20.0.0-beta.4 - 2023-07-10
• 20.0.0-beta.3 - 2023-06-27
• 20.0.0-beta.2 - 2023-06-03
• 20.0.0-beta.1 - 2023-06-03
• 19.0.13 - 2023-06-16
• 19.0.12 - 2023-06-16
• 19.0.11 - 2023-05-20
• 19.0.10 - 2023-05-20
• 19.0.9 - 2023-05-20
• 19.0.8 - 2023-05-14
• 19.0.7 - 2023-01-21
• 19.0.6 - 2023-01-21
• 19.0.5 - 2022-10-13
• 19.0.4 - 2022-08-15
• 19.0.3 - 2022-07-08
• 19.0.2 - 2022-07-08
• 19.0.1 - 2022-07-07
• 19.0.0 - 2022-07-07
• 18.12.0 - 2021-10-07
• 18.11.4 - 2021-09-30
• 18.11.3 - 2021-09-30
• 18.11.2 - 2021-09-27
• 18.11.1 - 2021-09-24
• 18.11.0 - 2021-09-22
• 18.10.0 - 2021-08-31
• 18.9.1 - 2021-08-16
• 18.9.0 - 2021-08-03
• 18.8.0 - 2021-08-02
• 18.7.2 - 2021-07-30
• 18.7.1 - 2021-07-23
• 18.7.0 - 2021-07-21
• 18.6.8 - 2021-07-20
• 18.6.7 - 2021-07-04
• 18.6.6 - 2021-06-30
• 18.6.5 - 2021-06-30
• 18.6.4 - 2021-06-29
• 18.6.3 - 2021-06-26
• 18.6.2 - 2021-06-24
• 18.6.1 - 2021-06-23
• 18.6.0 - 2021-06-12
• 18.5.6 - 2021-06-01
• 18.5.6-beta.1 - 2021-06-01
• 18.5.5 - 2021-05-28
• 18.5.4 - 2021-05-27
• 18.5.3 - 2021-04-21
• 18.5.2 - 2021-03-27
• 18.5.1 - 2021-03-26
• 18.5.0 - 2021-03-26
• 18.4.0 - 2021-03-24
• 18.3.5 - 2021-03-08
• 18.3.4 - 2021-03-05
• 18.3.3 - 2021-03-05
• 18.3.2 - 2021-03-03
• 18.3.1 - 2021-03-01
• 18.3.0 - 2021-02-26
• 18.2.1 - 2021-02-24
• 18.2.0 - 2021-02-18
• 18.1.1 - 2021-02-13
• 18.1.0 - 2021-02-03
• 18.0.15 - 2021-01-25
• 18.0.14 - 2021-01-22
• 18.0.13 - 2021-01-22
• 18.0.12 - 2020-12-04
• 18.0.11 - 2020-12-03
• 18.0.10 - 2020-12-02
• 18.0.9 - 2020-11-02
• 18.0.8 - 2020-11-01
• 18.0.7 - 2020-10-30
• 18.0.6 - 2020-09-14
• 18.0.5 - 2020-09-04
• 18.0.4 - 2020-08-26
• 18.0.3 - 2020-07-24
• 18.0.2 - 2020-07-23
• 18.0.1 - 2020-07-16
• 18.0.0 - 2020-06-11
• 17.11.2 - 2020-06-11
• 17.11.1 - 2020-06-11
• 17.11.0 - 2020-06-07
• 17.10.0 - 2020-06-04
• 17.9.3 - 2020-06-03
• 17.9.2 - 2020-05-18
• 17.9.1 - 2020-05-17
• 17.9.0 - 2020-05-11
• 17.8.0 - 2020-05-06
• 17.7.0 - 2020-05-05
• 17.6.0 - 2020-04-24
• 17.5.2 - 2020-04-22
• 17.5.1 - 2020-04-20
• 17.5.0 - 2020-04-20
• 17.4.0 - 2020-04-19
• 17.3.0 - 2020-04-15
• 17.2.1 - 2020-04-12
• 17.2.0 - 2020-04-08
• 17.1.4 - 2020-03-26
• 17.1.3 - 2020-03-25
• 17.1.2 - 2020-03-24
• 17.1.1 - 2020-03-20
• 17.1.0 - 2020-03-11
• 17.0.1 - 2020-03-10
• 17.0.0 - 2020-02-19
• 17.0.0-beta.3 - 2020-02-07
• 17.0.0-beta.2 - 2020-02-04
• 17.0.0-beta.1 - 2020-02-03
• 16.43.2 - 2020-06-24

from @octokit/rest GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Bug Fixes:

• Fix prototype pollution vulnerability (SNYK-JS-LODASHSET-1320032).

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades the @octokit/rest dependency from version 16.43.2 to 21.1.0. This is a major version upgrade, which includes breaking changes and fixes a prototype pollution vulnerability.

Class diagram showing breaking changes in v21

classDiagram
    class OctokitRest {
        <<ESM Package>>
        +constructor(options)
        +request()
        +paginate()
    }

    note for OctokitRest "Breaking Changes in v21:\n- Package is now ESM only\n- Updated REST endpoints\n- Dependency updates"

Loading

File-Level Changes

Change	Details	Files
The @octokit/rest dependency was upgraded to address a security vulnerability and to take advantage of new features and bug fixes.	Updated @octokit/rest from version 16.43.2 to 21.1.0.	package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[secure-code-warrior-for-github]

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.