Skip to content

Conjure User-Agents supports arbitrary comment data #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 18, 2025
Merged

Conjure User-Agents supports arbitrary comment data #186

merged 2 commits into from
Feb 18, 2025

Conversation

PhoebeSzmucer
Copy link
Contributor

@changelog-app
Copy link

changelog-app bot commented Feb 17, 2025
edited by PhoebeSzmucer
Loading

Generate changelog in packages/conjure-client/changelog/@unreleased

What do the change types mean?
  • feature: A new feature of the service.
  • improvement: An incremental improvement in the functionality or operation of the service.
  • fix: Remedies the incorrect behaviour of a component of the service in a backwards-compatible way.
  • break: Has the potential to break consumers of this service's API, inclusive of both Palantir services
    and external consumers of the service's API (e.g. customer-written software or integrations).
  • deprecation: Advertises the intention to remove service functionality without any change to the
    operation of the service itself.
  • manualTask: Requires the possibility of manual intervention (running a script, eyeballing configuration,
    performing database surgery, ...) at the time of upgrade for it to succeed.
  • migration: A fully automatic upgrade migration task with no engineer input required.

Note: only one type should be chosen.

How are new versions calculated?
  • ❗The break and manual task changelog types will result in a major release!
  • 🐛 The fix changelog type will result in a minor release in most cases, and a patch release version for patch branches. This behaviour is configurable in autorelease.
  • ✨ All others will result in a minor version release.

Type

  • Feature
  • Improvement
  • Fix
  • Break
  • Deprecation
  • Manual task
  • Migration

Description

Conjure User-Agents supports arbitrary comment data

Check the box to generate changelog(s)

  • Generate changelog entry

samialfhaily
samialfhaily previously approved these changes Feb 17, 2025
View reviewed changes
mfedderly
mfedderly previously approved these changes Feb 18, 2025
View reviewed changes
@policy-bot policy-bot bot dismissed stale reviews from samialfhaily and mfedderly February 18, 2025 13:58

Invalidated by push of 30cd2b2

@PhoebeSzmucer PhoebeSzmucer merged commit 78dbd07 into develop Feb 18, 2025
4 checks passed
@autorelease3
Copy link

autorelease3 bot commented Feb 18, 2025

Released 2.13.0

ericjeney
ericjeney reviewed Feb 18, 2025
View reviewed changes
packages/conjure-client/src/userAgent.ts
* Note that this library provides a much stricter set of allowed
* characters within comments than the linked RFCs to reduce complexity.
*
* Allowed characters: "a-zA-Z0-9.-:_/ "
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@PhoebeSzmucer Where does this get enforced, and what happens if a comment is provided that contains a character outside of this set?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's enforced on the conjure-java side palantir/conjure-java-runtime-api#1286

I felt like we don't want to validate here again, because it wouldn't be much safer. But I still wanted to mention this requirement, since the BE validates this.

Do you have another idea? I'm happy to open a FLUP PR to do something else.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I worry a bit that the "comments" terminology implies that it allows arbitrary text, including potentially user-entered text, which could lead applications to completely fail to load under particular conditions (e.g. when the text contains a comma). If we added % to this list, we could consider explicitly URL-encoding each comment?

In practice, we should never be including user-entered content in user agents due to log safety, so I think this is fine for our planned use-cases. Just feels like a bit more of a footgun than we typically leave around.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like we'd also need to add !~*'( ) to this list to fully support URL-encoding.

Let's keep this as it is for now given it matches the BE behavior and works for how we intend to use it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericjeney ericjeney ericjeney left review comments

@samialfhaily samialfhaily samialfhaily left review comments

+1 more reviewer

@mfedderly mfedderly mfedderly approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

autorelease

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@PhoebeSzmucer @ericjeney @mfedderly @samialfhaily @svc-changelog