fix: add missing extends field to Role types#121
Open
Kyzgor wants to merge 2 commits intopermitio:mainfrom
Open
fix: add missing extends field to Role types#121Kyzgor wants to merge 2 commits intopermitio:mainfrom
Kyzgor wants to merge 2 commits intopermitio:mainfrom
Conversation
…ate types The `extends` field (Array<string>) is present in the Permit.io API response and documented in the OpenAPI spec at https://api.permit.io/v2/openapi.json, but was missing from the generated TypeScript interfaces. This prevented SDK users from: - Creating roles with inheritance via `permit.api.roles.create({ extends: [...] })` - Updating role hierarchy via `permit.api.roles.update(key, { extends: [...] })` - Reading the `extends` field from role objects returned by get/list/create/update Verified against the live Permit.io API — all CRUD operations with the `extends` field work correctly.
Production dependency updates: - axios: ^1.7.4 -> ^1.13.5 (CVE DoS + form-data unsafe random) - pino: 8.11.0 -> ^8.21.0 - pino-pretty: 10.2.0 -> ^10.3.1 (minimatch ReDoS x3, brace-expansion ReDoS) - path-to-regexp: ^6.2.1 -> ^6.3.0 (backtracking regex) - lodash: ^4.17.21 -> ^4.17.23 (prototype pollution in unset/omit) Also migrated logger.ts from deprecated prettyPrint option to pino.transport() API for pino 8.21 compatibility. Resolves all 9 production audit vulnerabilities (0 remaining).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
extendsfield (Array<string>) is present in the Permit.io API OpenAPI spec and returned by the API, but is missing from theRoleRead,RoleCreate, andRoleUpdateTypeScript interfaces in the SDK.This means SDK users cannot:
permit.api.roles.create({ key: 'editor', name: 'Editor', extends: ['viewer'] })permit.api.roles.update('editor', { extends: ['viewer'] })extendsfield from role objects (TypeScript reports it as unknown)Fix
Added the
extends?: Array<string>field to all three role type interfaces:src/openapi/types/role-read.ts—RoleReadsrc/openapi/types/role-create.ts—RoleCreatesrc/openapi/types/role-update.ts—RoleUpdateThe field definition matches the OpenAPI spec and follows the existing JSDoc style in the generated types.
Verification
Tested against the live Permit.io API — all operations work correctly:
RoleRead.extendsfield present onget()RoleRead.extendsfield present onlist()RoleCreatewithextends(create role with inheritance)RoleUpdatewithextends(add parent role)RoleUpdatewithextends: [](remove parent role)yarn buildpasses