Changelog
Source:NEWS.md
gh 1.6.0
CRAN release: 2026-05-29
gh()now signals a classedgh_interruptinterrupt when a paginated call is interrupted (e.g. viaCtrl+C/Escape). The condition object carries the records fetched so far on its$gh_resultfield. If the interrupt is not caught, then you can also access it viarlang::last_error(), i.e. the partial results are inrlang::last_error()$gh_result(#98).GitHub PAT format validation now issues a warning by default instead of throwing an error, so a PAT in an unrecognized (e.g. newly introduced) format is still used. Set the
gh_validate_tokensoption or theGH_VALIDATE_TOKENSenvironment to"off","warn"or"error"to configure this.Token validation now recognizes newer GitHub App installation tokens (
ghs_prefix) (#231, @jharmon-gilead).gh()no longer returns empty results when httr2’s HTTP cache revalidates a stored response with304 Not Modified.gh()no longer errors on a304 Not Modifiedresponse. This makes manual conditional requests (e.g. passingIf-None-Matchvia.send_headers) usable: a 304 returns an emptygh_responsewith the response headers (including theETag) still attached (#219).New
fake_github_app(), a webfakes app that implements a small subset of the GitHub REST API. This app is now used in the gh test suite, and it can be used by upstream package authors as well.Token validation now recognizes newer GitHub App installation tokens (
ghs_prefix) (#231, @jharmon-gilead).gh()no longer crashes when reporting a GitHub API error whoseerrorsfield is a plain string rather than the documented array of objects, as happens on some 422 responses (#229).
gh 1.5.0
CRAN release: 2025-05-26
BREAKING CHANGES
Posit Security Advisory(PSA) - PSA-1649
- Posit acknowledges that the response header may contain sensitive information. (#222) Thank you to @foysal1197 for your thorough research and responsible disclosure.
gh(), and other functions that use it, now do not save the request headers in the returned object. Consequently, if you use the gh_next(), gh_prev(), gh_first() or gh_last() functions and passed .token and/or .send_headers explicitly to the original gh() (or similar) call, then you’ll also need to pass the same .token and/or .send_headers to gh_next(), gh_prev(), gh_first() or gh_last().
OTHER CHANGES
New
gh_token_exists()tells you if a valid GH token has been set.gh()now uses a cache provided by httr2. This cache lives intools::R_user_dir("gh", "cache"), maxes out at 100 MB, and can be disabled by settingoptions(gh_cache = FALSE)(#203).gh_token()can now pick up on the viewer’s GitHub credentials (if any) when running on Posit Connect (@atheriel, #217).
gh 1.4.0
CRAN release: 2023-02-22
gh()gains a new.max_rateparameter that sets the maximum number of requests per second.gh is now powered by httr2. This should generally have little impact on normal operation but if a request fails, you can use
httr2::last_response()andhttr2::last_request()to debug.gh()gains a new.max_waitargument which gives the maximum number of minutes to wait if you are rate limited (#67).New
gh_rate_limits()function reports on all rate limits for the active user.gh can now validate GitHub fine-grained personal access tokens (@jvstein, #171).
gh 1.3.1
CRAN release: 2022-09-08
gh now accepts lower-case methods i.e. both
gh::gh("get /users/hadley/repos")andgh::gh("GET /users/hadley/repos")work (@maelle, #167).Response headers (
"response_headers") and response content ("response_content")are now returned in error conditions so that error handlers can use information, such as the rate limit reset header, when handlinggithub_errors (@gadenbuie, #117).
gh 1.2.1
CRAN release: 2021-04-01
- Token validation accounts for the new format announced 2021-03-04 and implemented on 2021-04-01 (#148, @fmichonneau).
gh 1.2.0
CRAN release: 2020-11-27
gh now handles responses from pagination better, and tries to properly merge them (#136, @rundel).
-
gh can retrieve a PAT from the Git credential store, where the lookup is based on the targeted API URL. This now uses the gitcreds package. The environment variables consulted for URL-specific GitHub PATs have changed.
- For “https://api.github.com”:
GITHUB_PAT_GITHUB_COMnow, instead ofGITHUB_PAT_API_GITHUB_COM - For “https://github.acme.com/api/v3”:
GITHUB_PAT_GITHUB_ACME_COMnow, instead ofGITHUB_PAT_GITHUB_ACME_COM_API_V3
See the documentation of the gitcreds package for details.
- For “https://api.github.com”:
The keyring package is no longer used, in favor of the Git credential store.
-
The documentation for the GitHub REST API has moved to https://docs.github.com/rest and endpoints are now documented using the URI template style of RFC 6570:
- Old:
GET /repos/:owner/:repo/issues - New:
GET /repos/{owner}/{repo}/issues
gh accepts and prioritizes the new style. However, it still does parameter substitution for the old style.
- Old:
Fixed an error that occurred when calling
gh()with.progress = FALSE(@gadenbuie, #115).gh()accepts namedNAparameters that are destined for the request body (#139).
gh 1.1.0
CRAN release: 2020-01-24
Raw responses from GitHub are now returned as raw vector.
Responses may be written to disk by providing a path in the
.destfileargument.gh now sets
.Last.errorto the error object after an uncaught error, and.Last.error.traceto the stack trace of the error.gh()now silently drops namedNULLparameters, and throws an error for namedNAparameters (#21, #84).gh()now returns better values for empty responses, typically empty lists or dictionaries (#66).gh()now has an.acceptargument to make it easier to set theAcceptHTTP header (#91).New
gh_gql()function to make it easier to work with the GitHub GraphQL API.gh now supports separate personal access tokens for GitHub Enterprise sites. See
?gh_tokenfor details.gh now supports storing your GitHub personal access tokens (PAT) in the system keyring, via the keyring package. See
?gh_tokenfor details.gh()can now POST raw data, which allows adding assets to releases (#56).