DependabotSemver Service Test and Badge Failing

[calebcartwright]

🕚 When did the problem start?
~5 days ago, November 8th

📷 Live badge

https://img.shields.io/dependabot/semver/bundler/puma

🔧 Is the live badge working?

🔗 CircleCI link
https://app.circleci.com/pipelines/github/badges/daily-tests/1321/workflows/0b53d87a-2480-4b3e-bb3a-22f88e3d9938/jobs/2223

🐞 Stack trace

ValidationError: message mismatch: "value" with value "inaccessible" fails to match the required pattern: /^[1-9][0-9]?%|^100%|^0%$/
    at Object.exports.process (node_modules/joi/lib/errors.js:184:16)
    at Object.internals.entry (node_modules/joi/lib/validator.js:150:26)
    at Object.exports.entry (node_modules/joi/lib/validator.js:27:30)
    at internals.Base.validate (node_modules/joi/lib/base.js:548:26)
    at Object.internals.assert (node_modules/joi/lib/index.js:225:27)
    at Object.attempt (node_modules/joi/lib/index.js:107:26)
    at Function._expectField (file:///home/circleci/project/shields/core/service-test-runner/icedfrisby-shields.js:74:13)
    at IcedFrisbyNock.<anonymous> (file:///home/circleci/project/shields/core/service-test-runner/icedfrisby-shields.js:55:26)
    at IcedFrisbyNock.<anonymous> (node_modules/icedfrisby/lib/icedfrisby.js:954:10)
    at invokeNextHook (node_modules/icedfrisby/lib/icedfrisby.js:1003:24)
    at /home/circleci/project/shields/node_modules/icedfrisby/lib/icedfrisby.js:1017:7
    at new Promise (<anonymous>)
    at IcedFrisbyNock._runHooks (node_modules/icedfrisby/lib/icedfrisby.js:976:12)
    at IcedFrisbyNock.run (node_modules/icedfrisby/lib/icedfrisby.js:1276:20)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Context.<anonymous> (node_modules/icedfrisby/lib/icedfrisby.js:1348:9)

💡 Possible solution

It seems that the API contract has changed on us and now requires two additional parameters. Obviously our existing requests don't send those new parameters so we're getting 400 responses with complaints about bad requests.

curl "https://dependabot-badges.githubapp.com/badges/compatibility_score?package-manager=bundler&dependency-name=puma&version-scheme=semver"

{"errors":[{"status":400,"title":"Bad Request","detail":"Missing required parameter: previous-version"}]}

The API now wants both a previous-version and new-version to be provided in the query params. Part of me wonders if this amounts to an incredibly similar, but technically new data point since it's now between explicit pairs (and I don't know if the prior/original percentage reflected an aggregate for the package, ranges, etc.)

https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=react-select&package-manager=npm_and_yarn&previous-version=4.3.1&new-version=5.0.0

I think we can try to follow up with GitHub to see if the old API exists in any shape or form, but if not, then I'd lean towards deprecating the current badge. We could create a "new" badge that has new required route parameters to account for the previous and new versions, though I'm not sure how much utility that will provide for our users given what seems to be an exact version pinning

[chris48s]

I had a quick look at the stats for this on https://metrics.shields.io and we serve hardly any of these. In the last 24 hours we served 33 requests for the dependabot compatibility badge and I think moving to an explicit from/to version pair makes the already narrow use-case for this even narrower. If we do need to remove it I think it will be low impact