►
From YouTube: BE Pairing - 20230510 - Set default PAT expiration
Description
In this session, we pair on a %16.0 breaking change. Personal Access Tokens (PATs) will no longer be allowed to have a nil value for expiration. We discuss this change and breaking changes in general.
A
But
yeah,
so
let's
get
this
pairing
started.
You
said
you
were
doing
15
11.
They
made
oau
tokens,
they
had
to
have
an
expiration
date.
15.0.
B
So
that
was
the
last
breaking
change
and
then
this
breaking
change.
We
we're
at
saying
that
all
personal
access
tokens
must
have
an
expiration
okay
and
that
it
includes
personal
like
for
real
people
and
then
also
for
bot
users
like
project
access,
tokens
and
group
access
tokens.
B
And
so
I'll
show
you
where
we're
at
with
our
plans.
Let
me
get.
Let
me
share
my
screen.
What
am
I
doing?
Okay,
I'll
share
my
entire
window
and
yeah
there's
been.
This.
Is
me
writing
a
mega
comment
last
night,
nine
hours
ago,
I'm
like
that's,
why
I'm
hardly
awake
right
now
so.
A
B
A
What
very
small,
like
the
issue
is
very
small,
yeah
I
feel
like
it's
almost
like
a
hidden
like
octopus,
underneath
you
know
the
water
and
you
see
like
a
little
tentacle
sticking
out
of
the
water,
so
we're
making
all
access
tokens
have
an
expiration
date
like
all
of
them.
Okay,
all.
B
Of
them
yeah,
and
so
there
is
an
instance
level
setting
that's
currently
available,
I
believe
it's
like
an
ultimate
only
feature,
and
you
can
have
this
there's
I,
think
there's
a
group
level
setting
and
then
there's
an
instance
level
setting
and
they're
both
like
licensed
features,
and
so
the
issue
was
like.
Oh
we'll
make
this
a
you
know
it
can't
be
blank
and
it's
a
maximum
365
and
like
the
thing
that's
not
stated
here
but
comes
through
in
the
many
many
comments
is
that
this
were
also
no
longer
saying.
B
A
B
It's
a
security
thing:
security
wants
this,
you
know
I,
guess
we're
security
minded,
so
we
want
it
to
I
mean
security
wanted
30
days,
so
we
fought
back
for
365,
which
I
think
will
make
people
happier.
B
Know
and
and
the
rotation
is
being
worked
on
separately,
that
is
in
progress,
but
you
know
that's
like
another
thing
to
to
develop
right.
If
you
have
some
personal
access,
token
or
a
group
access
token
that's
being
used
and
you
need
to
make
sure
it
rotates
every
year
you
have
to
build
or
every
30
days
whatever
it
is.
You
want
to
do.
B
You
have
to
build
an
integration
with
gowab
to
rotate
it,
so
that
is
happening,
and
so
anyways
I
started
work
on
this
yesterday
and
I
quickly
realized
something
super
scary,
and
this
is
kind
of
just
interesting
knowledge
to
have,
which
is
that,
when
this
setting
this
instance
level
setting
has
changed,
and
currently
it's
only
an
ultimate
setting,
but
we
were
going
to
move
it
to
all
it
to
Community
Edition
it
actually,
in
the
like
calls,
a
class
which
calls
the
class
which
calls
a
class
which
revokes
any
token
that
are
no
longer
valid
because
of
the
new
setting.
B
B
Like
well
I
shouldn't,
say
I'm
pretty
sure
this
has
been
around
for
a
while.
Let's
see.
B
B
It
should,
if
you
have
an
ultimate
license.
Oh.
B
Don't
know
what
it
is:
yeah
and
I
and
anyways
there's
ways
we
can
get
around
this,
but
you
know
kind
of
stepping
back
a
second
and
thinking.
What
are
we
trying
to
accomplish
here?
What
we're
trying
to
accomplish
is
not
moving
this
setting.
It's.
We
want
to
ensure
that
there
are
no
tokens
without
an
expiration
yeah.
How
long
my
husband
just
texted
me
he
just
got
to
New
Zealand,
okay,
so
I.
B
So
I
was
like
okay,
this
this
scares
me.
What
can
we
do
instead,
and
so
instead
I
opened
an
MR
that
overrides
the
expires
at
setter
and
I.
Did
this
find
a
feature
flag
to
not
cause
an
incident,
but
basically,
if
there
is
no
value,
if
the
value
is
nil,
then
we
default
to
365..
B
So
this
is
not
adding
a
validation
on
tokens.
It
is
simply
like
just
setting
a
default
value,
which
is
like
kind
of
a
weird
user
experience
thing
like
people
are
going
to
be
creating
tokens
with
no
expiration.
B
It
will
be
like
surprise,
there's
an
expiration
yeah,
but
what
this
is
going
to
allow
us
to
do,
because
it's
at
a
low
level
is
run
a
batch
to
background
migration,
that
backfills
expiration
for
all
existing
tokens
and
then
add
the
validation
after
because
we
don't
want
to
add
a
validation
first
and
then
have
people's
tokens
be
invalid.
Yeah,
yeah,
yeah
I
also
played
with
adding
a
validation.
This
is
another
branch
that
I
had
where
I
was
just
going
to
validate
it
on
create
I
kind
of
hate,
validations
that
are
just
on
Creator.
A
B
A
Blank
for
No
Limit,
it
does
say
when
enabled
existing
access
tokens
may
be
revoked,
but
that's
like
I'm,
not
changing
mine,
I,
guess,
I'll
change
it
and
see
what
happens.
Yeah
I
can
change.
A
A
Running
right
past
that
I
have
no
idea
if
my
expiration,
if
my
tokens
were
just
expired,
so.
B
You
could
have
manually
update
one
to
have
no
expiration
yeah
before
you
change
it
and
see.
If
it
gets
revoked,
it
would
have
to
be
an
unrevoked.
That's
it.
So
I
actually
did
what
you
were
doing
right
now
yesterday,
but
I
forgot
I
had
one
without
an
expiration,
but
it
was
already
roped
and
the
what
it
does
is
revokes
them.
So
I
I
did
not
have
a
successful
test
because
I
didn't
have
the
right
data
set
up.
Okay,.
B
And
like,
ultimately,
what
we,
what
we
is
to
have
that
setting
be
for
all
editions
and
to
be
a
default
value
of
365
and
a
lab
link,
not
allowing
blank
values
but
I,
think
the
breaking
change,
and
this
is
like,
where
I
think
it's
helpful
to
bounce
this
off
of
you
because
I
this
is
my
first
major
release
and
like
what
is
the
breaking.
Change
is
sometimes
up
for
interpretation,
yeah,.
A
I
was
a
very
long
discussion
thread
which
I
did
not
participate
in,
but
I
kind
of
like
was
listening
reading
some
of
the
back
and
forth
about
what
is
a
breaking
change
with
regards
to
the
API.
B
Oh
I
saw
that
yeah
like
because
I
I
think
I
commented
because
they
were
asking
well.
Is
it
a
breaking
change
to
go
from
like
a
403
to
a
401
or
something?
And
it's
like?
Well,
maybe,
if
somebody's
specifically
looking
for
that
response
status.
A
Yeah,
it's
really
I'm
having
a
publicly
consumable
API
like
really
it
yeah
I
feel
like
I,
don't
know
this
thing.
It
almost
feels
like
they're.
A
It
needs
to
be
like
the
release
post.
It
needs
to
be
you
know,
I
don't
know,
I
feel
like
there's
needs
to
be,
maybe
some
communication
I,
don't
know.
That
would
be
my
first
like
thing
in
this
Mr
yeah
like
that
Mr
needs
to
be
part
of
the
release,
post
and
then
I,
don't
know
if
I
don't
know
who
I
would
ask
to
be
like
does
there
need
to
be
any
other
communication
outside
of
that?
That,
like
this
is
a
change,
a
breaking
change.
That's
gonna
like
affect
everybody
like
I,
don't
know,
yeah.
B
Deborah
K
non-explores,
so
there's
a
deprecation
notice
and
so
I
can
add
a
breaking
change
notice,
this
Mr
for
sure
and
I
in
that
this
is
also
oh,
interesting
I.
B
A
B
Exactly
it's
safer
and
we
actually
are
adding
this
with
default.
Enabled
true,
but
it
just
allows
us
to
when
this
goes
out
to
turn
off
the
feature
flag
and
be
like
JK
didn't
want
to
do
that
because
I
agree.
There
is
some
risk
to
this
change
like
certainly-
and
this
is
where
I
don't
understand-
exactly
how
breaking
changes
work
on
gitlab.com
versus
because
we're
hoping
to
get
this
into
16.0,
that's
the
goal
and
somebody
of
grade
sixiano.
B
They
know
that
they
can
no
longer
have
automations
that
create
personal
access
tokens
without
an
expiration
right,
but
on
gitlab.com,
say
this
gets
deployed
tomorrow
and
in
the
getlab.com
customer
has
tokens
being
created
with
expires
and
nil.
This
actually
won't
raise
an
error
for
them
because
it
will
set
a
default
value,
but
we
do
plan
on
following
on
by
adding
that
validation.
Okay.
B
So
it
will
raise
an
error
later
so
anyways
we're
going
to
do
this
and
then
we're
going
to
do
the
migration
after
this
gets
merged.
We
have
a
background
migration
Mr.
That's
in
in
progress.
That's
going
to
do
a
batch
background
migration
to
set
the
value
for
existing
access
tokens
and
then
we're
going
to
deal
with
the
application
setting
stuff.
Third.
A
I
think
trying
to
think
I
haven't
had
a
ton
of
experience
with
like
these
breaking
changes
that
affect
users
like
this
system
wide
I
know
a
I
think
we
need
to
get
this
done
and
get
it
in,
but
I'm
wondering
I'm
trying
to
like
think
of
like
things
that
I've
seen
you
know,
there's
like
those
alerts
that
sometimes
you
know,
I
saw
one
about
like
breaking
changes
in
gitlab.
160
is
coming,
see,
what's
happening,
I,
don't
know
there
may
be
something
to
think
about
yeah.
B
A
B
B
Will
deal
with
the
breaking
change
is
if
they
are
somehow
creating
new
paths
programmatically
with
a
nil
expiration
and
at
some
point
not
via
this
Mr,
but
via
a
follow-on
or
actually
via
this
Mr,
maybe
because
I'm
currently
adding
making
sure
that
they're
not
setting
expiration
longer
than
365..
So
somebody
is
creating
paths.
They
have
some
kind
of
process
that
creates
paths
with
a
two-year
expiration
date.
Then
they
are
going
to
start
getting
errors
immediately.
Once
this
is
deployed.
A
B
A
Like
that
communication
doesn't
have
to
stop
this
thing,
but
I'm,
just
like
thinking
like
yeah.
How
does
that?
Because
it's
going
to
be
a
while
from
now,
and
it
may
cause
a
bunch
of
problems
where
everyone
has
already
forgotten
that
this
you
know
what
I
mean
like
you
might
just
like.
Oh
that
was
a
year
ago.
It's
you
know
when.
A
B
Don't
know
no,
maybe
an
email
or
something
you're
right
like
maybe
we
find
we
email,
the
owner
of
every
personal
access,
token
or
group
access
token
that
is
updated
in
this
migration
and
we
like
repeatedly
and
say
by
the
way
we
updated.
You
know
it's.
B
A
A
I,
just
I
yeah,
I,
guess
I,
just
don't
want
to
have
an
incident
created,
one
of
the
bunch
of
people
like
my
pad's,
not
working.
You
know
like
in.
B
A
B
B
A
Yeah,
that
might
be
something
I
would
be
like.
What
do
you
think
yeah,
because
we
we
have
that
a
lot
with
our
stuff,
where
it's
like
I,
don't
think
we're
doing
a
great
job
of
when
indexing
into
elasticsearch
is
paused,
which
it
happened
yesterday.
What
that
means
is
people's
updates,
don't
get
put
in
for
any
changes
that
happen,
while
indexing
is
paused
and.
B
B
A
For
like
24
hours,
it
wasn't
that
bad,
but
it
is
still
something
like
it
can
create
problems,
and
we
don't
have
that
solution.
Yet
about
like
how
that
gets
communicated
out
properly.
A
We
do
have
an
issue
for
it.
Okay,
but
do
you
have
code
that
you
want
to
look
at?
Are
you
just
looking
to
talk
about
like
approach.
B
No
I
feel
I
was
just
updating
a
test.
So
the
thing
that
is
like
the
code
change
here
is
really
small.
I'll
give
you
a
look
at
the
files.
It's
pretty
much
just
this
one
method
here
and
then
there's
like
a
lot
of
spec
changes,
because
we
have
a
bunch
of
specs
that
set
nil
exploration
expires
at
it's
closing
the
window.
B
B
A
Would
also
run
the
package
in
QA
like
and
make
sure
that
that
one
doesn't
have
any
updates
that
need
to
be
happening
under
that
QA
folder.
B
Ones:
yeah,
okay,
I
just
so
I
just
updated.
Let
me
look
at
it.
I
just
added
this
method.
Again,
this
is
protected
behind
the
feature
flag.
Just
in
case
we
decide,
we
hate
it,
and
this
invalidates
expires
that
I
had
some
tests.
Those
are
fine.
I
just
changed
this,
because
this
test
had
an
expire
that.
B
Mind
that's
very
far
in
the
future.
Definitely
the
sun
will
have
it
quoted
by
fun.
I
think
so.
I
just
changed
that
to
be
here.
I.
Actually
don't
even
it's
funny
like
looking
at
this.
This
isn't
even
reference
in
the
code,
so
I
actually
wonder
if
I
can
comment
it
out
and
run
this-
oh,
oh,
but
maybe
what
it
is.
It's
trying
to
make
sure
that
this
is
like
a
scope,
expiring
and
notified.
B
B
B
A
Don't
use
like
like
VI
or
Vim
so
sometimes
I'm
like?
Is
that,
like
the
right
side,
column,
yeah.
B
A
Until
last
week,
I
didn't
even
know
that
you
could
put
linters
I
saw
people
just
like
coded
like
just
like
whatever
this
is
great,
it's
totally
gonna
be
fine
and
then
somehow
fix
it
later.
I'm,
like
I,
don't
know
I.
B
Yeah
no
I
have
so
I
started
using
Vim,
because
my
first
employer
had
standard
dot
files
that
everybody
used
and
I
like
still
use
them
to
this
day
and
I.
Think
where
are
they
I?
Think
it's
it's
Vim,
bundled
so
there's
like
I
have
look
at
all
these
bundles
I
have
they're,
basically
like
gems,
okay,.
B
A
Was
that
guy
pancake?
No,
the
big
rails
person
like
the
the
there's,
like
some
big
rails,
one
of
the
Rails
owners?
What
are
they
called
like?
The
stewards
of
rails,
yeah.
A
Yeah
we
gave
one
of
the
talks
at
realcomp
about
writing
your
own
linters
and
I
was
just
like.
Oh,
you
can
put
a
letter.
Oh.
B
My
God
yeah
we
used
I'm
not
switching
over,
but
when
I
was
at
this
company
thoughtbot,
where
we
use
these
shared
dot
files,
we
would
do
that.
We
hosted
the
San
Francisco
Vim
meet
up
and
it
was
basically
like
us
and
then
a
bunch
of
like
Square
dudes
from
Square.
The
company
and
I
think
I
feel
like
I
think
it
would
have
been
a
better
use
of
time
if
we
just
focus
on
like
them
fundamentals
and
getting
better
at
them,
but
I
feel
like
it
ended
up.
A
B
There
are
cool
ones
like
yeah,
I'm
sure
that
your
editor
is
classier
than
this,
but
like,
for
example,
I
have
one
called
I,
think
it's
called
Vim
split
and
if
I
just
do
GS
and
then,
if
I
do
GS
it
like
automatically
splits
stuff.
For
me.
A
A
Yeah
I
am
not
I,
usually
mine,
I'm,
not
a
power
user
and
a
habitual
Mouse
user.
So
I'm
like
trying
to
work
on
my
shortcut,
keys,
Ruby
mines,
kind
of
it's
yeah,
it's
fine!
It's
it's
got
its
own
little
accent.
B
B
A
A
B
Yeah,
like
I,
do
like
no
and
I'm
pretty
good,
like
my
Tufts,
when
I
run
the
test
just
there
I'm
running
this
whole
test
file.
Now,
because
that's
what
was
feeling
before
I
just
use,
spacebar
T
and
it
runs
the
whole
file
which
I
know
like
Ruby
mine
gives
you
something
similar
where
you
can
easily
run
the
test.
But
it's
really
nice
yeah.
B
So
this
is
add,
validation
on
expiration
date,
which
expires
at.
A
I
was
just
looking
like
there's
some
guidelines
on
like
adding
and
not
milking
straight
to
an
existing
column.
A
It's
and
current
it's
a
two
I
think
it's
a
two
release.
Yes,.
B
B
B
B
Add
this
comment
here
so
I
push
to
commit
with
the
other
change
that
imra
suggested
and
now
I'm
gonna
make
a
change
to
deal
with
this
okay
here.
So
where
was
that?
What
is
the
expired?
Wrong
split
expires
in.
B
B
B
B
So
this
is
when
the
feature
flag
is
true
and
then
I'm
gonna
add.
A
B
Need
it
to
fix
it
and
I
need
to
add
an
end.
Yeah
I
need
to
see
it
fail
first
or
I.
A
B
A
A
Do
you
use
them
often
I
feel
like
sometimes
they're
like
crazy
and
it's
hard
to
read,
but
in
some
cases
it's
helpful
where
you
could
just
be
like.
Oh
for
these
token,
because
if
you
now
have
to
support
like
another
token
value,
then
you'd
have
to
add
like
another
test
on
but
I
feel
like
that's
more
like
a
non-blocking
comment.
If
it's
really.
B
Well,
the
other
thing
we
could
do
is
we
can
do
like
mill
empty
string.
Each
do.
A
A
B
A
Rubricop
ignores
in
the
same
spot.
A
I,
don't
think
it
needs
to
be
a
table.
This
is
also
fine.
I've
done
this
with
feature
Flags
when
it's
just
easier.
B
Oh,
is
it
like
stash,
Dash,
p
and
yeah,
so
it
patch
adds
things.
So
the
value
part
of
the
value
is
that
it
forces
me
to
review
what
I've
done
as
I.
Add
it
as
opposed
to
adding
random
stuff
and
then
also,
if
you
I,
can't
remember
which
one
of
these
it
is
basically
sometimes
you
want
to
even
split
it
further
and
you
can
one
of
these
options.
So
yes,
just
means.
B
Like
yes,
add
this
yeah
to
the
staged
to
you
know
to
my
stage
changes,
but
there's
one
of
these,
where
you
can
just
like
split
it
up
even
more
so
if
you've
kind
of
the
day
has
gone
away
from
you
and
you've
added
something
here,
something
there
and
you
want
to
be
separate
commits,
then
you
can
actually
split
them
up.
That's.
A
B
B
Okay,
oh
you
can
manually
edit
the
current
hun.
You
can
say
all
you
can
say:
no
don't
do
this
hunk!
Oh
it's
s!
That's
the
one!
The
option
is
not
printed,
but
you
can
do
split
real
cute.
B
B
Make
maybe
we
should
add
a
patch
to
get
and
ask
them
to
include
that
option
in
the
printed.
B
A
I
sometimes
will
just
I
mean
I'm,
very
messy,
sometimes
we're
all
like
have
stuff
and
just
kind
of
move
it
around
to
different
branches,
because
I
like
don't
want
to
lose
it,
but
then
I'm
like
well
I.
Don't
really
want
this
attached
to
this
thing,
so
I'll
kind
of
like
stash
things
in
home,
yeah
chunks,
yeah.
A
That's
cool
I
learned
something
yeah
I
guess
if
you
need
reviews
on
any
of
this
stuff,
I
am
at
the
end
of
my
day,
but
I
can
do
reviews
for
anyone
that
needs
for
you
or
anything
that
you
need.
Reviews
on
for
tomorrow.
I
can
do
database
initial
reviews
and
then.
B
A
A
A
Check
migration,
no
the
one
underneath
it,
but
also
that
check
migration.
Yeah
run
that
that
is
required
for
a
database.
Migrations
I,
think
well,
just
run
it
anyways
and
if
it
doesn't
run
anything,
then
it's
fine.
But
it's
supposed
to
run
stuff
kind
of
on
a
version
of
production
database.
B
A
B
A
B
I
think
it
was
addressed,
but
I'm
gonna
make
sure,
because
I
think
it
was
near
the
end
of
this
three
days
day
when
she
did
this.
A
B
B
See
the
guideline
exceeded:
oh
I,
think
that
we
already
knew
about
this
because
she
mentioned
adding
a
partial
index
on
expires.
Okay
hat,
she
mentioned
that
in
a
comment
where
oh
she's
been
working
hard,
so
I'll
review
all
this,
but
one
question
I
had
for
you,
so
I
keep
like
reading
and
then
forget.
A
question
is:
if
I
add
that
I
ran
that
job
will.
A
A
If
it
I
saw
a
comment
on
the
Mr,
typically,
what
I've
seen
is
it
should
I
honestly,
let
me
see
if
they
have
it
in
the
documentation.
A
I
would
think
it
does,
but
I
can't
say
for
sure
okay,
because
it
should
just
update
the
like.
This
thing
should
get
updated.
That
comment,
unless
this
is
something
that's
been
worked
on
by
a
community
contributor
in
which
this
kind
of
sometimes
behaves
a
little
bit
differently,
the
thing
should
just
update
itself.
A
I,
don't
think
you
can
look
at
the
job,
but
maybe
you
might
have
more
permissions
than
I.
Do.
I
cannot
look
at.
A
A
Like
it
kicked
it
kicks
off
like
another
job
and
it
will
come
back
and
run
so
that
one
like
all
that
passing
meant
is
that
it
was
successfully
able
to
like
initiate
the
job
I,
don't
yeah.
That
might
be
a
good
question
for
the
database
team
at
some
future.
I,
don't
know
if
it
actually
like,
but
it's
supposed
to
just
update
this,
so
you
can
look
if
that
commit
was
nine
hours
ago,
then
this
whenever
this
was
updated.
This
would
be
like
valid
okay.
B
A
A
B
A
A
A
Yeah,
it
probably
was
a
new
version.
I
didn't
even
read
the
changelog,
but
it
cost
me
some
yeah.
It
cost
me
some
pain,
but
thank
you
for
an
awesome
pairing
session.
It
was
nice
to
kind
of
delve
into
something
that
you're
working
on
and
yeah.
Maybe
next
time
I
can
bring
the
chat.
Ops
thing
if
I'm
not
done
with
it.
Okay.