Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer() is deprecated due to security and usability issues (v2.0.0) #197

Closed
marcofranssen opened this issue May 10, 2022 · 17 comments
Closed
Labels
enhancement New feature or request

Comments

@marcofranssen
Copy link

In my workflows I'm using Node 16 (LTS)

When running this action it shows following logs.

(node:3250) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

Can this piece of code be updated to resolve this deprecation warning?

@jpogran
Copy link
Collaborator

jpogran commented May 18, 2022

This was raised in hashicorp/js-releases#42 and we have a potential fix for this in hashicorp/js-releases#43.

This will be in the js-releases 1.6 release, and I'll update this action when that is released.

@jpogran jpogran added this to the 2.1.0 milestone May 18, 2022
@jpogran jpogran added the enhancement New feature or request label May 18, 2022
@magnetikonline
Copy link
Contributor

magnetikonline commented May 26, 2022

Thanks for circling this out @jpogran and @marcofranssen for logging the issue (something I forgot to do).

PR hashicorp/js-releases#43 has now been merged - pending next release.

@jpogran
Copy link
Collaborator

jpogran commented Jun 13, 2022

hashicorp/js-releases 1.6.0 has been released. This repo can now be updated to use that version to have this message removed.

@magnetikonline
Copy link
Contributor

FYI (to circle around) this is the auto-cut Dependabot PR #214

Thanks @jpogran

@tobiasehlert
Copy link

Is there an estimate when this might be merged and released? 😄

@chrisk-tbot
Copy link

hey all, thanks for raising this and identifying root cause. Also just seconding that I would love to see a merge/release here as well. Doing some version updates and this error is hanging up our workflow. Thanks so much!

@cdaly1
Copy link

cdaly1 commented Aug 4, 2022

This warning is causing inconsistent failures in our workflows. Please merge and release ASAP.

@ianhundere
Copy link

@jpogran

any idea when this will be merged and 2.1.0 released ?

@jpogran
Copy link
Collaborator

jpogran commented Sep 16, 2022

All, apologies for the delay. I'll be reviewing the current state next week and getting a point release out

@ianhundere
Copy link

All, apologies for the delay. I'll be reviewing the current state next week and getting a point release out

@jpogran Any update on getting a point release out? Thanks 🙇🏼

@magnetikonline
Copy link
Contributor

My changes in @hashicorp/js-releases to fix this issue dropped in the just released https://github.com/hashicorp/setup-terraform/releases/tag/v2.0.1.

Thus this issue should now be resolved. 👍

@jpogran
Copy link
Collaborator

jpogran commented Oct 12, 2022

Apologies on the delay, again. HashiConf kinda pushed things around in my schedule and I didn't get to this in the time I expected to.

I made a mistake in 2.0.1 in the release metadata, which I fixed in 2.0.2. I'll be updated the v2 tag later on today to finish out the release.

@magnetikonline
Copy link
Contributor

magnetikonline commented Oct 12, 2022

Thx @jpogran 👍

I'll reconfirm with some workflows tomorrow on the v2 tag.

Update: still no update to the v2 tag (yet), receiving the message.

@mforutan
Copy link

@jpogran Can you please update the v2 tag?

@magnetikonline
Copy link
Contributor

This can be closed out as fixed (just confirmed via a hashicorp/setup-terraform@v2 workflow run).

No longer seeing this DeprecationWarning message - the result of hashicorp/js-releases#43 in @hashicorp/js-releases: 1.6.0 now included. 👍

Thanks @jpogran for helping getting this one through / providing reviews to PRs. 👍

@bflad bflad removed this from the 2.1.0 milestone Nov 2, 2022
@bflad
Copy link
Contributor

bflad commented Nov 2, 2022

Closing per above. 😄

Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

9 participants