Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead. #22

Open
BaseMax opened this issue Feb 11, 2023 · 10 comments
Open

[DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead. #22

BaseMax opened this issue Feb 11, 2023 · 10 comments
Labels
help wanted Extra attention is needed

Comments

@BaseMax
Copy link

BaseMax commented Feb 11, 2023
edited
Loading

Config code:

      - name: FTP Deployer
        uses: sand4rt/[email protected]
        with:
          sftp: true
          host: ${{ secrets.SERVER_HOST }}
          port: 22
          username: ${{ secrets.SERVER_USERNAME }}
          password: ${{ secrets.SERVER_PASSWORD }}
          remote_folder: ${{ secrets.SERVER_PATH }}
          local_folder: '.'
          cleanup: false
          include: '[ "*", "**/*" ]'
          exclude: '["node_modules/**", ".github/**", ".git/**", "*.env"]'
          pasive: true

Error:

[DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
@sand4rt
Copy link
Owner

sand4rt commented Feb 11, 2023

Can you retry with the latest version?

@BaseMax
Copy link
Author

BaseMax commented Feb 11, 2023

I must change 1.4 to 1.7?

@sand4rt
Copy link
Owner

sand4rt commented Feb 11, 2023
edited
Loading

Yeah

@BaseMax
Copy link
Author

BaseMax commented Feb 12, 2023

After change version 1.4 to1 .7:

Warning: Unexpected input(s) 'pasive', valid inputs are ['sftp', 'host', 'port', 'username', 'password', 'remote_folder', 'local_folder', 'cleanup', 'include', 'exclude', 'passive']
Run sand4rt/[email protected]
Deploying...
(node:16[2](https://github.com/BaseMax/****/actions/runs/****/jobs/7193954733#step:3:2)7) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Deploy finished:

@BaseMax
Copy link
Author

BaseMax commented Feb 12, 2023
edited
Loading

I deleted pasive parameter from GitHub Action. Still it's same and the warning:

Run sand4rt/[email protected]
Deploying...
(node:[17](https://github.com/BaseMax/*****/actions/runs/4158637741/jobs/7193992520#step:3:18)[1](https://github.com/BaseMax/*****/actions/runs/4158637741/jobs/7193992520#step:6:1)[3](https://github.com/BaseMax/*****/actions/runs/4158637741/jobs/7193992520#step:6:3)) [DEP000[5](https://github.com/BaseMax/*****/actions/runs/4158637741/jobs/7193992520#step:6:5)] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Deploy finished:

Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use node --trace-deprecation ... to show where the warning was created)

@sand4rt
Copy link
Owner

sand4rt commented Feb 18, 2023

Related to: #4 and simonh1000/ftp-deploy#116

@sand4rt sand4rt added the help wanted Extra attention is needed label Oct 10, 2023
@radoslawkalamon
Copy link

I'll try to look into this and see what I can do.

@radoslawkalamon
Copy link

The problem lies within the dependency chain: ftp-deploy -> promise-ftp -> @icetee/ftp.

The package promise-ftp uses the package @icetee/ftp v0.3.15, which employs new Buffer() in the file @icetee\ftp\lib\connection.js on line 54.

There is a newer version, @icetee/node-ftp v1.0.4, that uses Buffer.from(). However, it seems the promise-ftp package has been abandoned, as its latest version v1.3.5 was published 7 years ago.

Therefore, there are two possible ways to resolve this issue:

  1. Ditch the ftp-deploy package and use an alternative.
  2. Convince the team behind the ftp-deploy package to replace promise-ftp with a more up-to-date dependency.

@BaseMax
Copy link
Author

BaseMax commented Jan 26, 2025

Convince the team behind the ftp-deploy package to replace promise-ftp with a more up-to-date dependency.

This one? https://github.com/marketplace/actions/ftp-deploy

@radoslawkalamon
Copy link

@BaseMax This one - https://github.com/simonh1000/ftp-deploy - as this is dependency package for ftp-deployer.

@BaseMax BaseMax mentioned this issue Jan 26, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BaseMax @radoslawkalamon @sand4rt