Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Message "DeprecationWarning: Buffer() is deprecated due to security and usability issues" when running createComment #202

Closed
bryantson opened this issue Oct 11, 2021 · 6 comments
Closed

Message "DeprecationWarning: Buffer() is deprecated due to security and usability issues" when running createComment #202

bryantson opened this issue Oct 11, 2021 · 6 comments
Labels
Stale

Comments

@bryantson
Copy link

Describe the bug
I am getting the following message printing out in the Actions log when I run "github.rest.issues.createComment".

(node:1609) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

I noticed that this also happens for some other comamnds

To Reproduce
Steps to reproduce the behavior:

  1. Create a GitHub Action with `github.rest.issues.createComment({ ... })
  2. Go to 'Actions' tab and run the command
  3. Click on the Action
  4. Discover that the following message is printed out in the step

Expected behavior
I don't expect to see a message like that, as that actually portraits that the Action does not follow a safe guideline.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.
@mscdex
Copy link

mscdex commented Nov 12, 2021
edited

I recently saw this and after a bit of digging the situation is currently this:

  • github-script 5.0.0 depends on @octokit/core ^3.5.1
  • @octokit/core 3.5.1 depends on @octokit/request ^5.6.0
  • @octokit/request 5.6.2 depends on node-fetch ^2.6.1

This is the point where things break down. Basically the last node-fetch 2.x depends on a version of the whatwg-url module from 2017 that contains the new Buffer() usage. However, not only has whatwg-url since then removed their usage of new Buffer() but node-fetch versions post-2.x don't even depend on whatwg-url anymore.

So I guess what needs to happen is @octokit/request should update their dependency on node-fetch.

@mscdex
Copy link

mscdex commented Nov 12, 2021

Relevant PR: octokit/request.js#422

@github-actions
Copy link

This issue is stale because it has been open for 60 days with no activity. Remove the "Stale" label or comment on the issue, or it will be closed in 7 days.

@github-actions github-actions bot added the Stale label Jan 12, 2022
@github-actions
Copy link

This issue has been marked as stale and closed due to no activity on it.

@CumpsD CumpsD mentioned this issue Jan 28, 2022
Closed
1 task
@mscdex
Copy link

mscdex commented Jan 29, 2022

I'm not entirely sure, but after some digging today it seems that node-fetch v2.6.6 and newer should prefer node's built-in URL implementation over that of whatwg-url. So that should have fixed the deprecation message, unless some other dependency had a pinned node-fetch version prior to that, which satisfied @octokit/request's semver range so it picked up that older version instead of the latest node-fetch v2.x release.

@mscdex
Copy link

mscdex commented Jan 29, 2022

Actually it seems with the recent update of @octokit/request to v5.6.3 which bumped the node-fetch dependency to ^2.6.7, the deprecation message should no longer be happening.

@olivercodes olivercodes mentioned this issue Aug 11, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mscdex @bryantson