toolkit
toolkit copied to clipboard
actions
getArtifact function using deprecated (due to security and usability issues) buffer function
Describe the bug Receive a deprecation warning when using downloading an artifact
To Reproduce Steps to reproduce the behavior:
- Use the the downloadArtifact functionality in a Github actions pipeline
- Note you get the following error
(node:1671) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead. (Use
node --trace-deprecation ...to show where the warning was created)
Code producing the warning
import * as artifact from '@actions/artifact';
.........
const response = await artifact.default.getArtifact(artifactName);
const artifactClient = artifact.default;
await artifactClient.downloadArtifact(response.artifact.id, {
path: downloadFolder,
});
Expected behavior Would not get the error. This error is due to the fact that @actions/artifact is depending on archiver 5.3.1 which in turn depends on archiver-utils 2.1.0 which use using the depreciated buffer call.
Screenshots
**Where produced **
- Github Actions Agent: ubuntu-latest
- Node version: Default version installed on ubuntu-latest
Additional context Updating to a new version (3.0.0 or above) would address this issue. The fix/update to this was already released for archiver-utils.
To finish the amazing investigation, and give actionable steps for this project:
https://github.com/actions/toolkit/blob/5430c5d84832076372990c7c27f900878ff66dc9/packages/artifact/package.json#L52
The above line needs to be updated from 5.3.1 to at least 6.0.0, which doesn't look like a big jump, as the only breaking change listed is dropping Node 10. 6.0.0 uses archiver-utils 3.0.0.
- (https://github.com/actions/toolkit/pull/1633 would eventually solve this, but there's no reason to wait for that.)
