toolkit icon indicating copy to clipboard operation
toolkit copied to clipboard

Published 20 hours ago verified publisher icon actions

Upgrade uuid

Open daveisfera opened this issue 2 years ago • 3 comments
trafficstars

Fixes #925

daveisfera avatar Oct 25 '23 18:10 daveisfera

Bump to this 👀

peterdeme avatar Nov 16 '23 19:11 peterdeme

Yarn v4 was released on October 22nd, and yarn npm audit --all --recursive doesn't pass on packages such as @actions/cache that depend on deprecated packages like uuid v6 and earlier.

└─ uuid
   ├─ ID: uuid (deprecation)
   ├─ Issue: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
   ├─ Severity: moderate
   ├─ Vulnerable Versions: 3.4.0
   │ 
   ├─ Tree Versions
   │  └─ 3.4.0
   │ 
   └─ Dependents
      └─ @actions/cache@npm:3.2.2

Kurt-von-Laven avatar Nov 20 '23 05:11 Kurt-von-Laven

can we not just use randomUUID from webcrypto? GH Actions anyway use node 20: https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID

shyim avatar Jan 14 '24 17:01 shyim

Replaced by #1824

joshmgross avatar Oct 02 '24 18:10 joshmgross