Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Message "DeprecationWarning: Buffer() is deprecated due to security and usability issues" when running createComment

See original GitHub issue

Describe the bug I am getting the following message printing out in the Actions log when I run “github.rest.issues.createComment”.

(node:1609) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

I noticed that this also happens for some other comamnds

To Reproduce Steps to reproduce the behavior:

Create a GitHub Action with `github.rest.issues.createComment({ … })
Go to ‘Actions’ tab and run the command
Click on the Action
Discover that the following message is printed out in the step

Expected behavior I don’t expect to see a message like that, as that actually portraits that the Action does not follow a safe guideline.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem here.

Issue Analytics

State:
Created 2 years ago
Reactions:31
Comments:6

Top GitHub Comments

5reactions

mscdexcommented, Nov 12, 2021

I recently saw this and after a bit of digging the situation is currently this:

github-script 5.0.0 depends on @octokit/core ^3.5.1
@octokit/core 3.5.1 depends on @octokit/request ^5.6.0
@octokit/request 5.6.2 depends on node-fetch ^2.6.1

This is the point where things break down. Basically the last node-fetch 2.x depends on a version of the whatwg-url module from 2017 that contains the new Buffer() usage. However, not only has whatwg-url since then removed their usage of new Buffer() but node-fetch versions post-2.x don’t even depend on whatwg-url anymore.

So I guess what needs to happen is @octokit/request should update their dependency on node-fetch.

2reactions

mscdexcommented, Jan 29, 2022

Actually it seems with the recent update of @octokit/request to v5.6.3 which bumped the node-fetch dependency to ^2.6.7, the deprecation message should no longer be happening.

Top Results From Across the Web

Buffer() is deprecated due to security and usability issues ...

According to the deprecation warning new Buffer() should be replaced with one of: Buffer.alloc(); Buffer.allocUnsafe() or; Buffer.from().

DeprecationWarning - Seed.run

You might see one of the following error messages, or something similar ... DeprecationWarning: Buffer() is deprecated due to security and usability issues....

[DEP0005] DeprecationWarning: Buffer() is deprecated due to ...

The message appears : (STDERR) (node:24329) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues.

Next.js - Richiban

(node:22980) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), ...

CHANGELOG.txt 3.3.604.0 - PowerShell Gallery

You can then easily drill into specific issues with CloudWatch Automatic Dashboards ... The Test-ETSRole cmdlet now emits a deprecation warning, due to...