Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🩹 Issue 17: fix deprecation warning #20

Merged
merged 2 commits into from
Dec 14, 2022
Merged

🩹 Issue 17: fix deprecation warning #20

merged 2 commits into from
Dec 14, 2022

Conversation

thomasmerz
Copy link
Contributor

Node.js 12 actions are deprecated.
For more information see:
https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

Please update the following actions to use Node.js 16: actions/checkout@v2
Using version v3, latest or master: actions/checkout#689

Please update the following actions to use Node.js 16: actions/setup-node@v2, actions/cache@v2
Using version v2.285.0, latest or master: actions/setup-node/pull/414 and actions/cache/pull/729

This PR fixes issue #17 👍🏼

   Node.js 12 actions are deprecated.
   For more information see:
   https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

   Please update the following actions to use Node.js 16: actions/checkout@v2
   Using version v3, latest or master: actions/checkout#689

   Please update the following actions to use Node.js 16: actions/setup-node@v2, actions/cache@v2
   Using version v2.285.0, latest or master: actions/setup-node/pull/414 and actions/cache/pull/729
Copy link
Owner

@inokawa inokawa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, using @master can cause security issue, but thank you for this PR!

@inokawa inokawa merged commit 4abaed6 into inokawa:main Dec 14, 2022
@thomasmerz thomasmerz deleted the issue_17 branch December 14, 2022 11:14
@thomasmerz
Copy link
Contributor Author

In my opinion, using @master can cause security issue, but thank you for this PR!

Someone (you?) has to make a tradeoff between security and staying current. In my decades of (linux) system administration I got less problems by staying current than by staying on fixed versions. Even security should be better when using "master", latest, current (call it what you want), because old security leaks will or might be fixed automatically very soon.

So what are your security concerns in detail using "master"? 🤔

@inokawa
Copy link
Owner

inokawa commented Dec 17, 2022

I thought I couldn't guarantee that the master is always safe especially for this repo, so choose tagged version.
However keeping using older version is surely a risk for all...

I'm not an expert for it and I'm not sure which is suitable for this kind of gist repo, but I should choose using master if I couldn't maintain this repo well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants