Remove dependency on uuid package#1824
Merged
Merged
Conversation
This was referenced Sep 4, 2024
Closed
|
Are you going to be able to progress this PR soon? It looks like you are just waiting for your team to review. |
robherley
approved these changes
Oct 1, 2024
luketomlinson
approved these changes
Oct 2, 2024
zemnmez-renovate-bot
added a commit
to zemn-me/monorepo
that referenced
this pull request
Oct 2, 2024
##### [`v1.11.0](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1110) - Remove dependency on `uuid` package [#1824](actions/toolkit#1824)
github-merge-queue Bot
pushed a commit
to zemn-me/monorepo
that referenced
this pull request
Oct 2, 2024
##### [`v1.11.0](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1110) - Remove dependency on `uuid` package [#1824](actions/toolkit#1824)
|
As the crypto global package is being used without an import/require statement, if the client is using a node version < 19 (when crypto became a global package in node.js https://nodejs.org/api/globals.html#crypto_1) the action that uses the toolkit will fail with a |
|
This seems to have caused #1841 |
|
Just to be sure, are you (or somebody else) going to release a new version of Edit: removed misleading screenshot of @actions/cache@3.2.4 |
Contributor
Author
|
@MikeMcC399 yes I'm planning to upgrade the packages that depend on It's worth noting that |
Thanks for the confirmation! Looking forward to new releases which no longer depend on a deprecated version of |
This was referenced Oct 21, 2024
Closed
Closed
Contributor
|
When do you intend to release a version of |
Contributor
Author
chhe
pushed a commit
to chhe/act_runner
that referenced
this pull request
May 1, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@actions/core](https://github.com/actions/toolkit/tree/main/packages/core) ([source](https://github.com/actions/toolkit/tree/HEAD/packages/core)) | [`1.10.0` → `1.11.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.0/1.11.1) |  |  | --- ### Release Notes <details> <summary>actions/toolkit (@​actions/core)</summary> ### [`v1.11.1`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1111) - Fix uses of `crypto.randomUUID` on Node 18 and earlier [#​1842](actions/toolkit#1842) ##### 1.11.0 - Add platform info utilities [#​1551](actions/toolkit#1551) - Remove dependency on `uuid` package [#​1824](actions/toolkit#1824) ##### 1.10.1 - Fix error message reference in oidc utils [#​1511](actions/toolkit#1511) ##### 1.10.0 - `saveState` and `setOutput` now use environment files if available [#​1178](actions/toolkit#1178) - `getMultilineInput` now correctly trims whitespace by default [#​1185](actions/toolkit#1185) ##### 1.9.1 - Randomize delimiter when calling `core.exportVariable` ##### 1.9.0 - Added `toPosixPath`, `toWin32Path` and `toPlatformPath` utilities [#​1102](actions/toolkit#1102) ##### 1.8.2 - Update to v2.0.1 of `@actions/http-client` [#​1087](actions/toolkit#1087) ##### 1.8.1 - Update to v2.0.0 of `@actions/http-client` ##### 1.8.0 - Deprecate `markdownSummary` extension export in favor of `summary` - [#​1072](actions/toolkit#1072) - [#​1073](actions/toolkit#1073) ##### 1.7.0 - [Added `markdownSummary` extension](actions/toolkit#1014) ##### 1.6.0 - [Added OIDC Client function `getIDToken`](actions/toolkit#919) - [Added `file` parameter to `AnnotationProperties`](actions/toolkit#896) ##### 1.5.0 - [Added support for notice annotations and more annotation fields](actions/toolkit#855) ##### 1.4.0 - [Added the `getMultilineInput` function](actions/toolkit#829) ##### 1.3.0 - [Added the trimWhitespace option to getInput](actions/toolkit#802) - [Added the getBooleanInput function](actions/toolkit#725) ##### 1.2.7 - [Prepend newline for set-output](actions/toolkit#772) ##### 1.2.6 - [Update `exportVariable` and `addPath` to use environment files](actions/toolkit#571) ##### 1.2.5 - [Correctly bundle License File with package](actions/toolkit#548) ##### 1.2.4 - [Be more lenient in accepting non-string command inputs](actions/toolkit#405) - [Add Echo commands](actions/toolkit#411) ##### 1.2.3 - [IsDebug logging](README.md#logging) ##### 1.2.2 - [Fix escaping for runner commands](actions/toolkit#302) ##### 1.2.1 - [Remove trailing comma from commands](actions/toolkit#263) - [Add "types" to package.json](actions/toolkit#221) ##### 1.2.0 - saveState and getState functions for wrapper tasks (on finally entry points that run post job) ##### 1.1.3 - setSecret added to register a secret with the runner to be masked from the logs - exportSecret which was not implemented and never worked was removed after clarification from product. ##### 1.1.1 - Add support for action input variables with multiple spaces [#​127](actions/toolkit#127) - Switched ## commands to :: commands (should have no noticeable impact) \[[#​110](https://github.com/actions/toolkit/issues/110))([#​110](https://github.com/actions/toolkit/pull/110)) ##### 1.1.0 - Added helpers for `group` and `endgroup` [#​98](actions/toolkit#98) ##### 1.0.0 - Initial release ### [`v1.11.0`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1110) - Add platform info utilities [#​1551](actions/toolkit#1551) - Remove dependency on `uuid` package [#​1824](actions/toolkit#1824) ### [`v1.10.1`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1101) - Fix error message reference in oidc utils [#​1511](actions/toolkit#1511) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/880 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A common pattern in the toolkit is to create temporary file or directory within the existing temp directory using a random UUID.
Versions of the
uuidpackage belowv7are deprecated, so we shouldn't depend on them. Additionally, Node has a built-incrypto.randomUUID()method that can be used to generate UUIDs without the need for an external package. This function was introduced in versions of Node 14 and 15, so we should be safe to use it for actions that depend on both Node 16 and 20 (which are our only supported versions at this time).I also went ahead and updated
@actions/core, even though it was using a non-deprecated version of theuuidpackage.Since these use cases is purely for temporary files, I don't think we strictly need a cryptographically secure UUID but that's an added bonus of using the built-in Node function.
Packages shouldn't be depending on the exact format of this temp file/directory, but even if they were this should be a compatible as we're still generating a version 4 UUID
There are a couple other packages within the toolkit that have an indirect dependency on
uuidthrough@actions/core, those can be updated as well once we release this new version of@actions/core.