Version 1.4.1 still gives Node16 warning

[richb-hanover]

I'm feeling dopey: I changed a project (https://github.com/richb-hanover/prql/blob/main/.github/workflows/nightly.yaml) to use rustsec/audit-check@v1.4.1. I did this to get away from the "Node16" warning from my previous action.

But I'm still getting this warning:

cargo-audit
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: rustsec/audit-check@v1.4.1. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

What am I missing? Thanks

PS @clechasseur - any thoughts on this? I see you made the PR to update to Node20... Thanks again.

[clechasseur]

It seems my PR was merged but no new releases were published - they'd need to do a new release.

[richb-hanover]

That problem bit me as well. I couldn't figure out how to update a Github Action of my own...

Would you give me a hint about how to "publish a new release" on a Github Action? Many thanks

[richb-hanover]

I think I answered my own question: Is this the documentation? https://docs.github.com/en/actions/creating-actions/publishing-actions-in-github-marketplace

[richb-hanover]

Would it be possible to publish the latest action? Many thanks.

[tarcieri]

Sorry, yes I need to do that and I'm not really familiar with how

[richb-hanover]

I don't know either. So I asked a question at: https://github.com/orgs/community/discussions/129097

I'll let you know if I hear something...

[richb-hanover]

Here's what I know: I got an answer about publishing an update at https://github.com/orgs/community/discussions/129097#discussioncomment-9821029

The answer for my repo is that there's a .github/workflow/ci.yml file that runs when there's a commit/push. (My repo is currently failing because of ancient npm depencency conflicts.)

I don't see any problems for the Actions in this repo. Perhaps @clechasseur could weigh in - he created the PR for Node20... Thanks!

[clechasseur]

I don't see any problems for the Actions in this repo. Perhaps @clechasseur could weigh in - he created the PR for Node20... Thanks!

To do a new release, this is what I suggest:

1. Checkout latest main branch
2. Update the version number in package.json
3. Run npm install
4. Run npm run refresh; this should update the file in the dist/ folder
5. Commit all changes and push them
6. Create a new release the usual way (perhaps a version 2.0, since changing the Node version is technically a breaking change)

As an aside: before releasing a new version, I suggest merging my latest PR (see #23); it fixes a high-severity vulnerability in the braces library which is a dependency.

[azriel91]

@tarcieri Heya, would you be able to find time to do the above?

I'm also curious to find out if my repos would automatically pick a compatible version up -- I updated a lot of them (by hand 🫠) to depend on 1.4.1, and hopefully they just pick up a 1.4.2 without needing to be told

[tarcieri]

I'll see if I can look soon

[tarcieri]

Failed on npm install:

npm error code E401
npm error 401 Unauthorized - GET https://npm.pkg.github.com/download/@clechasseur/rs-actions-core/3.0.5/b35ae1eb71c59dd75c7db9ecccba1bd7f3a2fc99 - authentication token not provided

(I've done npm login, FWIW)

npm v10.7.0

[clechasseur]

Failed on npm install:

npm error code E401
npm error 401 Unauthorized - GET https://npm.pkg.github.com/download/@clechasseur/rs-actions-core/3.0.5/b35ae1eb71c59dd75c7db9ecccba1bd7f3a2fc99 - authentication token not provided

(I've done npm login, FWIW)

npm v10.7.0

Strange, as the package should be public. Did you authenticate with just npm login? The instructions to use the GitHub package registry mention that you need to do this:

npm login --scope=@NAMESPACE --auth-type=legacy --registry=https://npm.pkg.github.com

Here, @NAMESPACE should be @clechasseur.

I thought you didn't need this to simply read packages, however...

[tarcieri]

I wasn't able to login at all with that. I attempted to use my GitHub credentials, and got the following:

npm error code E403
npm error 403 403 Forbidden - PUT https://npm.pkg.github.com/-/user/org.couchdb.user:tarcieri - Permission denied
npm error 403 In most cases, you or one of your dependencies are requesting
npm error 403 a package version that is forbidden by your security policy, or
npm error 403 on a server you do not have access to.