fix: update @actions/artifact to fix Node.js 24 punycode deprecation#451
Merged
fix: update @actions/artifact to fix Node.js 24 punycode deprecation#451
Conversation
This branch uses a local file reference to @actions/artifact which includes the updated @azure/storage-blob ^12.29.1 to fix the punycode deprecation warning on Node.js 24. This is a test branch - do not merge until @actions/artifact@5.0.1 is published.
Updates @actions/artifact dependency to use the published npm version which includes @azure/storage-blob ^12.29.1 that fixes the punycode deprecation warning on Node.js 24.
yacaovsnc
approved these changes
Dec 12, 2025
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates @actions/artifact from version 5.0.0 to 5.0.1 to resolve the Node.js 24 punycode deprecation warning by upgrading the @azure/storage-blob dependency from ^12.15.0 to ^12.29.1. This update also removes the deprecated @azure/core-http package and cleans up numerous obsolete transitive dependencies, resulting in a more streamlined dependency tree.
Key Changes:
- Updated
@actions/artifactto version 5.0.1 with newer@azure/storage-blobdependency - Removed deprecated
@azure/core-httpand its associated dependencies - Deduplicated and consolidated Azure SDK dependencies to use common versions
Reviewed changes
Copilot reviewed 39 out of 43 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package-lock.json | Updated @actions/artifact to 5.0.1, upgraded @azure/storage-blob to ^12.29.1, removed deprecated @azure/core-http and obsolete transitive dependencies (node-fetch, form-data, xml2js, etc.), deduplicated @azure/abort-controller and @azure/core-tracing versions |
| dist/index.js | Rebuilt bundle reflecting dependency updates with updated module references and removal of deprecated code paths |
| .licenses/npm/*.dep.yml | Removed license files for deleted dependencies (node-fetch, form-data, xml2js, uuid, etc.) and updated/added licenses for consolidated dependencies (@azure/abort-controller, @azure/core-tracing) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
mergify Bot
added a commit
to ArcadeData/arcadedb
that referenced
this pull request
Dec 14, 2025
… ci] Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0. Release notes *Sourced from [actions/download-artifact's releases](https://github.com/actions/download-artifact/releases).* > v7.0.0 > ------ > > v7 - What's new > --------------- > > > [!IMPORTANT] > > actions/download-artifact@v7 now runs on Node.js 24 (`runs.using: node24`) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading. > > ### Node.js 24 > > This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24. > > What's Changed > -------------- > > * Update GHES guidance to include reference to Node 20 version by [`@patrikpolyak`](https://github.com/patrikpolyak) in [actions/download-artifact#440](https://redirect.github.com/actions/download-artifact/pull/440) > * Download Artifact Node24 support by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/download-artifact#415](https://redirect.github.com/actions/download-artifact/pull/415) > * fix: update `@actions/artifact` to fix Node.js 24 punycode deprecation by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/download-artifact#451](https://redirect.github.com/actions/download-artifact/pull/451) > * prepare release v7.0.0 for Node.js 24 support by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/download-artifact#452](https://redirect.github.com/actions/download-artifact/pull/452) > > New Contributors > ---------------- > > * [`@patrikpolyak`](https://github.com/patrikpolyak) made their first contribution in [actions/download-artifact#440](https://redirect.github.com/actions/download-artifact/pull/440) > * [`@salmanmkc`](https://github.com/salmanmkc) made their first contribution in [actions/download-artifact#415](https://redirect.github.com/actions/download-artifact/pull/415) > > **Full Changelog**: <actions/download-artifact@v6.0.0...v7.0.0> Commits * [`37930b1`](actions/download-artifact@37930b1) Merge pull request [#452](https://redirect.github.com/actions/download-artifact/issues/452) from actions/download-artifact-v7-release * [`72582b9`](actions/download-artifact@72582b9) doc: update readme * [`0d2ec9d`](actions/download-artifact@0d2ec9d) chore: release v7.0.0 for Node.js 24 support * [`fd7ae8f`](actions/download-artifact@fd7ae8f) Merge pull request [#451](https://redirect.github.com/actions/download-artifact/issues/451) from actions/fix-storage-blob * [`d484700`](actions/download-artifact@d484700) chore: restore minimatch.dep.yml license file * [`03a8080`](actions/download-artifact@03a8080) chore: remove obsolete dependency license files * [`56fe6d9`](actions/download-artifact@56fe6d9) chore: update `@actions/artifact` license file to 5.0.1 * [`8e3ebc4`](actions/download-artifact@8e3ebc4) chore: update package-lock.json with `@actions/artifact`[`@5`](https://github.com/5).0.1 * [`1e3c4b4`](actions/download-artifact@1e3c4b4) fix: update `@actions/artifact` to ^5.0.0 for Node.js 24 punycode fix * [`458627d`](actions/download-artifact@458627d) chore: use local `@actions/artifact` package for Node.js 24 testing * Additional commits viewable in [compare view](actions/download-artifact@018cc2c...37930b1) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
lfit-replication
pushed a commit
to lfit/releng-gerrit_to_platform
that referenced
this pull request
Jan 14, 2026
Bumps actions/download-artifact from 6.0.0 to 7.0.0. ## Release notes Sourced from actions/download-artifact's releases. v7.0.0 v7 - What's new [!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading. Node.js 24 This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24. What's Changed Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/download-artifact#440 Download Artifact Node24 support by @salmanmkc in actions/download-artifact#415 fix: update @actions/artifact to fix Node.js 24 punycode deprecation by @salmanmkc in actions/download-artifact#451 prepare release v7.0.0 for Node.js 24 support by @salmanmkc in actions/download-artifact#452 New Contributors @patrikpolyak made their first contribution in actions/download-artifact#440 @salmanmkc made their first contribution in actions/download-artifact#415 Full Changelog: actions/download-artifact@v6.0.0...v7.0.0 ## Commits 37930b1 Merge pull request #452 from actions/download-artifact-v7-release 72582b9 doc: update readme 0d2ec9d chore: release v7.0.0 for Node.js 24 support fd7ae8f Merge pull request #451 from actions/fix-storage-blob d484700 chore: restore minimatch.dep.yml license file 03a8080 chore: remove obsolete dependency license files 56fe6d9 chore: update @actions/artifact license file to 5.0.1 8e3ebc4 chore: update package-lock.json with @actions/artifact@5.0.1 1e3c4b4 fix: update @actions/artifact to ^5.0.0 for Node.js 24 punycode fix 458627d chore: use local @actions/artifact package for Node.js 24 testing Additional commits viewable in compare view  Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: lfit.gh2gerrit <releng+lfit-gh2gerrit@linuxfoundation.org> Change-Id: If3203b06393869c2c8b70ade669d468a25efcc97 GitHub-PR: #33 GitHub-Hash: 941495290b069787
mergify Bot
added a commit
to ArcadeData/arcadedb
that referenced
this pull request
Feb 2, 2026
… ci] Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.8 to 7.0.0. Release notes *Sourced from [actions/download-artifact's releases](https://github.com/actions/download-artifact/releases).* > v7.0.0 > ------ > > v7 - What's new > --------------- > > > [!IMPORTANT] > > actions/download-artifact@v7 now runs on Node.js 24 (`runs.using: node24`) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading. > > ### Node.js 24 > > This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24. > > What's Changed > -------------- > > * Update GHES guidance to include reference to Node 20 version by [`@patrikpolyak`](https://github.com/patrikpolyak) in [actions/download-artifact#440](https://redirect.github.com/actions/download-artifact/pull/440) > * Download Artifact Node24 support by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/download-artifact#415](https://redirect.github.com/actions/download-artifact/pull/415) > * fix: update `@actions/artifact` to fix Node.js 24 punycode deprecation by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/download-artifact#451](https://redirect.github.com/actions/download-artifact/pull/451) > * prepare release v7.0.0 for Node.js 24 support by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/download-artifact#452](https://redirect.github.com/actions/download-artifact/pull/452) > > New Contributors > ---------------- > > * [`@patrikpolyak`](https://github.com/patrikpolyak) made their first contribution in [actions/download-artifact#440](https://redirect.github.com/actions/download-artifact/pull/440) > * [`@salmanmkc`](https://github.com/salmanmkc) made their first contribution in [actions/download-artifact#415](https://redirect.github.com/actions/download-artifact/pull/415) > > **Full Changelog**: <actions/download-artifact@v6.0.0...v7.0.0> > > v6.0.0 > ------ > > What's Changed > -------------- > > **BREAKING CHANGE:** this update supports Node `v24.x`. This is not a breaking change per-se but we're treating it as such. > > * Update README for download-artifact v5 changes by [`@yacaovsnc`](https://github.com/yacaovsnc) in [actions/download-artifact#417](https://redirect.github.com/actions/download-artifact/pull/417) > * Update README with artifact extraction details by [`@yacaovsnc`](https://github.com/yacaovsnc) in [actions/download-artifact#424](https://redirect.github.com/actions/download-artifact/pull/424) > * Readme: spell out the first use of GHES by [`@danwkennedy`](https://github.com/danwkennedy) in [actions/download-artifact#431](https://redirect.github.com/actions/download-artifact/pull/431) > * Bump `@actions/artifact` to `v4.0.0` > * Prepare `v6.0.0` by [`@danwkennedy`](https://github.com/danwkennedy) in [actions/download-artifact#438](https://redirect.github.com/actions/download-artifact/pull/438) > > New Contributors > ---------------- > > * [`@danwkennedy`](https://github.com/danwkennedy) made their first contribution in [actions/download-artifact#431](https://redirect.github.com/actions/download-artifact/pull/431) > > **Full Changelog**: <actions/download-artifact@v5...v6.0.0> > > v5.0.0 > ------ > > What's Changed > -------------- > > * Update README.md by [`@nebuk89`](https://github.com/nebuk89) in [actions/download-artifact#407](https://redirect.github.com/actions/download-artifact/pull/407) > * BREAKING fix: inconsistent path behavior for single artifact downloads by ID by [`@GrantBirki`](https://github.com/GrantBirki) in [actions/download-artifact#416](https://redirect.github.com/actions/download-artifact/pull/416) > > v5.0.0 > ------ > > ### 🚨 Breaking Change > > This release fixes an inconsistency in path behavior for single artifact downloads by ID. **If you're downloading single artifacts by ID, the output path may change.** > > #### What Changed ... (truncated) Commits * [`37930b1`](actions/download-artifact@37930b1) Merge pull request [#452](https://redirect.github.com/actions/download-artifact/issues/452) from actions/download-artifact-v7-release * [`72582b9`](actions/download-artifact@72582b9) doc: update readme * [`0d2ec9d`](actions/download-artifact@0d2ec9d) chore: release v7.0.0 for Node.js 24 support * [`fd7ae8f`](actions/download-artifact@fd7ae8f) Merge pull request [#451](https://redirect.github.com/actions/download-artifact/issues/451) from actions/fix-storage-blob * [`d484700`](actions/download-artifact@d484700) chore: restore minimatch.dep.yml license file * [`03a8080`](actions/download-artifact@03a8080) chore: remove obsolete dependency license files * [`56fe6d9`](actions/download-artifact@56fe6d9) chore: update `@actions/artifact` license file to 5.0.1 * [`8e3ebc4`](actions/download-artifact@8e3ebc4) chore: update package-lock.json with `@actions/artifact`[`@5`](https://github.com/5).0.1 * [`1e3c4b4`](actions/download-artifact@1e3c4b4) fix: update `@actions/artifact` to ^5.0.0 for Node.js 24 punycode fix * [`458627d`](actions/download-artifact@458627d) chore: use local `@actions/artifact` package for Node.js 24 testing * Additional commits viewable in [compare view](actions/download-artifact@v4.1.8...37930b1) [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates the
@actions/artifactpackage to use@azure/storage-blob@^12.29.1which fixes the punycode deprecation warning when running on Node.js 24.Problem
When running on Node.js 24, the current version emits:
Solution
Updating
@azure/storage-blobto version^12.29.1which has resolved the punycode dependency issue.Related PRs
Testing
Note
This PR uses a local file reference for testing purposes. It should be updated to use the published
@actions/artifact@5.0.1once that version is released.