Azure DevOps扩展中的节点密码警告-发布任务 [英] Node Cipheriv Warning in Azure DevOps Extension - Release Task

问题描述

我正在开发一个项目，以开发Azure DevOps发布任务扩展.最近，当发布任务运行时，我在日志中多次打印此警告消息-警告:将Cipheriv用于aes-256-ctr的计数器模式".

I am working on a project to develop an Azure DevOps release task extension. Recently, I am getting this warning message printed multiple times in the logs when the release task runs- "Warning: Use Cipheriv for counter mode of aes-256-ctr".

我没有早点得到它.当我开始出现此错误时，我只更改了一些console.log(..)，甚至没有更改任何可能触发此错误的代码. (可能是一些npm依赖项更新！)

I was not getting it earlier. And the time when I started getting this error, I only changed some console.log(..), and not even any code that could possibly trigger this error. (Might be some npm dependency updates!)

关于我为什么会收到此错误以及如何解决该错误的任何想法！如果没有，如何禁用它?

Any idea regarding why am I getting this error, and how to fix it! If not, how to disable it?

P.S. -我知道这个问题已经被提出，可能被归类为重复.但是我要问的是在Azure DevOps发布任务的上下文中，其他任务是独立的node.js项目.而且，这些修复对我不起作用.

P.S. - I know this question has been asked and could probably be categorized as duplicate. But I am asking in the context of Azure DevOps release tasks, others are independent node.js projects. And, those fixes didn't work for me.

推荐答案

这与Azure-Pipelines-Task-Lib和Azure-Pipelines-agent相关，并且不在您的控制范围之内.该问题应该在那些项目或其依赖项中得到解决.

This is related to the Azure-Pipelines-Task-Lib and the Azure-Pipelines-agent and outside of your control. The problem should be fixed in those projects or their dependencies.

由于这些都随代理安装程序和任务一起提供，因此这不受您的直接控制.

Since these all ship with the agent installer and the tasks themselves, this is not directly under your control.

这很可能是由于代理对节点6的依赖性所致.正在进行在代理上支持节点10 LTS的工作(节点10现在在代理安装程序中并排提供).

This is likely caused by the dependency of the Agent on Node 6. There is work in progress to support Node 10 LTS on the agent (Node 10 now ships side-by-side in the agent installer).

Azure-Pipelines-代理在这里调用了错误的方法.

    let encryptKey = crypto.randomBytes(256);
    let cipher = crypto.createCipher("aes-256-ctr", encryptKey);
    let encryptedContent = cipher.update(secret, "utf8", "hex");
    encryptedContent += cipher.final("hex");

据我所知，

在节点8或更高版本上运行时应调用crypto.createCipheriv()而不是crypto.createCipher(). Azure-Pipelines-Task-Lib似乎可以依靠同一段代码.

As far as I can tell it should call crypto.createCipheriv() instead of crypto.createCipher() when running on Node 8 or higher. The Azure-Pipelines-Task-Lib seems to rely on the same piece of code.

它看起来像2.8. Azure-Pipelines-Task-Lib中的0个可解决此问题.现在在npm上，因此请升级以使这些警告消失.

It looks like 2.8.0 of the Azure-Pipelines-Task-Lib fixes this. It's on npm now, so upgrade to make these warnings disappear.

这篇关于Azure DevOps扩展中的节点密码警告-发布任务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！