-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v8.deserialize triggers Buffer constructor deprecation warning #21181
Comments
@nodejs/v8 @nodejs/buffer |
@Conduitry line to be blamed for this: Line 189 in c9d9bf1
/cc @nodejs/buffer @ChALkeR do we break character and hide the warning? I hope not. There's got to be a way to achieve the same functionality without using the |
Like this? :) diff --git a/lib/v8.js b/lib/v8.js
index ed93b094ca78..0d9ffc6033ce 100644
--- a/lib/v8.js
+++ b/lib/v8.js
@@ -144,5 +144,5 @@ const arrayBufferViewTypeToIndex = new Map();
}
-const bufferConstructorIndex = arrayBufferViewTypes.push(Buffer) - 1;
+const bufferConstructorIndex = arrayBufferViewTypes.push(FastBuffer) - 1;
class DefaultSerializer extends Serializer { |
@addaleax we have a drop-in, secure replacement for |
@ryzokuken It’s not really drop-in because it only takes |
Exactly. The arguments are literally being passed into an |
Replace the Buffer constructor with a FastBuffer in v8.deserialize in order to avoid calling the Buffer constructor and thus triggering a deprecation warning from code inside the core. Fixes: nodejs#21181
Replace the Buffer constructor with a FastBuffer in v8.deserialize in order to avoid calling the Buffer constructor and thus triggering a deprecation warning from code inside the core. Fixes: #21181 PR-URL: #21196 Fixes: #21181 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This looks good now in 10.5.0 👍 |
Deserializing a representation of an expression that contained a
Buffer
displays(node:15176) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
Reproduce with
v8.deserialize(v8.serialize(Buffer.alloc(0)))
.It looks like
DefaultDeserializer ._readHostObject()
needs a special case for buffers.The text was updated successfully, but these errors were encountered: