Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix deps and buffer #64

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Conversation

onury
Copy link

@onury onury commented Jul 22, 2019

onury added 3 commits July 22, 2019 14:09
Fixes warning: `(node:3640) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.`
@onury
Copy link
Author

onury commented Jul 22, 2019

Travis builds for Node version >= 6 pass. Other lower versions fail.

I suggest a major release that drops support for these older versions (below v6). This removes vulnerabilities and fixes deprecated code use. IMO, this is critical for an SDK that handles sensitive operations such as credit-card payments.

You can still provide iyzipay-node v2.0.34 release for users needing support for old Node versions.

@ogulcantumdogan
Copy link

This seems really important. Are there Iyzico devs alive to merge this PR? It's really disappointing for a payment service to leave these security issues unadressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Use Buffer.from() instead of new Buffer() Update request dependency
2 participants