You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by GitBox <gi...@apache.org> on 2022/06/21 06:24:24 UTC

[GitHub] [tez] amanraj2520 commented on pull request #227: [TEZ-4426][CVE-2018-1000620] Upgrade cryptiles from 2.0.5 to 4.1.2

amanraj2520 commented on PR #227:
URL: https://github.com/apache/tez/pull/227#issuecomment-1161315636

   The version of node that cryptiles 4.1.2 needs is >= 8.9.0 but we cannot use the current LTS version of node since the build is throwing the following error:
   
   (node:9989) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
   $ TMPDIR=tmp node/node ./node_modules/ember-cli/bin/ember build -prod
   ember[10004]: ../src/node_contextify.cc:627:static void node::contextify::ContextifyScript::New(const v8::FunctionCallbackInfo<v8::Value>&): Assertion `args[1]->IsString()' failed.
   
   **If we want to fix this error, we need to fix all the occurences of new Buffer(string) with Buffer.alloc(), which can be a huge change.**
   
   **### Also the max version of node in which the build works perfectly is 9.11.2**
   
   **So to summarize if we want to upgrade to cryptiles to 4.1.2 without any code changes related to Buffer, we need to use nodeVersion >=8.9.0 and nodeVersion<=9.11.2. That's why I have used version 8.9.0 for now.**


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@tez.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org