Dependency urlsafe-base64 uses Buffer unsafely
wmaltmann opened this issue · comments
NOTE: Please test in a least two browsers (i.e. Chrome and Firefox). This
helps with diagnosing problems quicker.
Setup
Please provide the following details, the more info you can provide the
better.
Operating System: AWS Lambda | Windows
Node Version: 18.10.0
web-push Version: 3.6.2
http-ece Version: 1.1.0
Please select any browsers that you are experiencing problems with:
- Chrome
- Firefox
- Opera for Android
- Samsung Internet Browser
- Other - Edge
Please list the browsers you are have tested this, including the version
of the browser (i.e. Chrome Beta, Firefox Beta etc).
Problem
When calling web-push sendNotification in Node18 I see the following console error:
ERROR (node:14) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
at showFlaggedDeprecation (node:buffer:195:11)
at new Buffer (node:buffer:279:3)
at Object.decode (/var/task/index.js:490:68353)
at Object.validatePublicKey (/var/task/index.js:493:8952)
at sendNotification (/var/task/index.js:497:4174)
...
There is a similar, fixed issue, (web-push-libs/web-push#785) that handled removing direct calls to urlSafe-base64. There is also a urlSafe-base64 call http-ece that causes the same issue. Workaround was to pull dependency code into my project and fix the call in http-ece.
Expected
No console errors
Features Used
- VAPID Support
- GCM API Key
- Sending with Payload
Example / Reproduce Case
Please provide a code sample that reproduces the issue. If there is a
repository that reproduces the issue please put the link here.
import webpush from "web-push";
webpush.sendNotification(subscription, payload);
Once this issues is fixed, web-push-libs/web-push#848 can pull in the updated dependency.
Hello, I've opened a PR to fix this: #69, would appreciate any feedback or comments.