Fix Node DEP0005 deprecation warning from formidable's Buffer() usage#43
Open
MrWhitee4 wants to merge 2 commits into
Open
Fix Node DEP0005 deprecation warning from formidable's Buffer() usage#43MrWhitee4 wants to merge 2 commits into
MrWhitee4 wants to merge 2 commits into
Conversation
The bundled formidable 1.2.2 (via koa-body 4) still uses the deprecated Buffer() constructor in MultipartParser.initWithBoundary and the base64 part decoder, so Node logs DEP0005 on every screenshot upload. formidable 1.x never moved to the safe Buffer APIs, and the versions that did (formidable 2/3) need koa-body 5/6 and webpack 5, which FiveM's webpack-4 builder cannot compile. So the fix stays on formidable 1.x and patches the four calls through patch-package, reapplied on postinstall: - new Buffer(n) -> Buffer.alloc(n) (boundary, lookbehind) - new Buffer(str,'base64') -> Buffer.from(...) (base64 decode, x2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Every multipart screenshot upload (
POST /upload/:token) triggers Node'sDEP0005deprecation warning:The deprecated
Buffer()constructor is called inside the bundledformidable@1.2.2(pulled in bykoa-body@4), in two places:MultipartParser.initWithBoundary—new Buffer(str.length + 4)andnew Buffer(this.boundary.length + 8)new Buffer(str, 'base64')(×2)On a busy server this spams the console, and the number form of
Buffer()also allocates uninitialized memory.
Why not just bump the dependency
formidable 1.x never adopted the safe Buffer APIs. The versions that did
(formidable 2/3) are only reachable via koa-body 5/6, which require webpack 5.
Since this resource is built by FiveM's bundled webpack (4.x) via
dependency 'webpack', a dependency upgrade breaks the build: webpack 4can't parse formidable 2's BigInt code (via
cuid2), and webpack-5-onlyconfig options are rejected by the webpack 4 schema. So the fix stays on
formidable 1.x.
Fix
Patch formidable's four
Buffer()calls viapatch-package, reapplied onpostinstallso the webpack bundle always builds clean:new Buffer(n)→Buffer.alloc(n)(boundary + lookbehind)new Buffer(str, 'base64')→Buffer.from(str, 'base64')(×2)Changes
patches/formidable+1.2.2.patch— the four replacementspackage.json— addpatch-package+postinstall-postinstalldevDeps anda
postinstallscript.gitattributes— keep the patch LF-normalized across platformsBehavior
No runtime change. The boundary buffer is fully overwritten before it is read,
and the base64 calls take string input (never the uninitialized-number form),
so
Buffer.alloc/Buffer.fromare drop-in replacements. Verified by runningrepeated screenshot uploads: every upload succeeded, files wrote to disk, and
the
DEP0005line no longer appears.