iyzipay-node icon indicating copy to clipboard operation
iyzipay-node copied to clipboard

Published 20 hours ago verified publisher icon iyzico

Fix deps and buffer

Open onury opened this issue 5 years ago • 2 comments

  • Updated request (production) dependency to latest version. Fixes #62
  • Updated devDependencies to their latest (major) versions. Tests pass.
  • Fixed new Buffer() warning. Fixes #63
  • Created package-lock.json

onury avatar Jul 22 '19 11:07 onury

Travis builds for Node version >= 6 pass. Other lower versions fail.

I suggest a major release that drops support for these older versions (below v6). This removes vulnerabilities and fixes deprecated code use. IMO, this is critical for an SDK that handles sensitive operations such as credit-card payments.

You can still provide iyzipay-node v2.0.34 release for users needing support for old Node versions.

onury avatar Jul 22 '19 11:07 onury

This seems really important. Are there Iyzico devs alive to merge this PR? It's really disappointing for a payment service to leave these security issues unadressed.

ogulcantumdogan avatar Dec 28 '20 21:12 ogulcantumdogan