Use of Uninitialized Resource in yauzl

Summary

The package `yauzl` before version 2.9.2 uses the deprecated `new Buffer()` constructor, which can allocate uninitialized memory. This uninitialized memory may contain potentially sensitive data from previous processes that can end up being leaked if not handled properly. This issue is only relevant when using Node.js versions prior to 5.10.0, as safer alternatives like `Buffer.alloc()` and `Buffer.from()` were introduced starting from that version.