Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(napi): Fix buffer corruption and soundness issues

* test: fix tests to conform to buffer API

…1926)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [npm-run-all](https://togithub.com/mysticatea/npm-run-all) | devDependencies | replacement | [`^4.1.5` -> `^5.0.0`](https://renovatebot.com/diffs/npm/npm-run-all/4.1.5/) |

This is a special PR that replaces `npm-run-all` with the community suggested minimal stable replacement version.

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/napi-rs/napi-rs).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [yarn](https://togithub.com/yarnpkg/berry) ([source](https://togithub.com/yarnpkg/berry/tree/HEAD/packages/yarnpkg-cli)) | [`4.0.2` -> `4.1.0`](https://renovatebot.com/diffs/npm/yarn/4.0.2/4.1.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/yarn/4.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/yarn/4.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/yarn/4.0.2/4.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/yarn/4.0.2/4.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>yarnpkg/berry (yarn)</summary>

### [`v4.1.0`](https://togithub.com/yarnpkg/berry/blob/HEAD/CHANGELOG.md#410)

[Compare Source](https://togithub.com/yarnpkg/berry/compare/a64075561a6476aa79d0fa1012ecf6b1633a88f2...52909a5e0d2fe72245957870bcd654218d93ef72)

-   Tweaks `-,--verbose` in `yarn workspaces foreach`; `-v` will now only print the prefixes, `-vv` will be necessary to also print the timings.

-   Adds a new `--json` option to `yarn run` when called without script name

-   Fixes `node-modules` linker `link:` dependencies mistreatment as inner workspaces, when they point to a parent folder of a workspace

-   Fixes spurious "No candidates found" errors

-   Fixes missing executable permissions when using `nodeLinker: pnpm`

-   Fixes packages being incorrectly flagged as optional

-   Fixes cache key corruptions due to uncontrolled git merges

-   Fixes `yarn version apply --all --dry-run` making unexpected changes

-   Fixes `yarn npm login` when the remote registry is Verdaccio

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/napi-rs/napi-rs).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/napi-rs/napi-rs).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

…1934)

Hi 👋🏻, Alberto from @prisma here.
We are users of the `serde-json` feature in [https://github.com/prisma/prisma-engines](https://github.com/prisma/prisma-engines/blob/23fdc5965b1e05fc54e5f26ed3de66776b93de64/Cargo.toml#L55-L60).

## The Problem

While investigating a [user-reported Prisma issue](prisma/prisma#22294), we noticed that napi.rs treats `null` values in `Object` like `undefined` ones.

However, `null` and `undefined` are semantically different in JavaScript:
- `undefined` indicates that a value is not set
- `null` indicates that a value has been explicitly set

This PR, which we tested internally, fixes the user's issue on Prisma, and hopefully provides value to the `napi-rs` project as a whole.

## Scenario

Consider [this scenario](https://github.com/prisma/prisma-engines/blob/dcb8cb9817af92fefaf0f95117dfb5dc19545a2c/query-engine/driver-adapters/src/napi/result.rs#L32-L33), effectively equivalent to:

```rust
let napi_env: napi::sys::napi_env = /* ... */;

let value: JsUnknown = object.get_named_property("value")?;

// napi.rs implements the `FromNapiValue` trait for `serde_json` if
// the `serde_json` feature is enabled (which we use already).
let json = serde_json::Value::from_napi_value(napi_env, value.raw())?;

Ok(Self::Ok(json.into()));
```

By looking at `napi.rs`' [`serde.rs` source file](https://github.com/napi-rs/napi-rs/blob/napi%402.12.4/crates/napi/src/bindgen_runtime/js_values/serde.rs), we [can see](https://github.com/napi-rs/napi-rs/blob/napi%402.12.4/crates/napi/src/bindgen_runtime/js_values/serde.rs#L104-L108) that "JSON subobjects" (`Map<String, serde_json::Value>`) are populated only if the value returned by `JsObject::get` is not `None`.

This implies that, given `napi-rs`'  [`Object::get` definition](https://github.com/napi-rs/napi-rs/blob/napi%402.12.4/crates/napi/src/bindgen_runtime/js_values/object.rs#L24-L44), `Object::get("key")` returns `None` both when the original object is

```js
{
  // "key" is `undefined`
}
```

and when the object is

```js
{
  "key": null
}
```

It just so happens that `prisma-engines` explicitly set a few `null` values explicitly for the features it offers, but these values are stripped away when we use the [napi-flavoured Prisma Query Engine](https://github.com/prisma/prisma-engines/tree/main/query-engine/query-engine-node-api).

---

I am available for further comments, clarifications, and refactorings. Have a good day!

- napi@2.15.1