Reliance on BinaryFormatter breaks module with PowerShell 7.4.0-preview.4

[andyleejordan]

When using this module with PowerShell 7.4.0-preview.4, it breaks like this:

DeepCopy-Object: C:\Users\andschwa\Documents\PowerShell\Modules\PowerShellForGitHub\0.16.1\GitHubCore.ps1:1043:18
Line |
1043 |          $clone = DeepCopy-Object -InputObject $InputObject
     |                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling "Serialize" with "2" argument(s): "BinaryFormatter serialization and deserialization are    
     | disabled within this application. See
https://aka.ms/binaryformatter
for more information."

Related to https://github.com/PowerShell/PowerShell/issues/19878, the BinaryFormatter is insecure and is being removed from .NET (and PowerShell).

[andyleejordan]

Hey @HowardWolosky, this will result in PowerShellForGitHub to be completely broken with the upcoming release of PowerShell 7.4.

[HowardWolosky]

Hey @HowardWolosky, this will result in PowerShellForGitHub to be completely broken with the upcoming release of PowerShell 7.4.

Thanks for the heads-up. I'm certainly open to suggestions on alternative approaches to achieving the same result. It's used to reliably duplicate an object:

https://github.com/microsoft/PowerShellForGitHub/blob/482fe2331732a24ed779b140c3f38c8a156271e1/Helpers.ps1#L363-L405

[HowardWolosky]

I can do some testing to see if using JSON as an intermediary would achieve the same result. I vaguely remember trying to do so back in 2015 when I first wrote that method and had poor results.

[andyleejordan]

I'm likewise researching what the migration is supposed to be, I'll let you know if I uncover something!

[andyleejordan]

Supposedly JSON serialization/deserialization should work well enough via System.Text.Json. When used to serialize to a memory stream and from a memory stream, it should be very similar to existing code that uses BinaryFormatter.