search

gadicc / node-yahoo-finance2

Unofficial API for Yahoo Finance
https://www.npmjs.com/package/yahoo-finance2
MIT License
373 stars 62 forks source link

Deprecate punycode #754

Open simoneb opened 6 months ago

simoneb commented 6 months ago

Feature Request

Wanted Feature

Not exactly a feature, but it didn't feel like a bug either. Punycode bundled with Node.js is deprecated, and the recommendation is to switch to a user-land module: https://github.com/mathiasbynens/punycode.js

(node:13300) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.

Use Cases

Simply avoiding the deprecation warning in the terminal

gadicc commented 6 months ago

Hey @simoneb, thanks for the report and getting this on our radar.

Unfortunately this is a little more complicated than it appears, as we don't use punycode directly in the project, it's being used by one of our dependencies (or their dependencies, etc). So we'd have to find it and address with relevant project.

I think it might be used in ajv which is a little more complicated, and we're a bit out of date with that package as more recent versions broke for us, and I ran out of time to find the exact issue and report upstream.

In any event, thanks for bringing this to our attention :pray:

simoneb commented 6 months ago

No worries, if it's of any help, a quick grep on the codebase reveals that it's being used by these packages:

And why those are being used can be revealed by running npm why {package}.

I suspect that it might be simpler than expectd to migrate away.

simoneb commented 6 months ago

A little more research reveals that recent versionf of the first 2 should already be good to go, wherease psl remains as the one that needs to migrate away from punycode, but the package hasn't had activity in a relatively long time. I wonder if there's any way that you can get away without using it in the first place.

gadicc commented 6 months ago

Hey again @simoneb; thanks for all your time and research here :pray:

Ok that sounds really positive. psl is used by tough-cookie. We're using their latest stable release of that (v4.1.3) but looking at their repo, they have an rc1 out (for v5.0) which no longer includes psl and uses punycode directly instead. So I think as soon as that is formally released, we could completely remove any (indirect) dependency we have on the deprecated built-in punycode, and get rid of the warning.

Thanks again for raising the issue!