search

garycourt / uri-js

An RFC 3986 compliant, scheme extendable URI parsing/validating/normalizing/resolving library for JavaScript
Other
305 stars 69 forks source link

punycode is deprecated, remove dependency #94

Closed stheine closed 9 months ago

stheine commented 10 months ago

Recently I get a deprecation warning on application startup.

(node:1699815) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.

uri-js brings this dependency, so you should look at getting rid of it, please.

MikeMcC399 commented 10 months ago

Steps to reproduce

Install Node.js 21.1.0

$ node -v
v21.1.0

then execute:

mkdir uri-js-test
cd uri-js-test
git init
yarn init -y
yarn add uri-js

shows:

yarn add uri-js
yarn init v1.22.19
warning The yes flag has been set. This will automatically answer yes to all questions, which may have security implications.
success Saved package.json
Done in 0.12s.
yarn add v1.22.19
info No lockfile found.
[1/4] Resolving packages...
⠁ (node:31600) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 2 new dependencies.
info Direct dependencies
└─ uri-js@4.4.1
info All dependencies
├─ punycode@2.3.0
└─ uri-js@4.4.1
Done in 0.39s.
MikeMcC399 commented 10 months ago

@stheine

Did you get the deprecation warning when you were running uri-js or when you were installing it?

If it was an installation warning, were you using Yarn Classic v1 and Node.js 21.x to install uri-js?

wolfgangwalther commented 10 months ago

Did you get the deprecation warning when you were running uri-js or when you were installing it?

I get a lot of those warnings when running code (jest tests via node).

Seems like the following line will always import the deprecated core module:

https://github.com/garycourt/uri-js/blob/a1acf730b4bba3f1097c9f52e7d9d3aba8cdcaae/src/uri.ts#L39

Also see this hint in the punycode repo:

⚠️ Note that userland modules don't hide core modules. For example, require('punycode') still imports the deprecated core module even if you executed npm install punycode. Use require('punycode/') to import userland modules rather than core modules.

Edit: However, just tried import punycode from "punycode/"; - this fails with the following when trying to build:

src/uri.ts(39,22): error TS2307: Cannot find module 'punycode/'.
wolfgangwalther commented 10 months ago

Ah, according to https://github.com/mathiasbynens/punycode.js/issues/122, the same package is also published as punycode.js on npm to avoid the name conflict.

MikeMcC399 commented 10 months ago

@wolfgangwalther

I'm not certain that the warnings are coming from uri-js.

With uri-js-test.js

const URI = require("uri-js");

console.log(URI.parse("uri://user:pass@löwenbräu.com:123/one/two.three?q1=a1&q2=a2#body"));

I see no warning

$ node -v
v21.1.0
$ node uri-js-test.js
{
  scheme: 'uri',
  userinfo: 'user:pass',
  host: 'l%C3%B6wenbr%C3%A4u.com',
  port: 123,
  path: '/one/two.three',
  query: 'q1=a1&q2=a2',
  fragment: 'body',
  reference: 'uri'
}

Do you have any logs showing that the warning is coming from uri-js?

wolfgangwalther commented 10 months ago

Right. I was mislead by uri-js being the only dependency I have that has punycode listed as a dependency. But looking at this with NODE_OPTIONS=--trace-deprecations in fact, this seems to originate somewhere else.

stheine commented 9 months ago

ok, thanks, I understand now, that I submitted this issue into the wrong project, as uri-js already uses the userland package. using the --trace-deprecation I found the correct package to ask for an update in my case. thanks and ok to close this issue.

MikeMcC399 commented 9 months ago

@stheine

It's good you were able to confirm!

You should be able to close the issue yourself.

The Close button is normally shown down below ⬇️ if you are the Author of the issue.

domdomegg commented 8 months ago

I'm not sure uri-js is using the userland package. It requires punycode instead of punycode/ (or punycode.js). I think this needs fixing in uri-js.

domdomegg commented 8 months ago

I've opened a PR to fix this here: https://github.com/garycourt/uri-js/pull/95

andreinwald commented 4 months ago

97 - replacement for this library

ildella commented 3 months ago

Maybe the problem is the way it is required, as according to https://github.com/mathiasbynens/punycode.js: 

⚠️ Note that userland modules don't hide core modules. For example, require('punycode') still imports the deprecated core module even if you executed npm install punycode. Use require('punycode/') to import userland modules rather than core modules.
MikeMcC399 commented 3 months ago

@ildella

You may be in the wrong repository with your problem. Could you set

export NODE_OPTIONS='--trace-deprecation'

then execute the instructions where you saw the warning and then post the instructions and the output here?

ildella commented 3 months ago

The quote is from the punycode.js README, not some output I get on my machine.