MikeMcC399
commented
1 month ago @i8-pi
This isn't a topic that Yarn can help you with.
As you already wrote, the problem was solved in later versions of normalize-url.
Closed i8-pi closed 4 weeks ago
MikeMcC399
commented
1 month ago @i8-pi
This isn't a topic that Yarn can help you with.
As you already wrote, the problem was solved in later versions of normalize-url.
i8-pi
commented
1 month ago normalize-url is a direct dependency of yarn, not the project I'm installing
https://github.com/yarnpkg/yarn/blob/740c38c3a962c30ddb344a919bbfb7065620714b/package.json#L38
This warning shows when my project doesn't include normalize-url at all
# In an empty directory
$ yarn add cookie
yarn add v1.22.22
info No lockfile found.
[1/4] Resolving packages...
⠁ (node:26263) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
at node:punycode:3:9
at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:398:7)
at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:337:10)
at loadBuiltinModule (node:internal/modules/helpers:96:7)
at Module._load (node:internal/modules/cjs/loader:1037:17)
at Module.require (node:internal/modules/cjs/loader:1271:19)
at require (node:internal/modules/helpers:123:16)
at Object.<anonymous> (/usr/lib/node_modules/yarn/node_modules/normalize-url/index.js:3:18)
at Module._compile (node:internal/modules/cjs/loader:1434:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1518:10)
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
info Direct dependencies
└─ cookie@0.6.0
info All dependencies
└─ cookie@0.6.0
Done in 0.56s.@i8-pi
I apologize for my misunderstanding and thanks for pointing out where normalize-url is used by Yarn v1. I can't actually reproduce the issue in my environment though, so I should let the experts take a look!
i8-pi
commented
4 weeks ago I tried again but with a fresh build of yarn from the repo, instead of the one packaged by my distro (arch), and I can't reproduce the warnings. I will see if I can come up with a reproduction that works with a fresh build, and close this issue for now
i8-pi
commented
3 weeks ago From what I can tell, yarn does depend on the deprecated node builtin punycode through normalize-url and other packages, but when building with yarn build-dist, it tweaks the module resolution logic within webpack so the webpack bundle always resolves to the node_modules version of punycode instead of the node builtin one.
The arch package doesn't run yarn build-dist, but instead does yarn build and copies the resulting lib/ and node_modules/ into place. So webpack isn't run at all, and in the arch package any require('punycode') statements resolve to the node builtin one
I don't expect the arch workflow to be considered supported. Just writing this down for anyone curious about the issue
hasezoey
commented
3 weeks ago i have created a issue downstream, posting it here for reference: https://gitlab.archlinux.org/archlinux/packaging/packages/yarn/-/issues/2, will likely not be fixing this myself as i dont know enough about yarns build system.
The (deprecated) node builtin punycode is being requested through
yarn->normalize-urlv2 ->punycodeThe warning is triggered by running
yarn installwithout a yarn.lock or with an outdated yarn.lock with major version changes on some packagesI tried upgrading to
normalize-urlv3 and it doesn't trigger the warning, but it swaps out punycode for node's builtinURLimplementation, which bumps up the node version requirement to v6, and may have introduced user visible changes because the behaviour is different. Not sure if there is a good way to handle this