webpack-dev-server
webpack-dev-server copied to clipboard
webpack
Deprecation warning for http-proxy 'util._extend'
Bug report
Deprecation warning for dependency http-proxy 1.18.1
Actual Behavior
When using npm start script, I get a warning :
The 'util._extend' API is deprecated. Please use Object.assing() instead.
How Do We Reproduce?
Using the node --trace-deprecation in start script, it directs to : node_modules/http-proxy/lib/http-proxy/index.js
Results of npx webpack-cli info
System: OS: Linux 4.18 Rocky Linux 8.10 (Green Obsidian) CPU: (12) x64 Intel(R) Core(TM) i7-10710U CPU @ 1.10GHz Memory: 10.02 GB / 31.11 GB Binaries: Node: 22.8.0 - ~/.nvm/versions/node/v22.8.0/bin/node npm: 10.8.2 - ~/.nvm/versions/node/v22.8.0/bin/npm Browsers: Brave Browser: 128.1.69.168 Chrome: 130.0.6710.0 Packages: angular-router-loader: ^0.8.5 => 0.8.5 babel-loader: ^9.1.0 => 9.2.1 compression-webpack-plugin: ^11.1.0 => 11.1.0 copy-webpack-plugin: ^12.0.2 => 12.0.2 css-loader: ^7.1.2 => 7.1.2 css-minimizer-webpack-plugin: ^7.0.0 => 7.0.0 css-to-string-loader: github:ekopranototjoa/css-to-string-loader => 0.1.3 eslint-webpack-plugin: ^4.0.1 => 4.2.0 extract-loader: ^5.1.0 => 5.1.0 file-loader: ^6.0.0 => 6.2.0 html-loader: ^5.1.0 => 5.1.0 html-webpack-plugin: ^5.6 => 5.6.0 json-loader: ^0.5.3 => 0.5.7 null-loader: ^4.0.0 => 4.0.1 postcss-loader: ^8.1.1 => 8.1.1 style-loader: ^4.0.0 => 4.0.0 url-loader: ^4.1.0 => 4.1.1 webpack: ^5.89.0 => 5.94.0 webpack-cli: ^5.1.4 => 5.1.4 webpack-dev-server: ^5.1.0 => 5.1.0 webpack-merge: ^6.0.1 => 6.0.1
http-proxy-middleware was updated. They have a migration guide.
As they mention in this issue, the problem comes from http-proxy (#1674), which is not maintained anymore and hasn't been updated for 4 years.
But as mentioned, the vite team has decided for a patch.
So @Anubhab2003 maybe using pnpm or patch-package is a suitable solution in the mean time.
We will update http-proxy for the next major release, just ignore it now, because it doesn't breaking anything
We will update http-proxy for the next major release, just ignore it now, because it doesn't breaking anything
The package hasn't been updated in 4 years and is searching for maintainers. Others decided for a patch. Just mentioning.
@davidenke If you wan't to send a patch - feel free to send a PR
Sure. ~~But it's still a unmaintained dependency then~~. There already is a PR addressing this, but there hasn't been a release in 5 years.
Maybe it would make sense to pin the commit containing the relevant change in the mean while?
@davidenke
Maybe it would make sense to pin the commit containing the relevant change in the mean while?
What do you mean?
@alexander-akait I mean setting http-proxy as dependency explicitly by pinning the commit in the PR in the package.json.
Alternatives
Patching would mean to introduce tooling and thus new dependencies like patch-package.
Searching for an alternative to http-proxy-middleware, which perhaps would lead to breaking changes.
Or just waiting for new maintainers for http-proxy, or that the http-proxy-middleware authors come up with an alternative.
Seems, that problem is in the spdy package. It has several lines util._extend() in the source code.
spdy already is not supported (last commit was 5 years ago, no reaction on issues) and this issue will never be fixed.
Do we really need this package, why not just use standard features?
We don't use http-proxy directly, we use http-proxy-middleware, make sense to open an issue in https://github.com/chimurai/http-proxy-middleware/ and ask them to switch another package
Created an issue to migrate to http-proxy-3: https://github.com/chimurai/http-proxy-middleware/issues/1136
