Deprecation Warning: punycode Dependency via uri-js

[camiloux]

Version 8.12.0, Node 21.2.0, using npm.

Hi there, I wanted to raise an issue regarding uri-js dependency, which uses punycode under the hood, which has been deprecated.

While working with ajv, I've noticed deprecation warnings related to the usage of the punycode module through its dependency on uri-js. It seems uri-js hasn't been updated for three years, causing these warnings.

├─┬ [email protected] │ └─┬ [email protected] │ └── [email protected]

Just thought I'd bring this up for consideration. Thank you for your work on ajv!

[domdomegg]

I've opened a PR to fix this in uri-js, the package ajv depends on here: https://github.com/garycourt/uri-js/pull/95

[ThatOneCalculator]

Since uri-js seems to be unmaintained, maybe ajv should use a fork of uri-js (i.e. the repo maintained by domdomegg)

[kibertoad]

@ThatOneCalculator I've created a fork that addresses this problem: https://github.com/kibertoad/toad-uri-js

Happy to invite ajv folks to co-maintain if there is interest.

[ttodua]

any update on this? @kibertoad did you have any response from ajv devs?

[andreinwald]

Hi there, I created a replacement for library uri-js as temporal solution.

• Based on Node.js and browser URL api
• 99% compatible with original URI.js library
• Solves "The punycode module is deprecated" warning in Node
• Tested with libraries: ESLint, Webpack, Ajv (runned all Ajv tests)

https://github.com/andreinwald/uri-js-replace

You can add to package.json of your project:

"overrides": {
    "uri-js": "npm:uri-js-replace"
 }

[Niek]

@jasoniangreen Any chance to switch over the dependency to uri-js-replace?

[jasoniangreen]

Hi @Niek thanks for your suggestion but I think this will be our most likely move. We already have fast-uri as a second option in the codebase/docs so it makes sense to switch it to be the default.

[jasoniangreen]

Closed as we are moving to fast-uri

[kibertoad]

@jasoniangreen fast-uri was reverted. What is the plan now?