node-yahoo-finance2 icon indicating copy to clipboard operation
node-yahoo-finance2 copied to clipboard

Published 20 hours ago verified publisher icon gadicc

Deprecate punycode

Open simoneb opened this issue 5 months ago • 4 comments

Feature Request

Wanted Feature

Not exactly a feature, but it didn't feel like a bug either. Punycode bundled with Node.js is deprecated, and the recommendation is to switch to a user-land module: https://github.com/mathiasbynens/punycode.js

(node:13300) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.

Use Cases

Simply avoiding the deprecation warning in the terminal

simoneb avatar Mar 18 '24 15:03 simoneb

Hey @simoneb, thanks for the report and getting this on our radar.

Unfortunately this is a little more complicated than it appears, as we don't use punycode directly in the project, it's being used by one of our dependencies (or their dependencies, etc). So we'd have to find it and address with relevant project.

I think it might be used in ajv which is a little more complicated, and we're a bit out of date with that package as more recent versions broke for us, and I ran out of time to find the exact issue and report upstream.

In any event, thanks for bringing this to our attention :pray:

gadicc avatar Mar 19 '24 12:03 gadicc

No worries, if it's of any help, a quick grep on the codebase reveals that it's being used by these packages:

  • tr46
  • whatwg-url
  • psl

And why those are being used can be revealed by running npm why {package}.

I suspect that it might be simpler than expectd to migrate away.

simoneb avatar Mar 19 '24 14:03 simoneb

A little more research reveals that recent versionf of the first 2 should already be good to go, wherease psl remains as the one that needs to migrate away from punycode, but the package hasn't had activity in a relatively long time. I wonder if there's any way that you can get away without using it in the first place.

simoneb avatar Mar 19 '24 14:03 simoneb

Hey again @simoneb; thanks for all your time and research here :pray:

Ok that sounds really positive. psl is used by tough-cookie. We're using their latest stable release of that (v4.1.3) but looking at their repo, they have an rc1 out (for v5.0) which no longer includes psl and uses punycode directly instead. So I think as soon as that is formally released, we could completely remove any (indirect) dependency we have on the deprecated built-in punycode, and get rid of the warning.

Thanks again for raising the issue!

gadicc avatar Mar 21 '24 09:03 gadicc