Replace `uri-js` abandoned dependency
Closed this issue · 3 comments
This is not exactly an installation issue but it may become one.
The uri-js package is unmaintained and abandoned: garycourt/uri-js#96
This is also a kown security issue: #1978
This dependency should be replaced (maybe with https://github.com/andreinwald/uri-js-replace or maybe with something else).
The version of Ajv you are using
6.12.6
Operating system and node.js version
Reproduce on Linux, MacOS and Windows
Package manager and its version
npm@10.8.2
Link to (or contents of) package.json
uri-js:4.4.1
Line 108 in f06766f
Error messages
Warning message at runtime (will break with future node versions):
(node:81876) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Ah yes, interesting point. We recently moved over the actual default uri lib to fast-uri but there was always tests for both of them in the repo. Right now the old uri-js is not being used by default, but it is in the repo. I will have a look at removing it, I don't think it adds much value anymore.
Oh and I see you are using AJV 6.12.6? If you update to the latest you'll find we've changed it to fast-uri.
@jasoniangreen thanks for clarifying! eslint is pinned to ajv@6.12.6 and it seems it was decided not to upgrade to v8. However there's this chore and this PR either of which would replace uri-js with fast-uri. Just FYI if people report the DeprecationWarning from eslint
Thanks for the extra context @HowieG - So if this is specifically due to eslint using an old version of AJV then I will close this ticket as there's not much to be done. If, however, we are finding that even having uri-js as a DEV dependency is causing problems, then please let me know and I will reopen.