Outdated Dependency `punycode`

Question

Outdated Dependency `punycode`

Opened this issue 2 months ago · 2 comments

Reported internally, we use an outdated dependency:

Dependency chain:

=> Found "punycode@2.1.1"
info Reasons this module exists
   - "eslint#ajv#uri-js" depends on it
   - Hoisted from "eslint#ajv#uri-js#punycode"

Answer 1 · 2024-09-06T13:52:31.000Z

Bumping eslint should do the trick. I'm gonna give this a quick try

Answer 2 · 2024-09-06T14:43:25.000Z

So this was a bit tricky to determine but I think I now got to the botttom of this warning:

whatwg-url imports the node native version of punycode which is deprecated. Dependency tree of whatwg-url

└─> npm ls whatwg-url                                       
└─┬ @sentry/wizard@3.28.0
  └─┬ @sentry/cli@1.77.3
    └─┬ node-fetch@2.7.0
      └── whatwg-url@5.0.0

Actually, even with the newest eslint version, this is still an open issue for anyone using Node 21/22: eslint/eslint#17733.

So looks like we need to resolve this in Sentry CLI 🤔