-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
url: runtime deprecate url.parse #55017
url: runtime deprecate url.parse #55017
Conversation
Review requested:
|
800bb15
to
0d329fc
Compare
I don't think this is used for new code and there are a lot of unmaintained but perfectly working and safe modules that will be affected by this for no good reason. |
Even in the deprecation note says that it's not recommended and safe to use it. How can it be safe? url.parse() can result in unwanted/unexpected outputs. |
It is perfectly safe when used on trusted and well defined inputs. For example, there is nothing wrong with |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #55017 +/- ##
========================================
Coverage 88.40% 88.41%
========================================
Files 653 653
Lines 187600 187484 -116
Branches 36117 36091 -26
========================================
- Hits 165854 165755 -99
+ Misses 14974 14967 -7
+ Partials 6772 6762 -10
|
I am neutral here, but can you elaborate what you mean by 'affected'? |
For example, the |
I think we should be doing what we have done for Buffer, emitting a warning only if the code is not inside node_modules. |
I agree with Matteo here. This will be super disruptive. Let's limit the warning only to modules not inside node_modules. |
a023939
to
9a558bf
Compare
I updated the code as recommended. Thank you for the reviews! |
9a558bf
to
4a2cce2
Compare
Looks like there are some tests that need updating |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
but CI is failing
4a2cce2
to
7edf095
Compare
|
d6d2410
to
1d1bcd9
Compare
1d1bcd9
to
8c9989e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
still lgtm
Related test failure:
|
Commit Queue failed- Loading data for nodejs/node/pull/55017 ✔ Done loading data for nodejs/node/pull/55017 ----------------------------------- PR info ------------------------------------ Title url: runtime deprecate url.parse (#55017) ⚠ Could not retrieve the email or name of the PR author's from user's GitHub profile! Branch anonrig:runtime-deprecate-url-parse -> nodejs:main Labels url, semver-major, deprecations, needs-ci Commits 2 - url: runtime deprecate url.parse - fix test Committers 1 - Yagiz Nizipli <yagiz@nizipli.com> PR-URL: https://github.com/nodejs/node/pull/55017 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/55017 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> -------------------------------------------------------------------------------- ℹ This PR was created on Thu, 19 Sep 2024 19:40:10 GMT ✔ Approvals: 3 ✔ - Matteo Collina (@mcollina) (TSC): https://github.com/nodejs/node/pull/55017#pullrequestreview-2378667703 ✔ - Marco Ippolito (@marco-ippolito) (TSC): https://github.com/nodejs/node/pull/55017#pullrequestreview-2379246574 ✔ - James M Snell (@jasnell) (TSC): https://github.com/nodejs/node/pull/55017#pullrequestreview-2380649916 ✔ Last GitHub CI successful ℹ Last Full PR CI on 2024-10-20T16:41:32Z: https://ci.nodejs.org/job/node-test-pull-request/63220/ - Querying data for job/node-test-pull-request/63220/ ✔ Last Jenkins CI successful -------------------------------------------------------------------------------- ✔ No git cherry-pick in progress ✔ No git am in progress ✔ No git rebase in progress -------------------------------------------------------------------------------- - Bringing origin/main up to date... From https://github.com/nodejs/node * branch main -> FETCH_HEAD ✔ origin/main is now up-to-date - Downloading patch for 55017 From https://github.com/nodejs/node * branch refs/pull/55017/merge -> FETCH_HEAD ✔ Fetched commits as c124cfb4facb..76c97932e55b -------------------------------------------------------------------------------- [main dff1620ae5] url: runtime deprecate url.parse Author: Yagiz Nizipli <yagiz@cloudflare.com> Date: Thu Sep 19 15:38:25 2024 -0400 3 files changed, 8 insertions(+), 4 deletions(-) [main fb8ddd6cdc] fix test Author: Yagiz Nizipli <yagiz@nizipli.com> Date: Sat Oct 19 12:54:22 2024 -0400 1 file changed, 5 insertions(+), 5 deletions(-) ✔ Patches applied There are 2 commits in the PR. Attempting autorebase. Rebasing (2/4) Executing: git node land --amend --yes --------------------------------- New Message ---------------------------------- url: runtime deprecate url.parsehttps://github.com/nodejs/node/actions/runs/11428689062 |
Landed in 11fbdd8 |
PR-URL: nodejs#55017 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: nodejs#55017 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
We documentation-only deprecated URL.parse on v18, almost 2 years ago. Without a runtime deprecation people will continue to use it and be exposed to security flaws. This is a nudge on the direction for a possible EOL in 3-5 years?
cc @nodejs/tsc