-
Notifications
You must be signed in to change notification settings - Fork 29.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
url: runtime deprecate url.parse #55017
base: main
Are you sure you want to change the base?
Conversation
Review requested:
|
800bb15
to
0d329fc
Compare
I don't think this is used for new code and there are a lot of unmaintained but perfectly working and safe modules that will be affected by this for no good reason. |
Even in the deprecation note says that it's not recommended and safe to use it. How can it be safe? url.parse() can result in unwanted/unexpected outputs. |
It is perfectly safe when used on trusted and well defined inputs. For example, there is nothing wrong with |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #55017 +/- ##
=======================================
Coverage 88.04% 88.04%
=======================================
Files 652 652
Lines 183764 183753 -11
Branches 35862 35859 -3
=======================================
- Hits 161787 161782 -5
+ Misses 15233 15223 -10
- Partials 6744 6748 +4
|
I am neutral here, but can you elaborate what you mean by 'affected'? |
For example, the |
We documentation-only deprecated URL.parse on v18, almost 2 years ago. Without a runtime deprecation people will continue to use it and be exposed to security flaws. This is a nudge on the direction for a possible EOL in 3-5 years?
cc @nodejs/tsc