fix: Update punycode import path

[wrobinson91]

With later Node versions, deprecation warnings began to appear about changing the import path to avoid using core modules, instead to use userland modules. This follows the advice for punycode's most recent version (v2.3.1). This should ideally be applied for a v3.0.1 tag so a number of active packages can remove this warning.

[rotemdan]

I don't understand this pull request, and in general, what is going on with the punycode dependency of this package.

There are still deprecation warnings related to the latest version of this package on Node 22, despite several claims on the issue tracker there shouldn't be.

On January 23, 2023, there was already a change that adds a trailing slash to the import, so I'm not sure what this pull request does.

In any case, I don't understand what this trailing slash means, and how is it going to change things.

The trailing slash is there in the latest version and there is still a deprecation message:

(node:28376) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a
userland alternative instead.

So let's try to actually resolve this issue once and for all. It's been going on for years.

Is it this causing it?

  "dependencies": {
    "punycode": "^2.3.1"
  },

npm-why tr46

  Who required tr46:

  echogarden > jsdom > data-urls > whatwg-url > tr46@5.0.0
  echogarden > jsdom > whatwg-url > tr46@5.0.0

In case this package not the cause of the message, then maybe Node is getting confused between its built-in punycode and this particular package?

I don't really get what is going on here. A simple solution would have been not to name the npm package with an identical name to the built-in one.

[rotemdan]

I think I might be getting to something here.

Turns out this particular package, at its current version, does not produce the warning, since it does add the trailing slash. I tried to install it in an empty project and it didn't produce a warning.

It just makes it seem like it because it requires an npm package caled punycode and automated tools like npm-why keep pointing to it.

The problem is that the name punycode is ambiguous with a deprecated internal node module, and the tools cannot recognize imports of problematic internal node modules.

Using code search in VSCode for punycode I identified that two unrelated imports required the built-in punycode:

• tr46 (older version): a dependency of node-fetch
• whatwg-url (older version): a dependency of tough-cookie

Not sure how to fix those, but I don't think this pull request would help.

Edit:

Suggestion for adding:

	"overrides": {
		"whatwg-url": "^14.0.0"
	}

To package.json in my project, did help remove the warning. That's the only workaround I could find so far.

[domenic]

Closing as a duplicate of many, many other PRs where people are using the wrong version of the package.